Darktrace vs SentinelOne Singularity Complete comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Apr 4, 2022

We performed a comparison between Darktrace and SentinelOne based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of both of these solutions tell us the deployment is straightforward and very simple.
  • Features: Users like Darktrace’s Antigena feature: it very quickly learns what “normal” looks like in an environment and will block anything that doesn’t belong. Darktrace can detect problematic IPs from the outside and stop attacks on the inside. Users like the Dynamic Threat Dashboard, which lists all threats and rates them, giving a clear perspective on which threats need immediate attention. Darktrace has an app that allows for mobile monitoring and viewing of information live in real time. However, many users feel endpoint protection is somewhat lacking from Darktrace. It does not react to triggers or outcomes on the device, which is problematic for businesses with large teams working remotely. The dashboards and reporting can be complicated to understand for a non-technical person and reviewers feel it should be more customizable so that recipients only see information pertinent to their role in the business.

    Users of SentinelOne appreciate that it offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to the environment is note-worthy. Sentinel One works inconspicuously in the background, continually providing protection. It has an automated active EDR that will not only find issues but can fix them. Some users feel there seem to be some applications that do not function properly when SentinelOne is installed, yet when SentinelOne is removed they work as expected. Users would like to be able to make the reporting more customizable.
  • Pricing: Users consistently feel that both solutions are costly.
  • Service and Support: Users for both of these solutions feel the service they receive is excellent. They say that both solutions provide service that is fast, professional, and extremely knowledgeable.

Comparison Results: Based on our users’ reviews, we would conclude that SentinelOne is a stronger, more secure solution than Darktrace. Reviewers say that SentinelOne offers a deeper and more thorough level of security. Additionally, SentinelOne provides equal protection across Windows, Linux, and macOS. It can also support legacy infrastructure as well as newer environments. The single-pane feature helps protect numerous endpoints with a very lean team, saving time and money.

To learn more, read our detailed Intrusion Detection and Prevention Software (IDPS) Report (Updated: May 2023).
706,775 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us.""The most valuable feature is that it gives us visibility of rogue traffic that is on the network.""The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response.""It is autonomous. So, it learns. It uses algorithms and AI to learn the common behavioral patterns on the network, and it is able to identify threats based on abnormal patterns.""The product can scale.""t was pretty as far as the granularity of what you were getting out of it.""The most valuable feature of Darktrace and the most valuable feature is the artificial intelligence module because that is the tool that determines automatically if there is any risk or not in the network.""I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it."

More Darktrace Pros →

"The initial setup is very straightforward and easy.""It gives you good visibility of any threats or vulnerabilities that you might have on your network.""The solution offers excellent detection and integration capabilities.""The reporting part is awesome.""It is a good endpoint solution. That's the reason we chose it. We looked at other solutions, such as CrowdStrike, and based on the cost and the services it delivers, it was the better choice.""The customer support for this solution is good.""It protects your machine, and it does an excellent job using AI to determine an attack and stop the attack. Its most powerful feature is prevention, and it can unwind ransomware activity as well. So, it is a really useful product in that sense.""It has saved us from a couple of ransomware attacks already."

More SentinelOne Singularity Complete Pros →

"The level of tracking within the network from the transmission level up to the machine level can use improvement.""Darktrace could improve its features, such as monitoring and detecting ransomware.""Darktrace requires numerous configurations. It would be beneficial if the configuration could be made simpler.""The module can improve so that every time it's more intelligent.""There aren't so many third-party vendor platforms natively integrated with the platform.""The dashboard and reporting for this solution could be improved as it is currently complex. The GUI for this solution could also be improved.""It is expensive, but everything else has been great so far.""There is a high ratio of false positive information."

More Darktrace Cons →

"We had some stability issues when we started working with SentinelOne.""I would like to see a better control panel for the managed service side of it.""DLP support would be a good addition.""SentinelOne can improve by having better integration with Active Directory.""The solution should include USB blocking for specific machines.""We need to analyze the threats and make decisions based on that, so the analytics could be better at analyzing exactly where the threats are coming from.""Managing the false positives creates additional management overhead. The behavioral analysis engine might misinterpret real user behavior as malware. For example, a drafter was cleaning up a Revit folder and deleting 4,000 files. That looks like ransomware. The SentinelOne agent kicked his computer off the network.""There are features that I would like them to add. They have little to do with endpoint protection, but if they could add encryption and DLP on, it would make it even better."

More SentinelOne Singularity Complete Cons →

Pricing and Cost Advice
  • "The price of the solution is not cheap. It is not a one-time purchase, there is a subscription that needs to be paid every one to five years depending on your choice. It is expensive but you can reduce the price by only using the services that you want."
  • "It was $3,600 a month or $2,000 plus or so. I am not sure. Its licensing is pretty simple."
  • "It's an expensive solution."
  • "It is pretty expensive, but it is worth it. Its licensing is yearly."
  • "The cost of the solution is expensive for smaller businesses. They will not be able to afford it or might not need this type of security solution."
  • "If you consider the features and the cost of market leaders, we are satisfied with the pricing."
  • "All of the other modules, such as the licensing modules, are on par. It's one for one."
  • "The pricing is expensive. It costs over $100,000 a year."
  • More Darktrace Pricing and Cost Advice →

  • "The pricing is very reasonable."
  • "Its price can be lower because I'm seeing competition from another vendor who beats it on commercials."
  • "The pricing of the solution seems reasonable, we got a discount but it still seems reasonable. The licensing cost is $3 to $4 per endpoint and can be paid monthly or yearly, with the price changing according to commitment."
  • "Just buy the Capture Client and buy the installer itself in a license of 100,000, or whatever is needed. You don't need to invest in any management tools because they are already installed, and maintenance from the client will keep everything up and running."
  • "Its price is per endpoint per year. One of the features of its licensing is that it is a multi-tenanted solution. From an MSSP point of view, if I want to have several different virtual clouds of customers, it is supported natively, which is not the case with, for example, Microsoft Defender. Another nice thing about it is that you can buy one license if you want to. Some vendors insist that you buy 50 or 100, whereas here, you can just buy one."
  • "SentinelOne can cost approximately $70 per device."
  • "Its cost is yearly. It is not much costlier than other leading products available in the market. I would rate it a four out of five in terms of pricing."
  • "It's around $8 per client per month."
  • More SentinelOne Singularity Complete Pricing and Cost Advice →

    Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
    706,775 professionals have used our research since 2012.
    Answers from the Community
    Netanya Carmi
    William Munroe - PeerSpot reviewerWilliam Munroe

    You should not compare SentinelOne to Darktrace - they solve completely different problems. These types of questions show the ongoing challenges in cybersecurity. As written below, SentinelOne is an Endpoint Detection and Response tool. It is to protect a laptop or workstation from an attack. EDR is a core requirement for cyber defense.

    Darktrace is a network detection and response tool. NDR tools detect attacks occurring against the network. NDR is also a core requirement for cyber defense.

    Regardless of the quality of either tool, you need to cover both your endpoint and your network. So if you decide one is better and choose it, you remain vulnerable to attack. 

    Cover your endpoint only, and I am going to hit you with an attack on your network. Cover your network only, and I will get you via an endpoint.

    EDR tools - SentinelOne, Cybereason, CrowdStrike, Carbon Black to name a few.

    NDR tools - Darktrace, Vectra, ExtraHop, Cyglass to name a few.

    Comparisons of these tools by category would be more valuable.

    ITSecuri7cfd - PeerSpot reviewerITSecuri7cfd (IT Security Coordinator at a healthcare company with 10,001+ employees)
    Real User

    An easy answer for me - pretty much exactly what @Janet Staver described. 

    DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew. 

    S1 is an endpoint tool with deep inspection, a central console, and is cost-effective.

    reviewer1815327 - PeerSpot reviewerreviewer1815327 (User)

    I have done a POC with Darktrace three different times at different orgs.  

    They are actually a borderline scam company. On each POC, I set up tests that even a free install of Suricata could detect. DT failed to detect anything in each case.  

    The other thing is that they call their alerts breaches. This is a BAD idea and they would not listen to reason on this. They will send out young, good-looking salespeople, but by the time you are done with your POC, they will be gone and replaced by someone else.  

    Their sales engineers are too young to have any experience with a security issue you may be dealing with. And I suspect after a few POCs they see that this does not work, at all, and leave!  Stay away from Darktrace!

    reviewer1364232 - PeerSpot reviewerreviewer1364232 (IT Manager at a construction company with 201-500 employees)
    Real User

    You can't compare these two solutions - they are different. 

    SentinelOne is an EDR similar to known EDRs (Sophos, Sandblast, CrowdStrike, Palo Alto XDR, etc.). 

    You need an agent to install to the endpoint to manage. You can integrate via API if you want to integrate to existing networks like Clearpass and micro-segmentation software like Guardicore. 

    Darktrace is an AI-based tool to analyze traffic for known cyber threats from the network level without any agent. Either mirror the port or redirect traffic from VLAN to the Darktrace sensor. The sensor notifies you if any devices are newly discovered to the network, or new users access the particular device. You can block that traffic or device to mobile devices or web UI. In addition, Darktrace also has a module to integrate to SaS like the Office365 email.

    Nicholas Arraje - PeerSpot reviewerNicholas Arraje

    Both @Janet Staver ​and @ITSecuri7cfd are spot on.  

    As a security vendor, like ITSecuri7cfd points out, one tool is for the endpoint and one tool is for the network side.  

    If you looking for an EDR tool, you should look to compare solutions from Carbon Black, Crowdstrike, etc.  

    As for Darktrace, they are classified as an NDR tool. Within the NDR market, there are essentially 2 types of solutions; tools for smaller organizations that have limited resources and tools that are designed for organizations that have SOC teams that need better visibility and data. 

    If you want to learn more about NDR solutions in general we have written an ebook called "What to look for in an NDR platform": https://bricata.com/wp-content...

    Questions from the Community
    Top Answer:Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a… more »
    Top Answer:Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for… more »
    Top Answer:It has helped the organization to detect any malware affecting the machines...The network monitoring and the email monitoring features are very valuable for us.
    Top Answer:Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to… more »
    Top Answer:SentinelOne is hands down my recommended solution. SentinelOne has not been breached and offers upto $1,000,000 warranty if it cannot roll back a ransomware attack. Please contact me at… more »
    Top Answer:The AI solution makes it easy for customers to detect and manage policies, as well as documents that help customers manage their platform.
    Average Words per Review
    out of 58 in Anti-Malware Tools
    Average Words per Review
    Also Known As
    Sentinel Labs, SentinelOne Singularity
    Learn More

    Darktrace (DARK.L), a global leader in cyber security artificial intelligence, delivers complete AI-powered solutions in its mission to free the world of cyber disruption. Breakthrough innovations from the Darktrace Cyber AI Research Centre in Cambridge, UK and its R&D centre in The Hague, The Netherlands have resulted in over 135 patent applications filed and significant research published to contribute to the cyber security community. Darktrace’s technology continuously learns and updates its knowledge of 'you' for an organization and applies that understanding to achieve an optimal state of cyber security. It is delivering the first ever Cyber AI Loop, fuelling a continuous end-to-end security capability that can autonomously prevent, detect, and respond to novel, in-progress threats in real time. Darktrace employs over 2,200 people around the world and protects over 8,400 organizations globally from advanced cyber-threats. It was named one of TIME magazine’s ‘Most Influential Companies’ in 2021.


    Darktrace Cyber AI Loop™

    The first-ever, adaptive feedback system with a deep, interconnected understanding of the enterprise. The Darktrace Cyber AI Loop represents a first-mover innovation, creating a virtuous cycle in which each capability interacts to strengthen and harden the entire security ecosystem. It allows organizations to not just prevent, detect, respond, and heal from cyber-attacks – but to do all of these all at once.

    ● Empowers bespoke and continuously evolving security solutions based on mathematical models unique to each organization, regardless of size or complexity.

    ● Delivers an end-to-end solution accessing the core Self-Learning AI technology, which provides visibility into the entire, ever-changing digital ecosystem.

    ● Integrates AI engines in each product family to augment all others as the organization changes. The whole is at all times greater than the sum of the parts.

    ● Continually learns and updates its knowledge of how an organization operates, enabling it to spot zero days, insider threats, and novel threats that get through most defenses.

    ● Lifts up security teams by elevating decisions and delivering threat analysis as always-on solutions work autonomously in the background to deliver at the scale of the enterprise.

    Darktrace PREVENT™️

    Proactive AI engine to predict and pre-empt the highest priority cyber-attacks, working inside the organization
    and outside on the attack surface. Part of the Darktrace Cyber AI Loop™.

    ● Harden defenses proactively

    ● Identify and prioritize risks

    ● Conduct continuous around-the-clock testing

    ● Emulate attacks to test vulnerabilities

    ● Continuously communicate outcomes to the AI Loop

    Darktrace DETECT™ + RESPOND™

    Built on patented AI that learns you, using the unique footprints of your everyday operations to identify any unusual behavior that could indicate an attack. Responds instantly to contain any attacks detected. Part of the Darktrace Cyber AI Loop™.

    ● Works across entire digital ecosystem

    ● Protect from known and unknown attacks

    ● Gets stronger as it learns

    ● Feeds insight into the AI Loop

    Darktrace Email

    Darktrace/Email defends the network against malicious emails that evade the email gateway, introducing intelligent autonomous response into the flow of email traffic. Darktrace’s rich understanding of user relationships, communications, and network activity allows Darktrace/Email to quickly contextualize events, and respond only to genuine threats, stopping them before they reach the user.

    Darktrace Endpoint

    Darktrace’s endpoint capability extends Darktrace Detect and Respond to those devices which have left the network, protecting them from known and novel attackers as well as mitigating the risk of accidental or intentional data theft, compliance issues, use of non-approved software etc.

    Darktrace Apps

    Darktrace/Apps stops insider threats, account takeovers, and critical misconfigurations. As a cloud-native solution powered by AI, it can continuously analyse behaviours and relationships across diverse cloud platforms and services, from AWS and Azure, to Salesforce, Dropbox, and Office 365. This enterprise-wide context enables the system to only act on high-confidence threats as they emerge within ephemeral workloads and diverse multi-cloud environments.

    Darktrace Heal

    Coming 2023

    SentinelOne is a leading comprehensive enterprise-level autonomous security solution that is very popular in today’s marketplace. SentinelOne will ensure that today’s aggressive dynamic enterprises are able to defend themselves more rapidly, at any scale, and with improved precision, by providing comprehensive, thorough security across the entire organizational threat surface.

    SentinelOne makes keeping your infrastructure safe and secure easy and affordable. They offer several tiered levels of security and varied payment options. SentinelOne works well with Linux, Windows, and MacOS, and can successfully support legacy infrastructures as well as the newer popular environments, including the latest operating systems. The single pane of glass management will save time and money by reducing manpower and ensuring comprehensive security protection of all your endpoints locally and worldwide.

    SentinelOne offers intensive training and support to meet every organization’s unique business needs.

    SentinelOne's levels of services and support include, but are not limited to:

    SentinelOne GO is a guided 90-day onboarding service to ensure successful deployment and success. It assists with the deployment planning and overview, initial user setup, and product overviews. It provides ongoing training and advisory meetings, ensuring that everything is set up correctly and that your team understands the appropriate protocols to ensure success.

    SentinelOne offers multi-tiered support based on your organizational needs from small business to enterprise, using their Designed Technical Account Management (TAM). They have support for every business level: Standard, Enterprise, and Enterprise Pro. SentinelOne is always available to ensure that you and your organization work together to minimize the risk of downtime and any threat exposure.

    Threat Hunting & Response Services

    Support for threat hunting and response include Watch Tower, Watch Tower Pro, Vigilance Respond, and Vigilance Respond Pro. Each of these services builds on the other, progressively adding features based on your organizational needs.

    Watch Tower: This is the entry-level plan and includes: Active campaign hunting and cyber crime alerts and course correction for potential threats, access to the Monthly Hunting & Intelligence Digest.

    Watch Tower Pro: Includes everything in WatchTower and customized threat hunting for all current & historical threats, unlimited access to Signal Hunting Library of Pre-Built Queries, Incident-Based Triage and Hunting, continuous customer service, followup and reporting, a Security Assessment, and quarterly Cadence meetings.

    Vigilance Respond: Includes all of the features of Watch Tower in addition to a security assessment and Cadence meetings, which are on-demand. Provides the features of Watch Tower Pro in addition to 24x7x365 monitoring, triage, and response.

    Vigilance Respond Pro: Includes all of the features of the above options, including a security assessment and quarterly cadence meeting as well as a complete digital forensic investigation and malware analysis.

    Reviews from Real Users

    Jeff D. who is an Operations Manager at Proton Dealership IT, tells us that "The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind."

    "The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring." relates Rae J., Director IR and MDR at a tech services company.

    Learn more about Darktrace
    Learn more about SentinelOne Singularity Complete
    Sample Customers
    Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
    Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank
    Top Industries
    Financial Services Firm20%
    Computer Software Company13%
    Healthcare Company7%
    Political Organization4%
    Computer Software Company17%
    Comms Service Provider8%
    Financial Services Firm7%
    Computer Software Company12%
    Comms Service Provider12%
    Manufacturing Company10%
    Healthcare Company10%
    Computer Software Company18%
    Comms Service Provider7%
    Company Size
    Small Business50%
    Midsize Enterprise21%
    Large Enterprise29%
    Small Business29%
    Midsize Enterprise18%
    Large Enterprise53%
    Small Business41%
    Midsize Enterprise26%
    Large Enterprise33%
    Small Business34%
    Midsize Enterprise18%
    Large Enterprise48%
    Buyer's Guide
    Intrusion Detection and Prevention Software (IDPS)
    May 2023
    Find out what your peers are saying about Darktrace, Vectra AI, Check Point and others in Intrusion Detection and Prevention Software (IDPS). Updated: May 2023.
    706,775 professionals have used our research since 2012.

    Darktrace is ranked 1st in Intrusion Detection and Prevention Software (IDPS) with 40 reviews while SentinelOne Singularity Complete is ranked 2nd in Anti-Malware Tools with 54 reviews. Darktrace is rated 8.4, while SentinelOne Singularity Complete is rated 8.6. The top reviewer of Darktrace writes "Advanced Cybersecurity Artificial Intelligence, plenty of features, and impressive threat detection". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "Provides deep visibility, helpful and intuitive interface, effectively prevents ransomware attacks ". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, Cisco Secure Network Analytics, Cortex XDR by Palo Alto Networks and Rapid7 InsightIDR, whereas SentinelOne Singularity Complete is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Sophos Intercept X, Bitdefender GravityZone Ultra and ESET Endpoint Security.

    We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.