What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?

Hi community members, 

I work as the Director of Information Technology at a legal firm and I'm looking at replacing our Symantec EDR with either SentinelOne or CrowdStrike but can't seem to get any balanced views other than those from each vendor.  

Currently, I'm doing a POC on both and am interested to know: has anyone already gone through the same dilemma and which solution did you end up with?


Director Information Technology at McCullough Robeertson Lawyers
  • 7
  • 123
PeerSpot user
6 Answers
IT Security Coordinator at a healthcare company with 10,001+ employees
Real User
Top 5
Aug 18, 2021

We RFI/POC'd them all. 

Sentinel One came out on top for every aspect of the requirements that we needed to fulfill from our architect.

That said, CrowdStrike is a good tool as well but I think ends up being more expensive. The best bang for the buck was S1.

Product comparison that may be of interest to you
Managing Member at Pender & Associates
Real User
Top 20
Aug 20, 2021

Hi Ron - SentinelOne without a doubt - it has not been breached.

Steffen Hornung - PeerSpot reviewer
Administrator at Neuberger Gebäudeautomation GmbH
Real User
Top 5Leaderboard
Aug 19, 2021

We are currently in the process of looking for "new tools" in regards to endpoint security. We use McAfee at the moment and we lean more towards S1.

But I am interested how your POCs go. Please come back with some insight!

reviewer1653270 - PeerSpot reviewer
User at tiberium
Aug 19, 2021

It really depends what you want as outcomes, reporting integration with other security technologies. Be happy to discuss.

Modern Workspace Solution (Technical Specialist - Managing Consultant) at GFI India
Aug 19, 2021

BetterI would suggest moving it to Microsoft Defender for Endpoint, which will help more in feature.

Modern Workspace Solution (Technical Specialist - Managing Consultant) at GFI India
Aug 19, 2021

@Evgeny Belenky, I have deployed Microsoft Defender for Endpoint to 10 -12 customers and 5 of them as a replacement of CrowdSrtike.

EDR is also very accurate and easy to analyze.

For Defender, we just need to have ASR Policies defined for Block, Warn, Audit and Enable for the endpoint to action detection. Microsoft Defender for Endpoint comes with a vulnerability assessment as well. This will help remediate and keep a clean environment to avoid security attacks.

Microsoft365 is this unified tool that we can integrate with Cloud app, security Device policy and alerts.

PeerSpot user
Eric Rise - PeerSpot reviewer
Network & Security Engineer at a healthcare company with 51-200 employees
Real User
Top 5
Aug 18, 2021

S1 for sure. 

Disconnect Falcon from the internet and it looses its ability to do anything. Falcon is still a fine product, for EDR I'd go S1.

Find out what your peers are saying about CrowdStrike Falcon vs. SentinelOne Singularity Complete and other solutions. Updated: September 2023.
735,226 professionals have used our research since 2012.
Related Questions
Solutions Architect at IT Solution Factor Sp. z o.o.
Aug 18, 2023
Good morning, I am looking for information on SentinelOne products. Can anyone tell me if workstation and server protection products implement a Virtual Patching functionality in the context of protection against vulnerabilities or implement Virtual Patching in a different way? Please provide any information on this. This information is necessary for me to make a decision on the selection of t...
See 1 answer
Anne Cubarrubia - PeerSpot reviewer
Editor at PeerSpot
Aug 18, 2023
Yes -- SentinelOne has a Virtual Patching functionality called Virtual Patching and Exploit Shield. This preventive security solution uses behavioral AI to identify and block zero-day attacks and vulnerabilities before they can be exploited. Virtual Patching and Exploit Shield works by: Identifying vulnerable applications and devices on the network Applying a virtual patch to vulnerable applications and devices Monitoring the applications and devices for any malicious activity Virtual Patching and Exploit Shield helps protect organizations against zero-day attacks and vulnerabilities. It complements traditional patching solutions and helps organizations reduce their attack surface. It also improves security posture. Here are some of the benefits of using SentinelOne Virtual Patching and Exploit Shield: Protects against zero-day attacks and vulnerabilities Reduces the attack surface Improves security posture Easy to deploy and manage Can be used with a variety of applications and devices
Senior Manager INFOSEC AND Risk ASSESSMENT Engineering at Atlas Systems
May 10, 2023
Hello community,  I am a Senior Manager at a medium-sized tech services company. I have a client who is trying to decide which solution would be the best for them. Can you please provide a technical comparison between CrowdStrike Falcon and SentinelOne Singularity Complete? Thank you for your help.
2 out of 3 answers
May 8, 2023
Hi ViJay - Are they open to other solutions as well?
Iñaki Martinez Urricelqui - PeerSpot reviewer
Threat Analysis Technology Risk & Cybersecurity Analyst II at a consultancy with 5,001-10,000 employees
May 9, 2023
I think both solutions are very good. https://blog.ithq.pro/sentinel... I leave you a comparison of this website made by users. https://www.peerspot.com/produ...
Owner at David Strom Inc.
Product Comparisons
Download Free Report
Download our FREE report comparing CrowdStrike Falcon and SentinelOne Singularity Complete based on reviews, features, and more! Updated: September 2023.
735,226 professionals have used our research since 2012.