We performed a comparison between Crowdstrike Falcon and SentinelOne based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, SentinelOne seems to be a slightly superior solution. All other things being more or less equal, our reviewers found Crowdstrike Falcon to be expensive, and some reviewers also felt that its technical support could be improved.
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us."
"Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts."
"The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."
"The most valuable feature is signature-based malware detection."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world... Because Secure Endpoint has a connection to it, we get protected by it right then and there."
"CrowdStrike Falcon is effortless to use, and it's a cloud-specific platform. You only need to deploy the light agents on the licensed endpoints, and you're ready to work. Your dashboards will tell you the number of the endpoints being protected and the incidents. There are also incident dashboards with alerts that will tell you about the details."
"The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution."
"It's very easy to set up."
"The most valuable features of CrowdStrike Falcon are the AI in detecting and real-time detections."
"The most valuable features in CrowdStrike Falcon are the full EDR with antivirus, hunting, reporting, and RTR remote control."
"The solution has improved my organization by automating the detection and reporting of unwanted applications so we're aware of them and can respond appropriately."
"I have found the connection to search the hosts for detections very useful in CrowdStrike Falcon."
"The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."
"The ability to get queries by pressing the "tab" button is a plus for SentinelOne."
"Offers good protection against ransomware."
"It is a good endpoint solution. That's the reason we chose it. We looked at other solutions, such as CrowdStrike, and based on the cost and the services it delivers, it was the better choice."
"Sentinel One has improved our organization by protecting the environment we are working in."
"The setup is very straightforward."
"The XDR capability is quite good."
"The initial setup is very straightforward and easy."
"The Storyline feature has significantly affected our incident response time. Originally, what would take us hours, now it takes us several minutes."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"It could be improved in connection with artificial intelligence and IoT."
"This product has issues with the number of false positives that it reports."
"The GUI needs improvement, it's not good."
"An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"Technical support could be better than what is currently offered."
"This solution could be improved with greater scope for admins to make changes to the solution."
"The console is a little cluttered and at times, finding what you're looking for is not intuitive."
"I would like to see a more accurate integration and an option to check the local machine."
"The price is too high."
"I would also like to see the endpoint firewall component produce some level of logging and feedback."
"It can be expensive depending on the features you select."
"Some reports could be better."
"The update process can be better. It is very easy to deploy, but over a long period, the updating process can be a little messy. In some EDR solutions, you end up with a very good mechanism to push new versions. It could do with a little work in that area. It is not particularly difficult, but it could do with a little work."
"There is room for improvement with the management interface. It could be more user friendly."
"All is good for now, but we cannot rest, and continuous development - in particular with regard to the areas of automation, machine learning, and artificial intelligence - is required to keep ahead of the cybercriminals."
"All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers."
"SentinelOne could improve by creating an autopilot or automated way to roll out the solution more efficiently which would be helpful."
"It is difficult to manage users in SentinelOne."
"SentinelOne could improve by reducing the price."
More Crowdstrike Falcon Endpoint Security and XDR Pricing and Cost Advice →
Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.
Crowdstrike Falcon Endpoint Security and XDR is ranked 2nd in EPP (Endpoint Protection for Business) with 56 reviews while SentinelOne is ranked 3rd in EPP (Endpoint Protection for Business) with 50 reviews. Crowdstrike Falcon Endpoint Security and XDR is rated 8.6, while SentinelOne is rated 8.6. The top reviewer of Crowdstrike Falcon Endpoint Security and XDR writes "Speeds up the data collection for our phishing playbooks dramatically". On the other hand, the top reviewer of SentinelOne writes "Provides deep visibility, helpful and intuitive interface, effectively prevents ransomware attacks ". Crowdstrike Falcon Endpoint Security and XDR is most compared with Microsoft Defender for Endpoint, Darktrace, Cortex XDR by Palo Alto Networks, Trend Micro Deep Security and Trend Micro XDR, whereas SentinelOne is most compared with Microsoft Defender for Endpoint, Darktrace, Bitdefender GravityZone Ultra, Sophos Intercept X and Cortex XDR by Palo Alto Networks. See our Crowdstrike Falcon Endpoint Security and XDR vs. SentinelOne report.
See our list of best EPP (Endpoint Protection for Business) vendors and best EDR (Endpoint Detection and Response) vendors.
We monitor all EPP (Endpoint Protection for Business) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
We RFI/POC'd them all.
Sentinel One came out on top for every aspect of the requirements that we needed to fulfill from our architect.
That said, CrowdStrike is a good tool as well but I think ends up being more expensive. The best bang for the buck was S1.
We are currently in the process of looking for "new tools" in regards to endpoint security. We use McAfee at the moment and we lean more towards S1.
But I am interested how your POCs go. Please come back with some insight!
It really depends what you want as outcomes, reporting integration with other security technologies. Be happy to discuss.
Better, I would suggest moving it to Microsoft Defender for Endpoint, which will help more in feature.
S1 for sure.
Disconnect Falcon from the internet and it looses its ability to do anything. Falcon is still a fine product, for EDR I'd go S1.