SentinelOne vs Crowdstrike

SentinelOne and Crowdstrike are hot competitors, often coming up against each other on short lists. Which is right for you?

If you're looking for an EDR solution that excels at every aspect of malware detection, isolation, defeat and rollback, SentinelOne delivers with bells on.

This was highlighted in the recent MITRE ATT&CK APT 29 report, where Crowdstrike missed 19 detections with SentinelOne only missing 7 (the lowest number of misses across all platforms tested).

Crowdstrike is definitely almost as good when it comes to next generation endpoint protection solution. This is apparent in the Gartner Peer Insights reviews, where both vendors score a high 4.9 stars in overall rating.

SentinelOne wins on features, as you'll see in the first table, and also on feature parity across  Windows, macOS, Linux, proactive network attack surface control and cloud workload protection for VMs and containers, including Kubernetes.

Crowdstrike's threat hunting and deep visibility is dependent on an elite team to monitor and detect malicious activity. SentinelOne uses AI for this with a standard rule set, rather than relying on humans with potentially different perspectives.

SentinelOne pricing is also lower with monthly payment options, whereas Crowdstrike always push for multi-year contracts. This can raise the question, 'are Crowdstrike afraid of losing customers?' 

Take a look at this full like-for-like comparison page to help you on the next stage of your EDR selection.

Endpoint Protection: Key considerations

• Is it easy to deploy and manage?
• Is it dependent on cloud command and control for detection and response?
• How effective has it been against zero-day attacks?
• Do you have feature parity across Windows, Mac and Linux?
• How does it perform in real world test scenarios?
• What do other customers say about it?

Comparison of Business Benefits and Features

Business Benefits
Autonomous prevention, detection, and recovery from threats in real-time.	Yes	Yes
Fast Recovery	Manual	Yes - Can be automated or 1-click
OS freedom (Windows / Mac / Linux feature parity)	Yes, but the MacOS & Linux version lacks detection capabilities & feature parity	Yes
Fewer alerts with more context	Overwatch dependent (leads to increased dwell time)	Yes
AI-powered prevention, detection, response, and threat hunting.	Yes	Yes
API integration	Yes	Yes
Scalability	Yes - cloud-scale data	Yes - Support for containers and serverless workloads, especially Kubernetes dynamic workloads.
Higher accuracy across entire attack surface.	Yes - easy-to-grasp process trees	Yes - Consistent identification of tactics and techniques in the MITRE Phase 2 evaluations.
Centralised Visibility	Yes - in-real-time	Yes - full storyline.
Automation & Control	Yes - enable DevOps via Falcon Cloud Workload Protection.	Yes - Automated mitigation options via the Storyline Active Response Capability.
Data analytics	Yes - Falcon X threat intelligence and Threat graph cloud-based data analytics.	No - SentinelOne does not have its own network security sources to add.
Collection and reporting of; inventory, config and policy management of endpoint devices.	Yes	Yes
Mobile Threat Defence	Yes	Yes
Ease of deployment	Yes - Single agent	Yes - Excellent timeliness and quality of customer support.
Features
AI across user endpoints, containers, cloud workloads, and IoT devices.	Yes	Yes - New IoT discovery and protection capabilities in its Ranger product.
Static & Behavioural AI	Yes	Yes
Exploit protection	Yes	Yes + context
Lateral movement	Yes	Yes + context
Remediation	Manual	Automated
Rollback	Yes - pre-intrusion state	Automated
Integrated threat feeds	Yes	Yes
Remote shell	Yes - but limited command set	Yes
Device control	USB only	Yes - Device discovery via Ranger.
Firewall control	Yes	Yes
Bluetooth control	No	Yes
Threat hunting	Yes	Yes - full storyline
Deep visibility	Overwatch reliant - SEARCH Methodology	Yes
Event Correlation	Yes - Threat Graph	Yes
Execution Restriction	Yes - via Falcon Identity Threat Protection.	Yes
Vulnerability scanning	Yes	Yes - Priority list of vulnerable applications.
Security patching	Manual	Yes
Triage	Yes	Yes - Investigate in seconds with automated correlations and Storyline.
Disk Encryption	Yes - Breach Prevention Warranty	No - Missing add-on for fully featured DLP.

Industry and Peer Reviews

Gartner Peer Insights

Gartner Magic Quadrant for Endpoint Protection Platforms May 2021

Independent Testing

	TESTING BODY
Provided coverage across the entire attack chain	APT29 2020	Scored record results: Least missed detections Most high-quality detections Most correlated detections
Top ROI score 2019		Top ROI score and Recommended rating 2019
Unknown		99.8% block rate across Windows testing
MacOS only Zero false positives		100% protection against zero-day malware attacks on Windows
AAA Award for Performance 99% Total accuracy		In top 10 vendors Recognized for the commitment to pushing the boundaries of autonomous technology — delivering innovation at scale and speed, and shaping the endpoint market.
N/A		Performs better than several legacy AV products for the following: Quickest boot time Quickest install time Smallest install size Lowest CPU usage during scan

Pricing

All prices calculated at per endpoint per month, for comparison purposes.

Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.

Correct at February 2021

Pricing includes all indicated bundle components for 5-250 endpoints per month. Billed annually.
Falcon Pro	Falcon Enterprise	Falcon Premium	Falcon Complete
$8.99	$15.99	$POA	$POA
Includes Prevent only	Includes Prevent & EDR	Includes Prevent, EDR & Discover	Includes MDR & Breach Prevention Warranty
Including all features
$29 per endpoint per month (approx.)
Falcon X Threat Intelligence		$2.08 / endpoint / month
Falcon Prevent NGAV		$4.99 / endpoint / month
Falcon Host Firewall Management		$POA / endpoint / month
Falcon Overwatch Threat Hunting		$4.99 / endpoint / month
30 Day Data Retention		$1.30 / endpoint / month