Which is better - SentinelOne or Darktrace?


Content Manager at PeerSpot (formerly IT Central Station)
  • 7
  • 1212
PeerSpot user
7 Answers
Janet Staver - PeerSpot reviewer
Tech Blogger
Real User
Top 5
Oct 28, 2021

Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organizations who have limited security resources but still need deep insights into threats and network intrusions. Darktrace also has an invaluable feature that produces weekly reports.

A unique feature Darktrace has to its name is its use of artificial intelligence for cybersecurity and machine learning capabilities. Darktrace is able to successfully detect threats over networks before it's even possible for them to spread. In addition, it notifies you with all the threat details. Although Darktrace is geared toward smaller-sized organizations, it does come with a hefty cost. The cost increases as the number of products that need to be monitored increases.

SentinelOne is a great product and effective for mitigating threats. It allows you to have granular control over your environments and your endpoints. SentinelOne has a central management console. It also provides insight into lateral movement threats, by gathering data from anything that happens to be related to the security of an endpoint. Another SentinelOne feature that’s fantastic is their one-click automation remediation, along with rollback for restoring an endpoint, which can often be very helpful.

SentinelOne is also known for its ability to decrease incident response time and has deep visibility that comes in handy quite often. However, the dashboard design isn’t wonderful. In contrast to Darktrace though, SentinelOne is efficient because minimal administrative support is required, and it offers a lot for a solution that is cost-effective.


While both SentinelOne and Darktrace boast many beneficial features, one outweighs the other when it comes to price. If Darktrace is within your budget, I would recommend it. But if not, SentinelOne is a great solution that makes a lot of sense.

Product comparison that may be of interest to you
VP of Marketing at CyGlass
Nov 8, 2021

You should not compare SentinelOne to Darktrace - they solve completely different problems. These types of questions show the ongoing challenges in cybersecurity. As written below, SentinelOne is an Endpoint Detection and Response tool. It is to protect a laptop or workstation from an attack. EDR is a core requirement for cyber defense.

Darktrace is a network detection and response tool. NDR tools detect attacks occurring against the network. NDR is also a core requirement for cyber defense.

Regardless of the quality of either tool, you need to cover both your endpoint and your network. So if you decide one is better and choose it, you remain vulnerable to attack. 

Cover your endpoint only, and I am going to hit you with an attack on your network. Cover your network only, and I will get you via an endpoint.

EDR tools - SentinelOne, Cybereason, CrowdStrike, Carbon Black to name a few.

NDR tools - Darktrace, Vectra, ExtraHop, Cyglass to name a few.

Comparisons of these tools by category would be more valuable.

IT Security Coordinator at a healthcare company with 10,001+ employees
Real User
Top 5
Nov 5, 2021

An easy answer for me - pretty much exactly what @Janet Staver described. 

DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew. 

S1 is an endpoint tool with deep inspection, a central console, and is cost-effective.

Mar 23, 2022

I have done a POC with Darktrace three different times at different orgs.  

They are actually a borderline scam company. On each POC, I set up tests that even a free install of Suricata could detect. DT failed to detect anything in each case.  

The other thing is that they call their alerts breaches. This is a BAD idea and they would not listen to reason on this. They will send out young, good-looking salespeople, but by the time you are done with your POC, they will be gone and replaced by someone else.  

Their sales engineers are too young to have any experience with a security issue you may be dealing with. And I suspect after a few POCs they see that this does not work, at all, and leave!  Stay away from Darktrace!

Director, Product Marketing at SentinelOne
Real User
Jan 11, 2022

Full disclosure:  obviously, I work at SentinelOne.  

I did want to clarify that the SentinelOne Singularity Platform does include both EDR and NDR - different modules, operated from the same management console.  

Singularity Ranger finds and fingerprints devices connected to your network, for real-time inventory.  Any unsecured endpoint is flagged, and can even be automatically secured via a p2p EDR agent deployment.  

Device comms are monitored, and suspicious devices can be isolated from your network with a click.  Ranger is one of our more popular solutions, and we have even more modules for the  Singularity Platform, such as hybrid cloud workload protection.  OK, that's all.  The marketing guy wants to be respectful here.

IT Manager at a construction company with 201-500 employees
Real User
Dec 6, 2021

You can't compare these two solutions - they are different. 

SentinelOne is an EDR similar to known EDRs (Sophos, Sandblast, CrowdStrike, Palo Alto XDR, etc.). 

You need an agent to install to the endpoint to manage. You can integrate via API if you want to integrate to existing networks like Clearpass and micro-segmentation software like Guardicore. 

Darktrace is an AI-based tool to analyze traffic for known cyber threats from the network level without any agent. Either mirror the port or redirect traffic from VLAN to the Darktrace sensor. The sensor notifies you if any devices are newly discovered to the network, or new users access the particular device. You can block that traffic or device to mobile devices or web UI. In addition, Darktrace also has a module to integrate to SaS like the Office365 email.

Nicholas Arraje - PeerSpot reviewer
Regional Sales Director at Bricata
Nov 8, 2021

Both @Janet Staver ​and @ITSecuri7cfd are spot on.  

As a security vendor, like ITSecuri7cfd points out, one tool is for the endpoint and one tool is for the network side.  

If you looking for an EDR tool, you should look to compare solutions from Carbon Black, Crowdstrike, etc.  

As for Darktrace, they are classified as an NDR tool. Within the NDR market, there are essentially 2 types of solutions; tools for smaller organizations that have limited resources and tools that are designed for organizations that have SOC teams that need better visibility and data. 

If you want to learn more about NDR solutions in general we have written an ebook called "What to look for in an NDR platform": https://bricata.com/wp-content...

Related Questions
Solutions Architect at IT Solution Factor Sp. z o.o.
May 24, 2023
Good morning, I am looking for information on SentinelOne products. Can anyone tell me if workstation and server protection products implement a Virtual Patching functionality in the context of protection against vulnerabilities or implement Virtual Patching in a different way? Please provide any information on this. This information is necessary for me to make a decision on the selection of t...
Senior Manager INFOSEC AND Risk ASSESSMENT Engineering at a tech services company with 201-500 employees
May 10, 2023
Hello community,  I am a Senior Manager at a medium-sized tech services company. I have a client who is trying to decide which solution would be the best for them. Can you please provide a technical comparison between CrowdStrike Falcon and SentinelOne Singularity Complete? Thank you for your help.
2 out of 3 answers
May 8, 2023
Hi ViJay - Are they open to other solutions as well?
Iñaki Martinez Urricelqui - PeerSpot reviewer
Threat Analysis Technology Risk & Cybersecurity Analyst II at a consultancy with 5,001-10,000 employees
May 9, 2023
I think both solutions are very good. https://blog.ithq.pro/sentinel... I leave you a comparison of this website made by users. https://www.peerspot.com/produ...
Related Articles
Content Strategist at PeerSpot
Sep 11, 2022
Enterprises are increasingly facing multiple network monitoring challenges, like tracking, monitoring, and improving network performance. Addressing these challenges with a Network Traffic Analysis (NTA) solution helps an organization avoid various network monitoring challenges with proactive strategies. PeerSpot real users of Network Traffic Analysis note the advantages of this type of solut...
Content Strategist at PeerSpot
Sep 8, 2022
Network Traffic Analysis (NTA) monitors network availability and activity. It can identify anomalies, including security and operational issues. It uses network communications to detect and investigate security threats as well as malicious or anomalous behaviors within the network. It uses a combination of behavioral modeling, machine learning, and rule-based detection. This helps to create a...
Content Manager at PeerSpot (formerly IT Central Station)
Apr 6, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Network Detection and Response (ND...
Product Comparisons
Related Articles
Content Strategist at PeerSpot
Sep 11, 2022
3 Non-Traditional ROIs for a Network Traffic Analysis Solution
Enterprises are increasingly facing multiple network monitoring challenges, like tracking, moni...
Content Strategist at PeerSpot
Sep 8, 2022
5 Challenges that Can be Solved with Network Traffic Analysis (NTA)
Network Traffic Analysis (NTA) monitors network availability and activity. It can identify anom...