top of page
Writer's pictureSean Doggett

What is the difference between SentinelOne Core, Control and Complete?

Updated: Jan 17, 2022

The Singularity Platform is an Edge to Edge Enterprise Security Platform.


"One platform to prevent, detect, respond, and hunt in the context of all enterprise assets. See what has never been seen before. Control the unknown. All at machine speed."


SentinelOne's single-agent technology provides solutions with three different tiers of functionality, Core, Control and Complete. All versions use machine learning and automation to prevent, detect and respond to attacks across all major vectors. In this blog post, we will outline the key differences between SentinelOne Singularity Core, Control and Complete, so you can find which licence type best fits your organisation's needs.


Each licence offers the same SaaS management console features:

  • Global SaaS implementation. Highly available. Choice of locality (US, EU, APAC)

  • Flexible administrative authentication and authorisation: SSO, MFA, RBAC

  • Administration is customisable to match your organisational structure.

  • 365 days of threat incident history

  • Integrated SentinelOne Threat Intelligence and MITRE ATT&CK Threat Indicators

  • Data-driven Dashboard Security Analytics

  • Configurable notifications by email and syslog.

  • Singularity API-driven XDR integrations (SIEM, sandbox, Slack, 3rd party Threat Intel, etc.)

  • Single API with 340+ functions

Each of the offerings builds upon the one below it.




Singularity Core is the entry-level endpoint security product, ideal for organisations who are looking to replace their legacy anti-virus with endpoint protection which is more effective and easier to manage. Core offers the features below:

  • Built-in Static AI and Behavioural AI analysis prevents and detects a wide range of attacks in real-time before they cause damage. Core protects against known and unknown malware, Trojans, hacking tools, ransomware, memory exploits, script misuse, bad macros, and more.

  • The SentinelOne agents are autonomous, which means they apply prevention and detection technology with or without cloud connectivity and will trigger protective responses in real-time.

  • Recovery is fast and gets users back and working in minutes without re-imaging and without writing scripts. Any unauthorised changes that occur during an attack can be reversed with 1-Click Remediation and 1-Click Rollback for Windows.

  • Secure SaaS management access. Choose from US, EU, APAC localities. Data-driven dashboards, policy management by site and group, incident analysis with MITRE ATT&CK integration, and more.





With the Control licence, you can expect more capabilities for those who are looking for "best-of-breed" security with the addition of security suite features for endpoint management. As mentioned before, everything you got with the Core licence, you will also get with Control. Below are some of the extra features you get from Control:

  • Firewall Control for Control of network connectivity to and from devices including location-awareness

  • Device Control for Control of USB devices and Bluetooth/BLE peripherals

  • Rogue visibility to uncover devices on the network that need Sentinel agent protection

  • Vulnerability Management, in addition to Application Inventory, for insight into 3rd party apps that have known vulnerabilities mapped to the MITRE CVE database.





If you are looking for even more, then Singularity Complete is what you need. Complete is built for enterprises that need modern endpoint protection and Control plus advanced EDR features. Below are the additional features (as well as those from Core & Control) you get with Complete:

  • Patented Storyline™ tech for fast RCA and easy pivots.

  • Integrated ActiveEDR™ visibility to both benign and malicious data.

  • 14 - 365+ historical EDR data retention + usable query speeds at scale.

  • Hunt by MITRE ATT&CK ® Technique.

  • Mark benign Storylines as threats for enforcement by the EPP function.

  • Automated StorylineTM Active Response (STAR) watchlist functions.

  • Timelines, remote shell, file fetch, sandbox integrations, and more.

 

Download the SentinelOne Datasheet to see a table comparison of the licence features:

 

To find out more about SentinelOne then take a look at our website.


For a demo of SentinelOne where you can see the capabilities of the Singularity Platform in action then book a demo here.



Keywords/Phrases: SentinelOne, Core vs Complete, Datasheet, License

23,467 views0 comments
bottom of page