SentinelOne's Singularity product family is a subscription-based, cloud-centric threat management platform that includes AI software and expert services to provide comprehensive endpoint detection and response (Singularity EDR) and extended detection and response (Singularity XDR). SentinelOne's compact software agents can be installed in minutes to defend endpoints against increasingly sophisticated cyberthreats including ransomware, familiar and zero-day malware, trojans, hacking tools, memory exploits, script misuse, pernicious macros, and living-off-the-land attacks. Agents are available for Windows, macOS, Linux, and Kubernetes endpoints. Supported form factors include physical, virtual, VDI, customer data centers, hybrid data centers, and cloud service providers. Because SentinelOne agents are autonomous, they can provide advanced behavior-based protection in real time even when endpoints are not cloud connected.
Progent is a certified SentinelOne Partner and reseller and manages thousands of endpoints protected by SentinelOne technology. SentinelOne is always the first incident response tool deployed by Progent to gain control and visibility of a client's network during a ransomware recovery emergency. SentinelOne is also the key technology behind Progent's Active Security Monitoring services. SentinelOne was recognized as a Leader in Gartner's 2022 Magic Quadrant for Endpoint Protection Platforms and scored the most analytic detections in the MITRE ATT&CK Phase 4 Evaluation. According to Gartner's assessment, "This reaffirms its (SentinelOne's) ability to detect all attacks and provide full details of the techniques and tactics used." SentinelOne also outscored all competition for every use case in Gartner's assessment of Critical Capabilities for Endpoint Protection Platforms (EPPs).
Singularity Packages for SentinelOne Endpoint Security
SentinelOne's Singularity family includes three tiers of endpoint protection product bundles delivered as a global SaaS platform that features high availability, hierarchical policy management by site and group, AI driven threat intelligence, fast recovery, and data-driven dashboard security analytics. Bundles include Core, Control, and Complete. The higher tiers are additive. Control and Complete include all the features and options of the tier below it. Pricing starts at $5 per endpoint per month for small customers with appropriate discounts for larger deployments. There is no minimum device requirement.
Singularity Core provides basic anti-virus (AV) and next-generation anti-virus (NGAV) capability and offers rudimentary Endpoint Detection and Response (EDR). Standard features include:
Options for the Singularity Core bundle include live global asset inventory and advanced ML device fingerprinting via the Singularity RANGER package, elimination of agent deployment gaps with p2p job automation via the Singularity RANGER PRO package, rogue device discovery, and cloud workload security for Kubernetes and VMs plus cloud provider metadata integration via the Singularity Cloud package. (Note: SentinelOne Singularity Core is not currently offered by Progent. This product does not include threat visibility options required by Progent to co-manage the security of the client environment.)
- Autonomous Sentinel agent Storyline engine
- Integrated static AI and SentinelOne Cloud Intelligence file-based attack prevention
- Behavioral AI fileless attack detection
- Autonomous Threat Response / Kill, Quarantine (Win, Mac, Linux)
- Autonomous Remediation Response / 1-Click, no scripting (Win, Mac)
- Autonomous Rollback Response / 1-Click, no scripting (Win)
- Quarantine device from network
- Incident Analysis (MITRE ATT&CK, timeline, explorer, team annotations)
- Agent anti-tamper
- App inventory
Singularity Control includes all the standard features and options of the Core bundle and adds features for improving endpoint management including secure remote shell, firewall control with location awareness (Win, Mac, Linux), device control for USB and Bluetooth peripherals (Win, Mac), and management for apps with known vulnerabilities mapped to the MITRE CVE database.
Options for the Singularity Control bundle include the ability to isolate suspicious and malicious devices via the Singularity RANGER package plus automated app control for Kubernetes via the Singularity Cloud package.
Singularity Complete offers single-agent, enterprise-grade prevention, detection, response and hunting across endpoint, cloud, and IoT. The package saves significant time for security administrators, SOC analysts, threat hunters, and incident responders by automatically correlating telemetry and mapping it into the MITRE ATT&CK CVI framework. Complete offers an advanced EDR feature set that includes:
Options for the Singularity Complete bundle include Cloud Funnel for copying endpoint telemetry from SentinelOne's cloud to your data lake, the ability to upload malicious and benign executables to the SentinelOne cloud for automated analysis, and automated App control for Linux VMs.
- Storyline technology for automatic correlation and contextualization of alerts for fast root cause analysis (RCA)
- Storyline Active Response (STAR) mitigates new and emerging zero-day threats with custom detection and automated hunting rules
- Integrated ActiveEDR visibility to both benign and malicious data
- Deep visibility Storyline pivot and hunt by MITRE ATT&CK technique
- EDR Hunting Data retention options from 14 days standard to 365 days optional
- File integrity monitoring
- Timelines, remote shell, file fetch, sandbox integrations
Vigilance Respond MDR Services
Vigilance Respond and Vigilance Respond Pro are optional Managed Detection and Response (MDR) service programs for subscribers to the Singularity Complete bundle. These packages include full 24x7 incident response provided by Tier-1, Tier-2, and Tier-3 cybersecurity experts. Vigilance Respond services include validation of threats, event prioritization and triage, false positive handling and dashboard cleanup, proactive threat deactivation, accelerated threat resolution, management reporting, SLAs, and escalation back to the customer's cybersecurity organization. Pricing averages around $17 per device per month and there is no minimum device requirement.
Vigilance Respond Pro adds a 2x faster SLA, assigned incident response case managers, root cause analysis, incident-driven threat hunting, digital forensics with malware reversing, containment and eradication, comprehensive security assessment, plus post-mortem consultation. In most cases Vigilance Respond Pro interprets and resolves threats in minutes and only contacts customers for urgent matters. Because most of these services do not require the participation of the Vigilance Respond subscriber, customers are able to focus on strategic projects rather than day-to-day security issues.
Vigilance MDR analysts classify detected threat alerts according to a hierarchy ranging from Benign to Urgent True Positive. This classification determines the Vigilance analyst's response. There are five categories of threats and associated responses. Most alerts require no action by the customer.
Benign Alert - False Positive
Vigilance resolves the issue and annotates the SentinelOne dashboard. For isolated False Positive alerts, no additional actions or notifications are required. For repeated False Positive alerts, Vigilance will escalate the issue to the customer to offer or approve an appropriate exclusion or agent upgrade as needed.
Malicious Alert - True Positive Non-Urgent, Potentially unwanted Program (PuP)
Vigilance takes action to ensure the threat is blocklisted, resolved, and annotated. Usually, no notification will be sent to the customer unless the issue calls for follow up activity.
Malicious Alert - True Positive / No Action Needed
Vigilance takes appropriate actions including remediation to ensure the threat is isolated. Once the SentinelOne analyst verifies the threat is eliminated, the analyst will send a confirmation notice to the customer.
Malicious Alert - True Positive Non-Urgent / Action Needed
Vigilance takes appropriate actions including Remediation to ensure the threat is isolated. Once the SentinelOne analyst verifies the threat is eliminated, the analyst will send a notification to the customer. Subsequent procedures like re-imaging may be called for in certain cases.
Malicious Alert - True Positive Urgent / Action Needed
Vigilance may respond aggressively in high priority breach cases including taking agent remediation actions and disconnecting affected network devices to isolate the attack and prevent further lateral movement and spread. The Analysts will send a proactive notification alerting the customer to the situation and request immediate response.
Download Progent's Singularity Control and Complete Comparison Datasheet
To download a single-page printable datasheet in PDF format comparing SentinelOne's Singularity Control and Singularity Complete endpoint detection and response products, click:
Progent's Singularity Control and Singularity Complete EDR Comparison Datasheet. (PDF - 340 KB)
The Progent Advantage
Progent's team of more than 150 consulting professionals includes certified experts in every aspect of information technology related to small and mid-size businesses. With this breadth of expertise, Progent can be your one-stop source for integrating a comprehensive security solution that delivers immediate business value. In addition to the endpoint protection provided by SentinelOne products and services, Progent offers a variety of managed services and specially-priced support packages designed to help small and mid-size businesses to deploy, validate, and manage networks that feature enterprise-class information assurance and low total cost of ownership (TCO).
Progent has expertise in all the endpoints, servers and virtual machines that can be protected by SentinelOne products and offers services that include Windows 11 planning and migration consulting, Windows 10 integration, Linux support, Mac OS X and macOS consulting, iPhone and iPad configuration, Android integration, Windows Server 2022 integration expertise, Windows Server 2019 migration consulting, Hyper-V virtualization support, and VMware vSphere consulting. For single-click or manual rollback capability, Progent's Windows Server consultants can help you set up Windows Volume Shadow Copy Service (VSS). Progent can also provide online and onsite access to certified Cisco CCIE consultants to help you plan, protect or troubleshoot your network infrastructure. If your network incorporates cloud resources, Progent offers the guidance of Microsoft Azure consultants, Amazon AWS experts, and Google Cloud integration consultants.
Contact Progent about SentinelOne Sales and Integration Services
To find out more about how Progent can help you purchase or integrate SentinelOne technology, call 1-800-993-9400 or visit Contact Progent.
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is designed to guide organizations to take the urgent first phase in responding to a ransomware attack by putting out the fire. Progent's remote ransomware engineer can help you to locate and quarantine infected devices and guard undamaged resources from being penetrated. If your network has been penetrated by any strain of ransomware, don't panic. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800. For details, see Progent's Ransomware 24x7 Hot Line.