IT Central Station is now PeerSpot: Here's why

Which is better - SentinelOne or Darktrace?

Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)


PeerSpot user
77 Answers

William Munroe - PeerSpot reviewer

You should not compare SentinelOne to Darktrace - they solve completely different problems. These types of questions show the ongoing challenges in cybersecurity. As written below, SentinelOne is an Endpoint Detection and Response tool. It is to protect a laptop or workstation from an attack. EDR is a core requirement for cyber defense.

Darktrace is a network detection and response tool. NDR tools detect attacks occurring against the network. NDR is also a core requirement for cyber defense.

Regardless of the quality of either tool, you need to cover both your endpoint and your network. So if you decide one is better and choose it, you remain vulnerable to attack. 

Cover your endpoint only, and I am going to hit you with an attack on your network. Cover your network only, and I will get you via an endpoint.

EDR tools - SentinelOne, Cybereason, CrowdStrike, Carbon Black to name a few.

NDR tools - Darktrace, Vectra, ExtraHop, Cyglass to name a few.

Comparisons of these tools by category would be more valuable.

ITSecuri7cfd - PeerSpot reviewer
Top 5Real User

An easy answer for me - pretty much exactly what @Janet Staver described. 

DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew. 

S1 is an endpoint tool with deep inspection, a central console, and is cost-effective.

reviewer1815327 - PeerSpot reviewer

I have done a POC with Darktrace three different times at different orgs.  

They are actually a borderline scam company. On each POC, I set up tests that even a free install of Suricata could detect. DT failed to detect anything in each case.  

The other thing is that they call their alerts breaches. This is a BAD idea and they would not listen to reason on this. They will send out young, good-looking salespeople, but by the time you are done with your POC, they will be gone and replaced by someone else.  

Their sales engineers are too young to have any experience with a security issue you may be dealing with. And I suspect after a few POCs they see that this does not work, at all, and leave!  Stay away from Darktrace!

Rick Bosworth S1 - PeerSpot reviewer
Real User

Full disclosure:  obviously, I work at SentinelOne.  

I did want to clarify that the SentinelOne Singularity Platform does include both EDR and NDR - different modules, operated from the same management console.  

Singularity Ranger finds and fingerprints devices connected to your network, for real-time inventory.  Any unsecured endpoint is flagged, and can even be automatically secured via a p2p EDR agent deployment.  

Device comms are monitored, and suspicious devices can be isolated from your network with a click.  Ranger is one of our more popular solutions, and we have even more modules for the  Singularity Platform, such as hybrid cloud workload protection.  OK, that's all.  The marketing guy wants to be respectful here.

reviewer1364232 - PeerSpot reviewer
Top 20Real User

You can't compare these two solutions - they are different. 

SentinelOne is an EDR similar to known EDRs (Sophos, Sandblast, CrowdStrike, Palo Alto XDR, etc.). 

You need an agent to install to the endpoint to manage. You can integrate via API if you want to integrate to existing networks like Clearpass and micro-segmentation software like Guardicore. 

Darktrace is an AI-based tool to analyze traffic for known cyber threats from the network level without any agent. Either mirror the port or redirect traffic from VLAN to the Darktrace sensor. The sensor notifies you if any devices are newly discovered to the network, or new users access the particular device. You can block that traffic or device to mobile devices or web UI. In addition, Darktrace also has a module to integrate to SaS like the Office365 email.

Nicholas Arraje - PeerSpot reviewer
Top 20Vendor

Both @Janet Staver ​and @ITSecuri7cfd are spot on.  

As a security vendor, like ITSecuri7cfd points out, one tool is for the endpoint and one tool is for the network side.  

If you looking for an EDR tool, you should look to compare solutions from Carbon Black, Crowdstrike, etc.  

As for Darktrace, they are classified as an NDR tool. Within the NDR market, there are essentially 2 types of solutions; tools for smaller organizations that have limited resources and tools that are designed for organizations that have SOC teams that need better visibility and data. 

If you want to learn more about NDR solutions in general we have written an ebook called "What to look for in an NDR platform":

Buyer's Guide
Endpoint Protection for Business (EPP)
June 2022
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Protection for Business (EPP). Updated: June 2022.
610,190 professionals have used our research since 2012.