Ron Dutta - PeerSpot reviewer
Director Information Technology at McCullough Robeertson Lawyers
  • 7
  • 153

What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?

Hi community members, 

I work as the Director of Information Technology at a legal firm and I'm looking at replacing our Symantec EDR with either SentinelOne or CrowdStrike but can't seem to get any balanced views other than those from each vendor.  

Currently, I'm doing a POC on both and am interested to know: has anyone already gone through the same dilemma and which solution did you end up with?


PeerSpot user
6 Answers
IT Security Coordinator at a healthcare company with 10,001+ employees
Real User
Top 5
Aug 18, 2021

We RFI/POC'd them all. 

Sentinel One came out on top for every aspect of the requirements that we needed to fulfill from our architect.

That said, CrowdStrike is a good tool as well but I think ends up being more expensive. The best bang for the buck was S1.

Product comparison that may be of interest to you
Managing Member at Pender & Associates
Real User
Top 5Leaderboard
Aug 20, 2021

Hi Ron - SentinelOne without a doubt - it has not been breached.

Steffen Hornung - PeerSpot reviewer
Administrator at Neuberger Gebäudeautomation GmbH
Real User
Top 5Leaderboard
Aug 19, 2021

We are currently in the process of looking for "new tools" in regards to endpoint security. We use McAfee at the moment and we lean more towards S1.

But I am interested how your POCs go. Please come back with some insight!

reviewer1653270 - PeerSpot reviewer
User at tiberium
Aug 19, 2021

It really depends what you want as outcomes, reporting integration with other security technologies. Be happy to discuss.

AJITH H G - PeerSpot reviewer
Modern Workspace Solution (Technical Specialist - Managing Consultant) at GFI India
Aug 19, 2021

BetterI would suggest moving it to Microsoft Defender for Endpoint, which will help more in feature.

AJITH H G - PeerSpot reviewer
Modern Workspace Solution (Technical Specialist - Managing Consultant) at GFI India
Aug 19, 2021

@Evgeny Belenky, I have deployed Microsoft Defender for Endpoint to 10 -12 customers and 5 of them as a replacement of CrowdSrtike.

EDR is also very accurate and easy to analyze.

For Defender, we just need to have ASR Policies defined for Block, Warn, Audit and Enable for the endpoint to action detection. Microsoft Defender for Endpoint comes with a vulnerability assessment as well. This will help remediate and keep a clean environment to avoid security attacks.

Microsoft365 is this unified tool that we can integrate with Cloud app, security Device policy and alerts.

PeerSpot user
Eric Rise - PeerSpot reviewer
Network & Security Engineer at a healthcare company with 51-200 employees
Real User
Top 5
Aug 18, 2021

S1 for sure. 

Disconnect Falcon from the internet and it looses its ability to do anything. Falcon is still a fine product, for EDR I'd go S1.

Find out what your peers are saying about CrowdStrike Falcon vs. SentinelOne and other solutions. Updated: November 2022.
653,522 professionals have used our research since 2012.
Related Questions
CIO & Information manager at a leisure / travel company with 501-1,000 employees
Apr 26, 2022
Hi peers,   I work as the CIO & Information Manager in the gaming and gambling industry. The company has 650 employees and >30.000 customers. I'm not able to find a study where Darktrace is compared against Crowdstrike Falcon (or other solutions for endpoint security, e.g. Sentinel One).  Can anyone help and share their insights?  Thanks, Regards from the Netherlands
See 2 answers
Consultant at a computer software company with 51-200 employees
Mar 31, 2022
Hi @reviewer1799568, Most of these comparisons are opinions and some tests are done in specific conditions that might not suit or reflect your organization's needs and roadmap. Ultimately, the cost of a mistake is a data breach and not just an audit finding or operational discomfort. I mention this because there are no viable shortcuts. I suggest you test the solutions thoroughly in your own environment to see what works for you. The gaming floor is hopefully "air-gapped" and the solution should respect that segregation and still provide great security and visibility. One of the challenges is security updates. For such an environment you would need comprehensive AI and machine learning. I suggest you look at the difference between IOC and IOA. IOA vs IOC: Defining & Understanding The Differences | CrowdStrike. (Please also check other sources). Good luck and stay safe!  
Partner Account Manager 🔆 at SEC DataCom A/S
Apr 26, 2022
Hi. I am told that Darktrace is a complimentary product that doesn't do any endpoint protection.
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Dec 6, 2021
How does Crodwstrike Falcon compare with Sophos Intercept X? Which is better and why?
See 1 answer
Janet Staver - PeerSpot reviewer
Tech Blogger
Dec 6, 2021
I like that Crowdstrike Falcon allows me to easily correlate data between my firewalls. Its detection and machine learning are very valuable features. Crowdstrike Falcon also successfully prevents malware in real time. I find that Crowdstrike Falcon’s dashboard is very user-friendly; Information is easy to find because of how it is presented and everything is linkable. Stability is fantastic and so is the scalability. You can easily create several endpoints without any issues. In terms of pricing, Crowdstrike Falcon is reasonable for all that it has to offer. I don’t personally have experience using their technical support, so I can’t speak for that. Even though Crowdstrike has a well-recognized reputation, I think Sophos Intercept X is the most secure endpoint product out there for many reasons. Sophos Intercept X is easy to manage, simple to deploy, and catches everything, which I can personally attest to because I have run simulations against Sophos and other products, with Sophos always coming out on top. It successfully detects malware and protects against ransomware. Whatsmore is that Sophos Intercept X has a data loss feature that allows you to monitor and detect whether users are insecurely sharing information. Depending on which industry you are in, this can be especially helpful, if not very much necessary (for example, in the healthcare industry) to ensure company resources are safe and sensitive data and information aren’t compromised or exposed to malicious software. In addition, my experience with customer service has always been great. Conclusion: If you have to choose between the two, I would suggest Sophos Intercept X, since I have been using it for years and have found it to be extremely reliable, responsive, and have had no issues with the software. Especially considering its price, the product is definitely worth it.
davidstrom - PeerSpot reviewer
Owner at David Strom Inc.
Download Free Report
Download our FREE report comparing CrowdStrike Falcon and SentinelOne based on reviews, features, and more! Updated: November 2022.
653,522 professionals have used our research since 2012.