We performed a comparison between Darktrace and SentinelOne based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on our users’ reviews, we would conclude that SentinelOne is a stronger, more secure solution than Darktrace. Reviewers say that SentinelOne offers a deeper and more thorough level of security. Additionally, SentinelOne provides equal protection across Windows, Linux, and macOS. It can also support legacy infrastructure as well as newer environments. The single-pane feature helps protect numerous endpoints with a very lean team, saving time and money.
"At the moment we are satisfied with this product. It's a stable, scalable, and resilient solution for us."
"The basic features are okay and I'm satisfied with the Defender."
"Defender is a SaaS platform, so it offers more flexibility. Managing the permissions is easier. The solution's automated detection and response features are scalable."
"The product's scalability is good."
"The risk level notifications are most valuable. We get to know what kind of intrusion or attack is there, and we can fix a problem on time."
"Threat Explorer is an invaluable tool for me, and it plays a crucial role in helping me discern the origins of various email campaigns, pinpointing where they emanate from, and identifying the individuals within our organization who are affected."
"It gives us visibility into threats and, for endpoints, it helps us to prioritize threats. We used to have a lack of visibility, but now our time to detect and respond has decreased."
"The solution is very easy to use. All you have to do is to assign the license to the end-user and it's done. The customer will only have the feature activated, and the solution will monitor the emails to determine if they are a threat or not."
"The models, triggers, and alerts are customizable."
"The product can scale."
"The most valuable feature has been the behavioral analytics that allows us to monitor all the traffic."
"I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it."
"The NDR is good in their solution and they have NTG for email."
"Darktrace is very useful for us because it has a large number of models for detecting threats."
"I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user."
"Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies."
"Its ability to interact with other third-party tools has been great for us. It can work through APIs and partners and integrate well."
"It protects your machine, and it does an excellent job using AI to determine an attack and stop the attack. Its most powerful feature is prevention, and it can unwind ransomware activity as well. So, it is a really useful product in that sense."
"The best part of the agent is that users can't remove or disable it, so endpoints will be safe. I can control it from the portal. I can see when it's updated and I can push updates from the portal. The greatness of SentinelOne is that our end-users don't see anything to do with the agents. Some of them don't even know it's on their laptops. And that's a good thing."
"We have had very few false positives or false negatives, which allows our analysts to focus on their work instead of dealing with noise."
"I really like the storyline feature."
"The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind."
"SentinelOne is preferred because of its great features and nominal cost."
"The most valuable aspects of SentinelOne Singularity Complete are the ease of deployment with the Sentinel Agent and the enhanced visibility with Skylight, which provides correlation of logs and all endpoint data in a centralized location."
"It would be better if it were more scalable. It depends on the architecture, but we would like to make it more scalable for both data centers."
"There is room for improvement with the UI."
"About eight months ago, we started to measure the quantity of phishing and spam that we have been receiving, and it has been increasing a lot. That means that protection for our email is not as good as we were expecting."
"There needs to be an improvement in integrating the product to work across multiple operating systems, and to have better support for non-Microsoft file types."
"They have moved features from one console to another. Things have been moved around in the interface and it takes me time to find where certain features are."
"We need a separate license and we don't know how to get the license that is required."
"The certification training for Defender for 365 needs to be deeper and incorporate Sentinel. I took all the security courses except one, and Sentinel isn't included."
"I'd like some additional features any product can give me to protect our environment in a better way."
"I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint."
"The program is quite expensive."
"They just need to work on their price. In terms of features, we are trying to understand all the features that we have. We're still exploring everything that we have so that we can fully utilize it. At this point in time, it is not about the features. It is more about utilization. We're just trying to utilize everything to full capacity."
"Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration."
"One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network."
"There aren't so many third-party vendor platforms natively integrated with the platform."
"I'd love them to see maybe covering the cloud a bit more."
"The interface is too mathematical and it should be simplified."
"One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them."
"Since SentinelOne Hologram was an Attivo Networks product acquired by Microsoft, I have to install a different agent on endpoints for that product. It would be better if the same SentinelOne agent could be used for both the EDR and deception technology."
"The UI appears to be flat, and I wish to have the ability to customize it with features and buttons that are tailored to our needs."
"DLP support would be a good addition."
"We need to analyze the threats and make decisions based on that, so the analytics could be better at analyzing exactly where the threats are coming from."
"I would like to have firewall functionality within SentinelOne Singularity Complete."
"The area where it could be improved is reporting. They have some online reporting, but it would be nice to be able to pick and choose. When I'm looking at the console, I would love to be able to pull certain things into a report, the things that are specific to me."
"Security could always be better."
More Microsoft Defender for Office 365 Pricing and Cost Advice →
More SentinelOne Singularity Complete Pricing and Cost Advice →
Darktrace is ranked 13th in Email Security with 32 reviews while SentinelOne Singularity Complete is ranked 2nd in Anti-Malware Tools with 139 reviews. Darktrace is rated 8.2, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of Darktrace writes "A stable, scalable, and valuable tool that provides excellent network monitoring". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "You don't need to configure a lot with it because it provides an unmatched layer of protection out of the box". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, Cortex XDR by Palo Alto Networks, Cisco Secure Network Analytics and ExtraHop Reveal(x), whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, ThreatLocker Protect, Datto Endpoint Detection and Response (EDR) and Bitdefender GravityZone EDR.
We monitor all Email Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
You should not compare SentinelOne to Darktrace - they solve completely different problems. These types of questions show the ongoing challenges in cybersecurity. As written below, SentinelOne is an Endpoint Detection and Response tool. It is to protect a laptop or workstation from an attack. EDR is a core requirement for cyber defense.
Darktrace is a network detection and response tool. NDR tools detect attacks occurring against the network. NDR is also a core requirement for cyber defense.
Regardless of the quality of either tool, you need to cover both your endpoint and your network. So if you decide one is better and choose it, you remain vulnerable to attack.
Cover your endpoint only, and I am going to hit you with an attack on your network. Cover your network only, and I will get you via an endpoint.
EDR tools - SentinelOne, Cybereason, CrowdStrike, Carbon Black to name a few.
NDR tools - Darktrace, Vectra, ExtraHop, Cyglass to name a few.
Comparisons of these tools by category would be more valuable.
An easy answer for me - pretty much exactly what @Janet Staver described.
DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew.
S1 is an endpoint tool with deep inspection, a central console, and is cost-effective.
I have done a POC with Darktrace three different times at different orgs.
They are actually a borderline scam company. On each POC, I set up tests that even a free install of Suricata could detect. DT failed to detect anything in each case.
The other thing is that they call their alerts breaches. This is a BAD idea and they would not listen to reason on this. They will send out young, good-looking salespeople, but by the time you are done with your POC, they will be gone and replaced by someone else.
Their sales engineers are too young to have any experience with a security issue you may be dealing with. And I suspect after a few POCs they see that this does not work, at all, and leave! Stay away from Darktrace!
You can't compare these two solutions - they are different.
SentinelOne is an EDR similar to known EDRs (Sophos, Sandblast, CrowdStrike, Palo Alto XDR, etc.).
You need an agent to install to the endpoint to manage. You can integrate via API if you want to integrate to existing networks like Clearpass and micro-segmentation software like Guardicore.
Darktrace is an AI-based tool to analyze traffic for known cyber threats from the network level without any agent. Either mirror the port or redirect traffic from VLAN to the Darktrace sensor. The sensor notifies you if any devices are newly discovered to the network, or new users access the particular device. You can block that traffic or device to mobile devices or web UI. In addition, Darktrace also has a module to integrate to SaS like the Office365 email.
Both @Janet Staver and @ITSecuri7cfd are spot on.
As a security vendor, like ITSecuri7cfd points out, one tool is for the endpoint and one tool is for the network side.
If you looking for an EDR tool, you should look to compare solutions from Carbon Black, Crowdstrike, etc.
As for Darktrace, they are classified as an NDR tool. Within the NDR market, there are essentially 2 types of solutions; tools for smaller organizations that have limited resources and tools that are designed for organizations that have SOC teams that need better visibility and data.
If you want to learn more about NDR solutions in general we have written an ebook called "What to look for in an NDR platform": https://bricata.com/wp-content...
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organizations who have limited security resources but still need deep insights into threats and network intrusions. Darktrace also has an invaluable feature that produces weekly reports.
A unique feature Darktrace has to its name is its use of artificial intelligence for cybersecurity and machine learning capabilities. Darktrace is able to successfully detect threats over networks before it's even possible for them to spread. In addition, it notifies you with all the threat details. Although Darktrace is geared toward smaller-sized organizations, it does come with a hefty cost. The cost increases as the number of products that need to be monitored increases.
SentinelOne is a great product and effective for mitigating threats. It allows you to have granular control over your environments and your endpoints. SentinelOne has a central management console. It also provides insight into lateral movement threats, by gathering data from anything that happens to be related to the security of an endpoint. Another SentinelOne feature that’s fantastic is their one-click automation remediation, along with rollback for restoring an endpoint, which can often be very helpful.
SentinelOne is also known for its ability to decrease incident response time and has deep visibility that comes in handy quite often. However, the dashboard design isn’t wonderful. In contrast to Darktrace though, SentinelOne is efficient because minimal administrative support is required, and it offers a lot for a solution that is cost-effective.
Conclusion
While both SentinelOne and Darktrace boast many beneficial features, one outweighs the other when it comes to price. If Darktrace is within your budget, I would recommend it. But if not, SentinelOne is a great solution that makes a lot of sense.