London, UK | 020 3997 7979
SentinelOne or Carbon Black? Both platforms take a single-agent approach that meet multiple use cases to include EPP, EDR, threat hunting and remediation. Both also have innovator/visionary statuses (as of 2021) from independent comparisons.
SentinelOne is now a Leader on Gartner's Magic Quadrant whereas Carbon Black retains its Visionary status. This could be because Carbon Black is more of a NGAV platform, whereas SentinelOne delivers a full EPP.
This was highlighted in the recent MITRE ATT&CK APT 29 report, where Carbon Black missed 28 detections with SentinelOne only missing 7 (the lowest number of misses across all platforms tested).
If you're looking for a next generation endpoint protection solution and these two are on your long list, here's a direct comparison page to help.
 |
 |
|
| Business Benefits | ||
| Autonomous prevention, detection, and recovery from threats in real-time. | Yes - Leverages cloud-delivered threat intelligence and custom watchlists to automate repetitive hunts. | Yes |
| Fast Recovery |
Partial / Manual | Yes - Can be automated or 1-click |
| OS freedom (Windows / Mac / Linux feature parity) |
No feature parity | Yes |
| Fewer alerts with more context |
Tanzu Observability dependent - context includes both the metrics and traces. | Yes |
| AI-powered prevention, detection, response, and threat hunting. | Yes | Yes |
| API integration |
Yes - pull metrics from the Kubernetes APIs.
|
Yes |
| Scalability | Yes - scale to thousands of containers. | Yes - Support for containers and serverless workloads, especially Kubernetes dynamic workloads. |
| Higher accuracy across entire attack surface. | Yes - Visualise entire attack chain with corresponding easy-to-follow details to uncover root causes. | Yes - Consistent identification of tactics and techniques in the MITRE Phase 2 evaluations. |
| Centralised Visibility | Yes - single agent and console. | Yes - full storyline. |
| Automation & Control | Yes - VMWare uses Infrastructure as Code (IaC) so modifications are completely repeatable and can be processed automatically. | Yes - Automated mitigation options via the Storyline Active Response Capability. |
| Data analytics | Yes - Store detailed forensic data for post-incident investigation. | No - SentinelOne does not have its own network security sources to add. |
|
Collection and reporting of; inventory, config and policy management of endpoint devices. |
Yes - automate ongoing reporting on patch levels, user privileges, disk encryption status, and more to track and maintain a desired posture. | Yes |
|
Mobile Threat Defence |
No | Yes |
|
Ease of deployment |
Yes - Simplify deployment with out-of-the-box policies. |
Yes - Excellent timeliness and quality of customer support. |
| Features | ||
|
AI across user endpoints, containers, cloud workloads, and IoT devices. |
Yes |
Yes - New IoT discovery and protection capabilities in its Ranger product. |
| Static & Behavioural AI |
Yes - Consolidate threat intelligence for your environment to automatically detect suspicious behaviour. |
Yes |
| Exploit protection | Partial - cloud dependent. | Yes + context |
| Lateral movement | Yes- Isolate infected systems and remove malicious files to prevent lateral movement. | Yes + context |
| Remediation | Yes | Automated |
| Rollback |
No
|
Automated |
| Integrated threat feeds | Yes |
Yes |
| Remote shell | Yes - but limited command set. | Yes |
| Device control | Yes - Gain visibility into precise details about current state of all devices - on and off the network. |
Yes - Device discovery via Ranger. |
| Firewall control | Yes - Secure end-of-life systems with allowlisting policies. | Yes |
| Bluetooth control | No |
Yes |
| Threat hunting |
Yes |
Yes - full storyline |
| Deep visibility | Yes - distributed tracing via Tanzu Observability. | Yes |
| Event Correlation | Yes | Yes |
| Execution Restriction |
Yes - but false positives. |
Yes |
| Vulnerability scanning | Yes - built-in risk scoring. | Yes - Priority list of vulnerable applications. |
| Security patching | Yes | Yes |
| Triage | Yes - Gain alert coverage and threat triage across your entire deployment. | Yes - Investigate in seconds with automated correlations and Storyline. |
| Disk Encryption | Yes | No - Missing add-on for fully featured DLP. |
|
VMware Carbon Black EDR |
SentinelOne Endpoint Protection Platform by SentinelOne |
 |
TESTING BODY |
 |
| Scored good results in Telemetry |
APT29 2020 |
Scored record results:
|
| Top ROI score 2019 |
 |
Top ROI score and Recommended rating 2019 |
| N/A |  |
99.8% block rate across Windows testing |
| Only 1 false positive detection on Windows |  |
100% protection against zero-day malware attacks on Windows |
 |
 |
In top 10 vendors Recognized for the commitment to pushing the boundaries of autonomous technology — delivering innovation at scale and speed, and shaping the endpoint market. |
| N/A |  |
Performs better than several legacy AV products for the following:
|
All prices calculated at per endpoint per month, for comparison purposes.
Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.
Correct at February 2021
|
Minimum purchase - 5 endpoints - only through ITHQ Payment can be billed monthly - only through ITHQ To achieve these prices below, minimum purchase 100 endpoints, billed annually. Quote always required for accurate pricing |
||
| Core | Control | Complete |
| $4.16 | $4.90 | $9.00 |
| Includes full advanced EDR |
All Core features plus device, firewall and bluetooth control |
All Control features plus threat hunting and deep visibility |
|
Minimum purchase - 100 endpoints Payment always billed annually |
||
| Standard | Advanced | Enterprise |
| $2.50 |
$7.10 |
$11.70 |
| Includes NGAV and behavioural EDR only | All Standard features plus audit & remediation |
All Advanced features plus threat hunting & incident response |
