"SentinelOne is really 'set and forget'. Compared to the previous solution, our team easily wins 2 days in a month."
Dries Verbruggen is IT Manager at VIGO, he tells us more about their search for the perfect Endpoint Security solution and why they chose SentinelOne.
Why were you looking for a new solution?
The license of our former solution expired. The system worked, but we had to babysit it. To such an extent that a member of our team had to spend half a day, every week, on manual interventions for signatures that were left behind, upgrades that didn't work or agents who suddenly stopped communicating with the management server. The performance of our applications also suffered from the incompatibility with the solution and then it was really time-consuming to test and fine-tune the complicated policies.
How did you end up at EASI?
Coincidentally. In the past, we had a very good experience with IntoIT (a company taken over by EASI) for a security audit. We had contacted them for a new audit. The fact that the same people still work at EASI after the takeover, and that the same people can repeat such an audit, made a good impression. By talking about this audit, we ended up at Endpoint Security and that is how SentinelOne came up for discussion.
Were you immediately convinced?
Initially, I wasn't ready to abandon the classic signature-based solution just yet, but I was curious about the Next-Gen products. Before we had a vendor that analyzes a virus and then releases an update. You know that's too late, but to be able to fully rely on a system that detects unwanted behaviour in a very generic way and protects you without having to make a definition beforehand...
Of course you realise that that's exactly the power of this new solution, but still you immediately think of all the risks. "Will our applications work well with that? Will it be invasive if it controls everything?" All I can say in retrospect is that you have to experience it. Then the objections quickly disappear and you only see the benefits.
Why did you choose SentinelOne?
After evaluating several solutions, we chose SentinelOne because of the many features not offered by other vendors. I am thinking for example of the network quarantine feature. If malware gets in, the system automatically shuts itself off from the network. This gives us time to investigate everything until it is safe again.
Or the Rollback function. If we get infected by a cryptolocker that infects one or more computers and encrypts files - which you don't have backed up because they're only locally stored on the user machine - it's great to just have a button you can push to say 'undo', and which will put everything back. These are things that just don't exist with other vendors.
In addition, we were also charmed by the very extensive exclusion options, the extensive details and the many options you can choose between in the host management and the fact that the application has an easy uninstall function via the management console.
Compared to the classic Endpoint Security products, SentinelOne scores for us in terms of the simplicity of configuration, the non-signature based way of working which makes us less dependent on continuous updates and the extensive API capabilities.
How does SentinelOne simplify your operation?
In different ways. Thanks to the cloud console, there are 1 or 2 servers less that we have to maintain ourselves. Moreover, a lot less maintenance is needed. The upgrades of the agent run smoothly. We have almost no signature or module updates anymore. In a month's time, our team wins two days! After installation, no reboot is required, we have integration with our monitoring via the API. And finally, the SentinelOne agent requires significantly less resources than our old solution. So we are rid of our weekly scans of the hard disk that put a particular strain on our systems.
This is really a set and forget solution, our IT-department does not have to babysit this product. It just works, it's simple and it's reliable. Those are the biggest advantages for me.
Is SentinelOne for you and futureproof solution?
Sure. With SentinelOne we have the feeling that our Endpoint Security is up-to-date again. We feel ready for the security challenges of the future. In addition, we are particularly convinced of the Endpoint Detection and Response (EDR) capabilities. These are well put together and give you a lot of insight into what is happening on your network, but you need to have more resources to seriously dive into them. That is why we keep this in mind for possible future expansions in that area.
How was the solution received by the people who had to work with it?
The rollout was very easy. The fear we had, that we would have to configure a lot of extra exceptions during the rollout because a lot of apps were hindered, turned out to be very unjustified. Prior to the rollout, we checked which exceptions were needed for our critical systems and servers in the SentinelOne knowledge base. The extra configuration turned out to be very limited. This simplicity in the configuration also ensured a short familiarisation period. I only had to explain the product to my team once.
How is the relationship with EASI?
For specific support of SentinelOne, you get help from very experienced engineers of SentinelOne itself. EASI doesn't really play a supporting role there. That aside, we will probably be working with EASI on security audits in the future. We have had good experiences with EASI. They are always there for us if we have any questions.