IT Central Station is now PeerSpot: Here's why

Darktrace vs SentinelOne comparison

Cancel
You must select at least 2 products to compare!
Darktrace Logo
47,229 views|30,837 comparisons
SentinelOne Logo
55,496 views|36,181 comparisons
Executive Summary
Updated on April 4, 2022

We performed a comparison between Darktrace and SentinelOne based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of both of these solutions tell us the deployment is straightforward and very simple.
  • Features: Users like Darktrace’s Antigena feature: it very quickly learns what “normal” looks like in an environment and will block anything that doesn’t belong. Darktrace can detect problematic IPs from the outside and stop attacks on the inside. Users like the Dynamic Threat Dashboard, which lists all threats and rates them, giving a clear perspective on which threats need immediate attention. Darktrace has an app that allows for mobile monitoring and viewing of information live in real time. However, many users feel endpoint protection is somewhat lacking from Darktrace. It does not react to triggers or outcomes on the device, which is problematic for businesses with large teams working remotely. The dashboards and reporting can be complicated to understand for a non-technical person and reviewers feel it should be more customizable so that recipients only see information pertinent to their role in the business.

    Users of SentinelOne appreciate that it offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to the environment is note-worthy. Sentinel One works inconspicuously in the background, continually providing protection. It has an automated active EDR that will not only find issues but can fix them. Some users feel there seem to be some applications that do not function properly when SentinelOne is installed, yet when SentinelOne is removed they work as expected. Users would like to be able to make the reporting more customizable.
  • Pricing: Users consistently feel that both solutions are costly.
  • Service and Support: Users for both of these solutions feel the service they receive is excellent. They say that both solutions provide service that is fast, professional, and extremely knowledgeable.

Comparison Results: Based on our users’ reviews, we would conclude that SentinelOne is a stronger, more secure solution than Darktrace. Reviewers say that SentinelOne offers a deeper and more thorough level of security. Additionally, SentinelOne provides equal protection across Windows, Linux, and macOS. It can also support legacy infrastructure as well as newer environments. The single-pane feature helps protect numerous endpoints with a very lean team, saving time and money.

To learn more, read our detailed Darktrace vs. SentinelOne report (Updated: June 2022).
Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
June 2022
Find out what your peers are saying about Darktrace, GFI, Vectra AI and others in Intrusion Detection and Prevention Software (IDPS). Updated: June 2022.
610,190 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports. Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk.""The most valuable feature is that it gives us visibility of rogue traffic that is on the network.""The product offers us a very good user interface and we've found the network visibility to be very good so far.""It is very stable and easy to use.""AI analytics are built directly into the product.""The initial setup is simple.""The ability to see what we have not seen before is most valuable. It is very interesting to find out the most vulnerable devices in our network.""The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us."

More Darktrace Pros →

"The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind.""I have found the most valuable feature to be the rapid threat detection.""The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring.""One of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important.""Most of the features are valuable. As a system integrator, agent deployment is valuable. It also fits the requirements of most of the clients.""It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way.""Another valuable feature is that if a machine is infected, one that may infect other computers within the network, we have the capability of segregating that machine in the network so that it remains connected to the internet but is cut off from the other machines in the network. That helps prevent spreading of the infection. That's a very unique feature, one I have not seen in the last 10 to 15 years from any other antivirus program. That's amazing.""Prevents ransomware getting through."

More SentinelOne Pros →

Cons
"It's quite expensive to have.""It would be helpful if they could recognize incidents and simplify the customer's challenge to identify what is happening.""They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there.""Getting logs from different sources can be a challenge.""The module can improve so that every time it's more intelligent.""It would be useful if there was a way to check to see if there are certain devices that are not in sync with the solution. I'm not sure if this is an option or not.""The solution could be easier to use.""In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace. It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions."

More Darktrace Cons →

"If it had a little bit more granularity in the roles and responsibilities matrix, that would help. There are users that have different components, but I'd be much happier if I could cherry-pick what functions I want to give to which users. That would be a huge benefit.""We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future.""The ability to integrate this product with an antivirus solution would be welcome. Even consolidation with more security products, like Umbrella networking abilities etc. to provide more on this platform, that would be great.""Communication and documentation could be improved.""It's good on Linux, and Windows is pretty good except that the Windows agents sometimes ask for a lot of resources on the endpoints. That could be in the fine-tuning for scanning. In Mac, they are complaining about the same problems, that it's using a lot of resources, but that could also be that we have to configure what it is scanning and what it should not scan. Currently it scans everything.""The solution’s distributed intelligence at the endpoint is pretty effective, but from time to time I see that the agent is not getting the full execution history or command-line parameters. I would estimate the visibility into an endpoint is around 80 percent. There is 20 percent you don't see because, for some reason, the agents don't get all of the information.""Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros.""One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them."

More SentinelOne Cons →

Pricing and Cost Advice
  • "The pricing is a little high compared to the competition."
  • "Our customers feel that the price of Darktrace is quite high compared to other solutions."
  • "The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily."
  • "When it comes to large installations, it can be expensive, but for small accounts it's fine."
  • "It is a very expensive product."
  • "It is expensive. I don't have the price for other competitors."
  • "This solution is expensive."
  • "The price of the solution is not cheap. It is not a one-time purchase, there is a subscription that needs to be paid every one to five years depending on your choice. It is expensive but you can reduce the price by only using the services that you want."
  • More Darktrace Pricing and Cost Advice →

  • "USD$6 per end point which decreases as end points increase."
  • "Pricing is a bit of a pain point. That's where we have not been able to convince all of our customers to use SentinelOne. The pricing is still on the higher side. It's almost double the price, if not more, of a normal antivirus, such as NOD32, Kaspersky, or Symantec."
  • "The solution's price/performance ratio is reasonable."
  • "You have to look at the kinds of problems you can end up with and the fact that you want security against them, and then SentinelOne is not expensive."
  • "It was cheaper than McAfee, which was a way to convince management to go with the solution."
  • "The pricing level for this service and application was very interesting for us. I don't know exactly what the price was, but apparently it was a big surprise that the SOC was also included in our pricing model."
  • "We are on a subscription model by choice. Therefore, we are paying a premium for the flexibility. We would have huge cost savings if we committed to a three-year buy-in. So, it's more expensive than the other solutions that we were looking at, but we have the flexibility of a subscription model. I think the pricing is fair. For example, if we had a three-year tie-in SentinelOne versus Cylance or one of the others, there is not that much difference in pricing. There might be a few euro or dollars here and there, but it's negligible."
  • "SentinelOne is more affordable than some competing products, and it's not overly expensive for what you're getting."
  • More SentinelOne Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
    610,190 professionals have used our research since 2012.
    Answers from the Community
    Netanya Carmi
    William Munroe - PeerSpot reviewerWilliam Munroe
    Vendor

    You should not compare SentinelOne to Darktrace - they solve completely different problems. These types of questions show the ongoing challenges in cybersecurity. As written below, SentinelOne is an Endpoint Detection and Response tool. It is to protect a laptop or workstation from an attack. EDR is a core requirement for cyber defense.


    Darktrace is a network detection and response tool. NDR tools detect attacks occurring against the network. NDR is also a core requirement for cyber defense.


    Regardless of the quality of either tool, you need to cover both your endpoint and your network. So if you decide one is better and choose it, you remain vulnerable to attack. 


    Cover your endpoint only, and I am going to hit you with an attack on your network. Cover your network only, and I will get you via an endpoint.


    EDR tools - SentinelOne, Cybereason, CrowdStrike, Carbon Black to name a few.


    NDR tools - Darktrace, Vectra, ExtraHop, Cyglass to name a few.


    Comparisons of these tools by category would be more valuable.

    ITSecuri7cfd - PeerSpot reviewerITSecuri7cfd (IT Security Coordinator at a healthcare company with 10,001+ employees)
    Real User

    An easy answer for me - pretty much exactly what @Janet Staver described. 


    DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew. 


    S1 is an endpoint tool with deep inspection, a central console, and is cost-effective.

    reviewer1815327 - PeerSpot reviewerreviewer1815327 (User)
    User

    I have done a POC with Darktrace three different times at different orgs.  


    They are actually a borderline scam company. On each POC, I set up tests that even a free install of Suricata could detect. DT failed to detect anything in each case.  


    The other thing is that they call their alerts breaches. This is a BAD idea and they would not listen to reason on this. They will send out young, good-looking salespeople, but by the time you are done with your POC, they will be gone and replaced by someone else.  


    Their sales engineers are too young to have any experience with a security issue you may be dealing with. And I suspect after a few POCs they see that this does not work, at all, and leave!  Stay away from Darktrace!

    reviewer1364232 - PeerSpot reviewerreviewer1364232 (IT Manager at a construction company with 201-500 employees)
    Real User

    You can't compare these two solutions - they are different. 


    SentinelOne is an EDR similar to known EDRs (Sophos, Sandblast, CrowdStrike, Palo Alto XDR, etc.). 


    You need an agent to install to the endpoint to manage. You can integrate via API if you want to integrate to existing networks like Clearpass and micro-segmentation software like Guardicore. 


    Darktrace is an AI-based tool to analyze traffic for known cyber threats from the network level without any agent. Either mirror the port or redirect traffic from VLAN to the Darktrace sensor. The sensor notifies you if any devices are newly discovered to the network, or new users access the particular device. You can block that traffic or device to mobile devices or web UI. In addition, Darktrace also has a module to integrate to SaS like the Office365 email.

    Nicholas Arraje - PeerSpot reviewerNicholas Arraje
    Vendor

    Both @Janet Staver ​and @ITSecuri7cfd are spot on.  


    As a security vendor, like ITSecuri7cfd points out, one tool is for the endpoint and one tool is for the network side.  


    If you looking for an EDR tool, you should look to compare solutions from Carbon Black, Crowdstrike, etc.  


    As for Darktrace, they are classified as an NDR tool. Within the NDR market, there are essentially 2 types of solutions; tools for smaller organizations that have limited resources and tools that are designed for organizations that have SOC teams that need better visibility and data. 


    If you want to learn more about NDR solutions in general we have written an ebook called "What to look for in an NDR platform": https://bricata.com/wp-content...

    Questions from the Community
    Top Answer:Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a… more »
    Top Answer:Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for… more »
    Top Answer:We are able to detect a lot of things, actually, and see what is happening in our network.
    Top Answer:Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to… more »
    Top Answer:I have found the most valuable feature to be the rapid threat detection.
    Top Answer:SentinelOne isn't cheap, but it's less expensive than CrowdStrike It's priced competitively. There are no add-ons. We have a Singularity Complete license, which includes everything we need for… more »
    Ranking
    Views
    47,229
    Comparisons
    30,837
    Reviews
    24
    Average Words per Review
    462
    Rating
    8.5
    Views
    55,496
    Comparisons
    36,181
    Reviews
    28
    Average Words per Review
    1,371
    Rating
    9.2
    Comparisons
    Also Known As
    Sentinel Labs
    Learn More
    Overview

    Darktrace is a world leader in Autonomous Cyber AI and offers several different desirable tools available to provide a wide array of outstanding support and superior threat security. Darktrace works with many different popular solutions, such as Microsoft 365, Azure, AWS, and many more.

    Darktrace offers many different products to keep every type of business enterprise safe.

    Darktrace’s Enterprise Immune System is uniquely designed to learn the status quo of your operating system and is thereby quickly able to discover any anomalies, abusive behavior, and potential cyber threats and stop them immediately before there is any threat to your organization. With Darktrace’s Enterprise Immune System, you have complete transparency across your entire operational system. Darktrace utilizes intuitive self-learning to discover potential new known attacks externally and also locate any internal threats. Darktrace is intuitively self-adapting and will quickly learn the best way to keep your critical systems safe at all times, even as your business changes and grows.

    Darktrace offers an Industrial Immune System, which is specifically designed to understand the unique technologies of industrial systems and aggressively protect the integrity and durability of those ecosystems. You will get full transparency of OT, IT, and industrial IoT.

    Darktrace Antigena combines the best of the Autonomous Response technology to keep your enterprise ecosystems safe at all times. Darktrace Antigena has the decision-making ability to easily identify suspicious behavior and can stop in-progress threats such as cyber-attacks, ransomware, and threats to your cloud or proprietary infrastructure. Darktrace Antigena will provide protection to keep your systems safe and avoid any downtime or negative impact on your organization's productivity.

    Darktrace Cyber AI Analyst works as an investigative solution that instantly rates, interprets, and reports on the entire range of potential security threats. Darktrace Cyber AI Analyst uses an intuitive analysis process to investigate 100% of all potential threats. Each and every threat is rated and a response plan is created to direct your teams on the best possible course of action needed to immediately resolve the issue. Darktrace AI Analyst also handles Zero-day malware and ransomware. The automated threat investigation can work faster to develop a plan, follow issues, and investigate than any human component. Darktrace AI will save time and money by adding an additional supplemental layer of security to your organization.

    Darktrace provides outstanding enterprise-wide cyber defense to more than 5,500 organizations worldwide that rely on Darktrace daily to keep their business ecosystems running at maximum efficiency and productivity without any unplanned downtime within the overall business operation. Darktrace has a super-fast, machine-speed defense supported by the unique Autonomous Response that can take some of the pressure off of your security team and at the same time mount an aggressive fightback continuing to develop a safer defense every day.

    Reviews from Real Users

    Imad A., Group IT Manager at a manufacturing company, says, “"I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network."

    A Security Engineer at a real estate/law firm states, "The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."







    SentinelOne is a leading comprehensive enterprise-level autonomous security solution that is very popular in today’s marketplace. SentinelOne will ensure that today’s aggressive dynamic enterprises are able to defend themselves more rapidly, at any scale, and with improved precision, by providing comprehensive, thorough security across the entire organizational threat surface.

    SentinelOne makes keeping your infrastructure safe and secure easy and affordable. They offer several tiered levels of security and varied payment options. SentinelOne works well with Linux, Windows, and MacOS, and can successfully support legacy infrastructures as well as the newer popular environments, including the latest operating systems. The single pane of glass management will save time and money by reducing manpower and ensuring comprehensive security protection of all your endpoints locally and worldwide.

    SentinelOne offers intensive training and support to meet every organization’s unique business needs.

    SentinelOne's levels of services and support include, but are not limited to:

    SentinelOne GO is a guided 90-day onboarding service to ensure successful deployment and success. It assists with the deployment planning and overview, initial user setup, and product overviews. It provides ongoing training and advisory meetings, ensuring that everything is set up correctly and that your team understands the appropriate protocols to ensure success.

    SentinelOne offers multi-tiered support based on your organizational needs from small business to enterprise, using their Designed Technical Account Management (TAM). They have support for every business level: Standard, Enterprise, and Enterprise Pro. SentinelOne is always available to ensure that you and your organization work together to minimize the risk of downtime and any threat exposure.

    Threat Hunting & Response Services

    Support for threat hunting and response include Watch Tower, Watch Tower Pro, Vigilance Respond, and Vigilance Respond Pro. Each of these services builds on the other, progressively adding features based on your organizational needs.

    Watch Tower: This is the entry-level plan and includes: Active campaign hunting and cyber crime alerts and course correction for potential threats, access to the Monthly Hunting & Intelligence Digest.

    Watch Tower Pro: Includes everything in WatchTower and customized threat hunting for all current & historical threats, unlimited access to Signal Hunting Library of Pre-Built Queries, Incident-Based Triage and Hunting, continuous customer service, followup and reporting, a Security Assessment, and quarterly Cadence meetings.

    Vigilance Respond: Includes all of the features of Watch Tower in addition to a security assessment and Cadence meetings, which are on-demand. Provides the features of Watch Tower Pro in addition to 24x7x365 monitoring, triage, and response.

    Vigilance Respond Pro: Includes all of the features of the above options, including a security assessment and quarterly cadence meeting as well as a complete digital forensic investigation and malware analysis.

    Reviews from Real Users

    Jeff D. who is an Operations Manager at Proton Dealership IT, tells us that "The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind."

    "The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring." relates Rae J., Director IR and MDR at a tech services company.

    Offer
    Learn more about Darktrace
    Learn more about SentinelOne
    Sample Customers
    Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol
    Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank
    Top Industries
    REVIEWERS
    Financial Services Firm20%
    Computer Software Company16%
    Government8%
    Healthcare Company4%
    VISITORS READING REVIEWS
    Comms Service Provider23%
    Computer Software Company20%
    Government7%
    Financial Services Firm6%
    REVIEWERS
    Retailer14%
    Manufacturing Company14%
    Computer Software Company9%
    Healthcare Company9%
    VISITORS READING REVIEWS
    Computer Software Company23%
    Comms Service Provider20%
    Government6%
    Retailer4%
    Company Size
    REVIEWERS
    Small Business47%
    Midsize Enterprise18%
    Large Enterprise34%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise22%
    Large Enterprise53%
    REVIEWERS
    Small Business35%
    Midsize Enterprise23%
    Large Enterprise42%
    VISITORS READING REVIEWS
    Small Business32%
    Midsize Enterprise20%
    Large Enterprise48%
    Buyer's Guide
    Intrusion Detection and Prevention Software (IDPS)
    June 2022
    Find out what your peers are saying about Darktrace, GFI, Vectra AI and others in Intrusion Detection and Prevention Software (IDPS). Updated: June 2022.
    610,190 professionals have used our research since 2012.

    Darktrace is ranked 1st in Intrusion Detection and Prevention Software (IDPS) with 26 reviews while SentinelOne is ranked 2nd in Endpoint Protection for Business (EPP) with 28 reviews. Darktrace is rated 8.4, while SentinelOne is rated 9.2. The top reviewer of Darktrace writes "A 10/10 solution with an awesome interface, good stability and scalability, flexible pricing, and good support". On the other hand, the top reviewer of SentinelOne writes "Made a tremendous difference in our ability to protect our endpoints and servers". Darktrace is most compared with CrowdStrike Falcon, Cisco Stealthwatch, Vectra AI, Cortex XDR by Palo Alto Networks and ExtraHop Reveal(x), whereas SentinelOne is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Cortex XDR by Palo Alto Networks, Carbon Black CB Defense and Bitdefender GravityZone Ultra.

    We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.