Coming October 25: PeerSpot Awards will be announced! Learn more

Darktrace vs SentinelOne comparison

Cancel
You must select at least 2 products to compare!
Darktrace Logo
48,339 views|31,433 comparisons
SentinelOne Logo
60,021 views|37,894 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on April 4, 2022

We performed a comparison between Darktrace and SentinelOne based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of both of these solutions tell us the deployment is straightforward and very simple.
  • Features: Users like Darktrace’s Antigena feature: it very quickly learns what “normal” looks like in an environment and will block anything that doesn’t belong. Darktrace can detect problematic IPs from the outside and stop attacks on the inside. Users like the Dynamic Threat Dashboard, which lists all threats and rates them, giving a clear perspective on which threats need immediate attention. Darktrace has an app that allows for mobile monitoring and viewing of information live in real time. However, many users feel endpoint protection is somewhat lacking from Darktrace. It does not react to triggers or outcomes on the device, which is problematic for businesses with large teams working remotely. The dashboards and reporting can be complicated to understand for a non-technical person and reviewers feel it should be more customizable so that recipients only see information pertinent to their role in the business.

    Users of SentinelOne appreciate that it offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to the environment is note-worthy. Sentinel One works inconspicuously in the background, continually providing protection. It has an automated active EDR that will not only find issues but can fix them. Some users feel there seem to be some applications that do not function properly when SentinelOne is installed, yet when SentinelOne is removed they work as expected. Users would like to be able to make the reporting more customizable.
  • Pricing: Users consistently feel that both solutions are costly.
  • Service and Support: Users for both of these solutions feel the service they receive is excellent. They say that both solutions provide service that is fast, professional, and extremely knowledgeable.

Comparison Results: Based on our users’ reviews, we would conclude that SentinelOne is a stronger, more secure solution than Darktrace. Reviewers say that SentinelOne offers a deeper and more thorough level of security. Additionally, SentinelOne provides equal protection across Windows, Linux, and macOS. It can also support legacy infrastructure as well as newer environments. The single-pane feature helps protect numerous endpoints with a very lean team, saving time and money.

To learn more, read our detailed Darktrace vs. SentinelOne report (Updated: September 2022).
633,952 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user.""The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us.""The NDR is good in their solution and they have NTG for email.""The platform has many modules, and each module examines a different situation in the behavior.""It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports. Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk.""The most valuable feature is that it gives us visibility of rogue traffic that is on the network.""The initial setup is simple.""The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff."

More Darktrace Pros →

"Most of the features are valuable. As a system integrator, agent deployment is valuable. It also fits the requirements of most of the clients.""SentinelOne is the next-generation EDR solution.""The product can scale.""We are able to write some custom rules on SentinelOne.""The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind.""It's quite scalable.""It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way.""One of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important."

More SentinelOne Pros →

Cons
"The module can improve so that every time it's more intelligent.""It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace.""There aren't so many third-party vendor platforms natively integrated with the platform.""I would like to see more protection in the endpoint. Especially because we have a lot of people using VPNs. If they would improve end point security, it would give more control there.""The initial setup is more complex and time-consuming than some solutions.""They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there.""The solution can improve the reporting.""The dashboard and reporting for this solution could be improved as it is currently complex. The GUI for this solution could also be improved."

More Darktrace Cons →

"We are now using an external monitoring tool to monitor the services of SentinelOne, because apparently they don't have any solution for that. When the SentinelOne agent is down, you can go to the interface and see a mark on SentinelOne that something is not correct or the server needs to be rebooted, but you will not get an alert. You will not be warned that there is an issue with the SentinelOne agent. I have found that a little bit disturbing, because then we need to use a third-party monitoring tool to make sure that all services of SentinelOne are up and running.""SentinelOne can improve by having better integration with Active Directory.""One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them.""We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future.""Maybe they can develop some firewall aspects for it to better protect us.""The solution does not have an application security and control module.""It has all the features that other leading products in the market provide. They should keep enhancing it based on the challenges in the market. I am fine with its detection capability, but they can work more on deep inspection.""There are features that I would like them to add. They have little to do with endpoint protection, but if they could add encryption and DLP on, it would make it even better."

More SentinelOne Cons →

Pricing and Cost Advice
  • "Our customers feel that the price of Darktrace is quite high compared to other solutions."
  • "The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily."
  • "When it comes to large installations, it can be expensive, but for small accounts it's fine."
  • "It is a very expensive product."
  • "It is expensive. I don't have the price for other competitors."
  • "This solution is expensive."
  • "The price of the solution is not cheap. It is not a one-time purchase, there is a subscription that needs to be paid every one to five years depending on your choice. It is expensive but you can reduce the price by only using the services that you want."
  • "It was $3,600 a month or $2,000 plus or so. I am not sure. Its licensing is pretty simple."
  • More Darktrace Pricing and Cost Advice →

  • "Pricing is a bit of a pain point. That's where we have not been able to convince all of our customers to use SentinelOne. The pricing is still on the higher side. It's almost double the price, if not more, of a normal antivirus, such as NOD32, Kaspersky, or Symantec."
  • "The solution's price/performance ratio is reasonable."
  • "You have to look at the kinds of problems you can end up with and the fact that you want security against them, and then SentinelOne is not expensive."
  • "It was cheaper than McAfee, which was a way to convince management to go with the solution."
  • "The pricing level for this service and application was very interesting for us. I don't know exactly what the price was, but apparently it was a big surprise that the SOC was also included in our pricing model."
  • "We are on a subscription model by choice. Therefore, we are paying a premium for the flexibility. We would have huge cost savings if we committed to a three-year buy-in. So, it's more expensive than the other solutions that we were looking at, but we have the flexibility of a subscription model. I think the pricing is fair. For example, if we had a three-year tie-in SentinelOne versus Cylance or one of the others, there is not that much difference in pricing. There might be a few euro or dollars here and there, but it's negligible."
  • "SentinelOne is more affordable than some competing products, and it's not overly expensive for what you're getting."
  • "The pricing is very fair for the solution they provide."
  • More SentinelOne Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
    633,952 professionals have used our research since 2012.
    Answers from the Community
    Netanya Carmi
    William Munroe - PeerSpot reviewerWilliam Munroe
    Vendor

    You should not compare SentinelOne to Darktrace - they solve completely different problems. These types of questions show the ongoing challenges in cybersecurity. As written below, SentinelOne is an Endpoint Detection and Response tool. It is to protect a laptop or workstation from an attack. EDR is a core requirement for cyber defense.


    Darktrace is a network detection and response tool. NDR tools detect attacks occurring against the network. NDR is also a core requirement for cyber defense.


    Regardless of the quality of either tool, you need to cover both your endpoint and your network. So if you decide one is better and choose it, you remain vulnerable to attack. 


    Cover your endpoint only, and I am going to hit you with an attack on your network. Cover your network only, and I will get you via an endpoint.


    EDR tools - SentinelOne, Cybereason, CrowdStrike, Carbon Black to name a few.


    NDR tools - Darktrace, Vectra, ExtraHop, Cyglass to name a few.


    Comparisons of these tools by category would be more valuable.

    ITSecuri7cfd - PeerSpot reviewerITSecuri7cfd (IT Security Coordinator at a healthcare company with 10,001+ employees)
    Real User

    An easy answer for me - pretty much exactly what @Janet Staver described. 


    DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew. 


    S1 is an endpoint tool with deep inspection, a central console, and is cost-effective.

    reviewer1815327 - PeerSpot reviewerreviewer1815327 (User)
    User

    I have done a POC with Darktrace three different times at different orgs.  


    They are actually a borderline scam company. On each POC, I set up tests that even a free install of Suricata could detect. DT failed to detect anything in each case.  


    The other thing is that they call their alerts breaches. This is a BAD idea and they would not listen to reason on this. They will send out young, good-looking salespeople, but by the time you are done with your POC, they will be gone and replaced by someone else.  


    Their sales engineers are too young to have any experience with a security issue you may be dealing with. And I suspect after a few POCs they see that this does not work, at all, and leave!  Stay away from Darktrace!

    reviewer1364232 - PeerSpot reviewerreviewer1364232 (IT Manager at a construction company with 201-500 employees)
    Real User

    You can't compare these two solutions - they are different. 


    SentinelOne is an EDR similar to known EDRs (Sophos, Sandblast, CrowdStrike, Palo Alto XDR, etc.). 


    You need an agent to install to the endpoint to manage. You can integrate via API if you want to integrate to existing networks like Clearpass and micro-segmentation software like Guardicore. 


    Darktrace is an AI-based tool to analyze traffic for known cyber threats from the network level without any agent. Either mirror the port or redirect traffic from VLAN to the Darktrace sensor. The sensor notifies you if any devices are newly discovered to the network, or new users access the particular device. You can block that traffic or device to mobile devices or web UI. In addition, Darktrace also has a module to integrate to SaS like the Office365 email.

    Nicholas Arraje - PeerSpot reviewerNicholas Arraje
    Vendor

    Both @Janet Staver ​and @ITSecuri7cfd are spot on.  


    As a security vendor, like ITSecuri7cfd points out, one tool is for the endpoint and one tool is for the network side.  


    If you looking for an EDR tool, you should look to compare solutions from Carbon Black, Crowdstrike, etc.  


    As for Darktrace, they are classified as an NDR tool. Within the NDR market, there are essentially 2 types of solutions; tools for smaller organizations that have limited resources and tools that are designed for organizations that have SOC teams that need better visibility and data. 


    If you want to learn more about NDR solutions in general we have written an ebook called "What to look for in an NDR platform": https://bricata.com/wp-content...

    Questions from the Community
    Top Answer:Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a… more »
    Top Answer:Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for… more »
    Top Answer:The most valuable feature has been the behavioral analytics that allows us to monitor all the traffic.
    Top Answer:Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to… more »
    Top Answer:IMO, it depends on whether you have abilities to validate and/or correlate telemetries - these guys brings out quite a lot of telemetry alerts for you to work on...
    Top Answer: The best thing is it has a secure shell command that you can use to get into any endpoint and do some jobs.
    Ranking
    Views
    48,339
    Comparisons
    31,433
    Reviews
    27
    Average Words per Review
    439
    Rating
    8.3
    Views
    60,021
    Comparisons
    37,894
    Reviews
    43
    Average Words per Review
    1,101
    Rating
    9.0
    Comparisons
    Also Known As
    Sentinel Labs
    Learn More
    Overview

    Darktrace is a world leader in Autonomous Cyber AI and offers several different desirable tools available to provide a wide array of outstanding support and superior threat security. Darktrace works with many different popular solutions, such as Microsoft 365, Azure, AWS, and many more.

    Darktrace offers many different products to keep every type of business enterprise safe.

    Darktrace’s Enterprise Immune System is uniquely designed to learn the status quo of your operating system and is thereby quickly able to discover any anomalies, abusive behavior, and potential cyber threats and stop them immediately before there is any threat to your organization. With Darktrace’s Enterprise Immune System, you have complete transparency across your entire operational system. Darktrace utilizes intuitive self-learning to discover potential new known attacks externally and also locate any internal threats. Darktrace is intuitively self-adapting and will quickly learn the best way to keep your critical systems safe at all times, even as your business changes and grows.

    Darktrace offers an Industrial Immune System, which is specifically designed to understand the unique technologies of industrial systems and aggressively protect the integrity and durability of those ecosystems. You will get full transparency of OT, IT, and industrial IoT.

    Darktrace Antigena combines the best of the Autonomous Response technology to keep your enterprise ecosystems safe at all times. Darktrace Antigena has the decision-making ability to easily identify suspicious behavior and can stop in-progress threats such as cyber-attacks, ransomware, and threats to your cloud or proprietary infrastructure. Darktrace Antigena will provide protection to keep your systems safe and avoid any downtime or negative impact on your organization's productivity.

    Darktrace Cyber AI Analyst works as an investigative solution that instantly rates, interprets, and reports on the entire range of potential security threats. Darktrace Cyber AI Analyst uses an intuitive analysis process to investigate 100% of all potential threats. Each and every threat is rated and a response plan is created to direct your teams on the best possible course of action needed to immediately resolve the issue. Darktrace AI Analyst also handles Zero-day malware and ransomware. The automated threat investigation can work faster to develop a plan, follow issues, and investigate than any human component. Darktrace AI will save time and money by adding an additional supplemental layer of security to your organization.

    Darktrace provides outstanding enterprise-wide cyber defense to more than 5,500 organizations worldwide that rely on Darktrace daily to keep their business ecosystems running at maximum efficiency and productivity without any unplanned downtime within the overall business operation. Darktrace has a super-fast, machine-speed defense supported by the unique Autonomous Response that can take some of the pressure off of your security team and at the same time mount an aggressive fightback continuing to develop a safer defense every day.

    Reviews from Real Users

    Imad A., Group IT Manager at a manufacturing company, says, “"I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network."

    A Security Engineer at a real estate/law firm states, "The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."







    SentinelOne is a leading comprehensive enterprise-level autonomous security solution that is very popular in today’s marketplace. SentinelOne will ensure that today’s aggressive dynamic enterprises are able to defend themselves more rapidly, at any scale, and with improved precision, by providing comprehensive, thorough security across the entire organizational threat surface.

    SentinelOne makes keeping your infrastructure safe and secure easy and affordable. They offer several tiered levels of security and varied payment options. SentinelOne works well with Linux, Windows, and MacOS, and can successfully support legacy infrastructures as well as the newer popular environments, including the latest operating systems. The single pane of glass management will save time and money by reducing manpower and ensuring comprehensive security protection of all your endpoints locally and worldwide.

    SentinelOne offers intensive training and support to meet every organization’s unique business needs.

    SentinelOne's levels of services and support include, but are not limited to:

    SentinelOne GO is a guided 90-day onboarding service to ensure successful deployment and success. It assists with the deployment planning and overview, initial user setup, and product overviews. It provides ongoing training and advisory meetings, ensuring that everything is set up correctly and that your team understands the appropriate protocols to ensure success.

    SentinelOne offers multi-tiered support based on your organizational needs from small business to enterprise, using their Designed Technical Account Management (TAM). They have support for every business level: Standard, Enterprise, and Enterprise Pro. SentinelOne is always available to ensure that you and your organization work together to minimize the risk of downtime and any threat exposure.

    Threat Hunting & Response Services

    Support for threat hunting and response include Watch Tower, Watch Tower Pro, Vigilance Respond, and Vigilance Respond Pro. Each of these services builds on the other, progressively adding features based on your organizational needs.

    Watch Tower: This is the entry-level plan and includes: Active campaign hunting and cyber crime alerts and course correction for potential threats, access to the Monthly Hunting & Intelligence Digest.

    Watch Tower Pro: Includes everything in WatchTower and customized threat hunting for all current & historical threats, unlimited access to Signal Hunting Library of Pre-Built Queries, Incident-Based Triage and Hunting, continuous customer service, followup and reporting, a Security Assessment, and quarterly Cadence meetings.

    Vigilance Respond: Includes all of the features of Watch Tower in addition to a security assessment and Cadence meetings, which are on-demand. Provides the features of Watch Tower Pro in addition to 24x7x365 monitoring, triage, and response.

    Vigilance Respond Pro: Includes all of the features of the above options, including a security assessment and quarterly cadence meeting as well as a complete digital forensic investigation and malware analysis.

    Reviews from Real Users

    Jeff D. who is an Operations Manager at Proton Dealership IT, tells us that "The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind."

    "The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring." relates Rae J., Director IR and MDR at a tech services company.

    Offer
    Learn more about Darktrace
    Learn more about SentinelOne
    Sample Customers
    Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol
    Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank
    Top Industries
    REVIEWERS
    Financial Services Firm19%
    Computer Software Company16%
    Construction Company6%
    Manufacturing Company6%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Comms Service Provider18%
    Government7%
    Financial Services Firm6%
    REVIEWERS
    Manufacturing Company14%
    Healthcare Company14%
    Financial Services Firm11%
    Retailer8%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Comms Service Provider15%
    Government6%
    Retailer5%
    Company Size
    REVIEWERS
    Small Business52%
    Midsize Enterprise17%
    Large Enterprise31%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise20%
    Large Enterprise53%
    REVIEWERS
    Small Business37%
    Midsize Enterprise24%
    Large Enterprise40%
    VISITORS READING REVIEWS
    Small Business33%
    Midsize Enterprise20%
    Large Enterprise47%
    Buyer's Guide
    Intrusion Detection and Prevention Software (IDPS)
    September 2022
    Find out what your peers are saying about Darktrace, Check Point, Fortinet and others in Intrusion Detection and Prevention Software (IDPS). Updated: September 2022.
    633,952 professionals have used our research since 2012.

    Darktrace is ranked 1st in Intrusion Detection and Prevention Software (IDPS) with 33 reviews while SentinelOne is ranked 3rd in EDR (Endpoint Detection and Response) with 50 reviews. Darktrace is rated 8.4, while SentinelOne is rated 9.0. The top reviewer of Darktrace writes "A 10/10 solution with an awesome interface, good stability and scalability, flexible pricing, and good support". On the other hand, the top reviewer of SentinelOne writes "Made a tremendous difference in our ability to protect our endpoints and servers". Darktrace is most compared with CrowdStrike Falcon, Cisco Secure Network Analytics, Vectra AI, Cortex XDR by Palo Alto Networks and ExtraHop Reveal(x), whereas SentinelOne is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Cortex XDR by Palo Alto Networks, Bitdefender GravityZone Ultra and Carbon Black CB Defense.

    We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.