IT Central Station is now PeerSpot: Here's why

What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?

Ron Dutta - PeerSpot reviewer
Director Information Technology at McCullough Robeertson Lawyers

Hi community members, 

I work as the Director of Information Technology at a legal firm and I'm looking at replacing our Symantec EDR with either SentinelOne or CrowdStrike but can't seem to get any balanced views other than those from each vendor.  

Currently, I'm doing a POC on both and am interested to know: has anyone already gone through the same dilemma and which solution did you end up with?


PeerSpot user
68 Answers

ITSecuri7cfd - PeerSpot reviewer
Top 5Real User

We RFI/POC'd them all. 

Sentinel One came out on top for every aspect of the requirements that we needed to fulfill from our architect.

That said, CrowdStrike is a good tool as well but I think ends up being more expensive. The best bang for the buck was S1.

Steve Pender - PeerSpot reviewer
Top 5LeaderboardReal User

Hi Ron - SentinelOne without a doubt - it has not been breached.

Steffen Hornung - PeerSpot reviewer
Top 5LeaderboardReal User

We are currently in the process of looking for "new tools" in regards to endpoint security. We use McAfee at the moment and we lean more towards S1.

But I am interested how your POCs go. Please come back with some insight!

reviewer1653270 - PeerSpot reviewer

It really depends what you want as outcomes, reporting integration with other security technologies. Be happy to discuss.

AJITH H G - PeerSpot reviewer

BetterI would suggest moving it to Microsoft Defender for Endpoint, which will help more in feature.

Evgeny Belenky - PeerSpot reviewerEvgeny Belenky
Community Manager

@AJITH H G, can you please explain "why"?

AJITH H G - PeerSpot reviewerAJITH H G

@Evgeny Belenky, I have deployed Microsoft Defender for Endpoint to 10 -12 customers and 5 of them as a replacement of CrowdSrtike.

EDR is also very accurate and easy to analyze.

For Defender, we just need to have ASR Policies defined for Block, Warn, Audit and Enable for the endpoint to action detection. Microsoft Defender for Endpoint comes with a vulnerability assessment as well. This will help remediate and keep a clean environment to avoid security attacks.

Microsoft365 is this unified tool that we can integrate with Cloud app, security Device policy and alerts.

Eric Rise - PeerSpot reviewer
Top 5Real User

S1 for sure. 

Disconnect Falcon from the internet and it looses its ability to do anything. Falcon is still a fine product, for EDR I'd go S1.

Buyer's Guide
CrowdStrike Falcon vs. SentinelOne
May 2022
Find out what your peers are saying about CrowdStrike Falcon vs. SentinelOne and other solutions. Updated: May 2022.
609,272 professionals have used our research since 2012.