Cyber Resilience

SentinelOne vs Crowdstrike

18 March 2022 | ITHQ Tech Team

 


SentinelOne and Crowdstrike are hot competitors, often coming up against each other on short lists. Which is right for you?

If you're looking for an EDR solution that excels at every aspect of malware detection, isolation, defeat and rollback, SentinelOne delivers with bells on.

This was highlighted in the recent MITRE ATT&CK APT 29 report, where Crowdstrike missed 19 detections with SentinelOne only missing 7 (the lowest number of misses across all platforms tested).

Crowdstrike is definitely almost as good when it comes to next generation endpoint protection solution. This is apparent in the Gartner Peer Insights reviews, where both vendors score a high 4.9 stars in overall rating.

SentinelOne wins on features, as you'll see in the first table, and also on feature parity across  Windows, macOS, Linux, proactive network attack surface control and cloud workload protection for VMs and containers, including Kubernetes.

Crowdstrike's threat hunting and deep visibility is dependent on an elite team to monitor and detect malicious activity. SentinelOne uses AI for this with a standard rule set, rather than relying on humans with potentially different perspectives.

SentinelOne pricing is also lower with monthly payment options, whereas Crowdstrike always push for multi-year contracts. This can raise the question, 'are Crowdstrike afraid of losing customers?' 

Take a look at this full like-for-like comparison page to help you on the next stage of your EDR selection.

I want to discuss endpoint protection

 

Endpoint Protection: Key considerations

  • Is it easy to deploy and manage?
  • Is it dependent on cloud command and control for detection and response?
  • How effective has it been against zero-day attacks?
  • Do you have feature parity across Windows, Mac and Linux?
  • How does it perform in real world test scenarios?
  • What do other customers say about it?

 

Comparison of Business Benefits and Features

 

CrowdstrikeLogo22

SentinelOne logo
Business Benefits
Autonomous prevention, detection, and recovery from threats in real-time. Yes
Yes
Fast Recovery
Manual Yes - Can be automated or 1-click
OS freedom (Windows / Mac / Linux feature parity)
Yes, but the MacOS & Linux version lacks detection capabilities & feature parity Yes
Fewer alerts with more context
Overwatch dependent (leads to increased dwell time)
Yes
AI-powered prevention, detection, response, and threat hunting. Yes Yes
API integration
Yes Yes
Scalability Yes - cloud-scale data Yes - Support for containers and serverless workloads, especially Kubernetes dynamic workloads.
Higher accuracy across entire attack surface. Yes - easy-to-grasp process trees Yes - Consistent identification of tactics and techniques in the MITRE Phase 2 evaluations.
Centralised Visibility Yes - in-real-time Yes - full storyline.
Automation & Control Yes - enable DevOps via Falcon Cloud Workload Protection. Yes - Automated mitigation options via the Storyline Active Response Capability.
Data analytics Yes - Falcon X threat intelligence and Threat graph cloud-based data analytics. No - SentinelOne does not have its own network security sources to add.

Collection and reporting of; inventory, config and policy management of endpoint devices.

Yes Yes

Mobile Threat Defence

Yes Yes

Ease of deployment

 Yes - Single agent

Yes - Excellent timeliness and quality of customer support.

Features

AI across user endpoints, containers, cloud workloads, and IoT devices.

Yes
Yes - New IoT discovery and protection capabilities in its Ranger product.
Static & Behavioural AI
Yes
Yes
Exploit protection Yes Yes + context
Lateral movement Yes Yes + context
Remediation Manual Automated
Rollback Yes - pre-intrusion state
Automated
Integrated threat feeds Yes
Yes
Remote shell Yes - but limited command set Yes
Device control USB only
Yes - Device discovery via Ranger.
Firewall control Yes
Yes
Bluetooth control No
Yes
Threat hunting
Yes
Yes - full storyline
Deep visibility Overwatch reliant - SEARCH Methodology
Yes
Event Correlation Yes - Threat Graph Yes
Execution Restriction Yes - via Falcon Identity Threat Protection. Yes
Vulnerability scanning Yes Yes - Priority list of vulnerable applications.
Security patching Manual Yes
Triage Yes Yes - Investigate in seconds with automated correlations and Storyline.
Disk Encryption Yes - Breach Prevention Warranty No - Missing add-on for fully featured DLP.

 

Industry and Peer Reviews

Gartner Peer Insights

CrowdstrikeLogo22

Falcon by Crowdstrike

SentinelOne logo

Endpoint Protection Platform by SentinelOne

SentinelOneVsCrowdstrikeGartnerPeerInsights

 

Gartner Magic Quadrant for Endpoint Protection Platforms May 2021

 

S1GMQ21

 

 

Independent Testing

 

CrowdstrikeLogo22

 

TESTING BODY

Vector_PRM
Provided coverage across the entire attack chain

Mitre no background

APT29 2020

Scored record results:

  • Least missed detections
  • Most high-quality detections
  • Most correlated detections
Top ROI score 2019
NSS labs Top ROI score and Recommended rating 2019
Unknown VB100virus 99.8% block rate across Windows testing

MacOS only

Zero false positives

1

100% protection against zero-day malware attacks on Windows

AAA Award for Performance

99% Total accuracy

SentinelOne_SE_Labs_Best_Innovator_WINNER_2021

In top 10 vendors

Recognized for the commitment to pushing the boundaries of autonomous technology — delivering innovation at scale and speed, and shaping the endpoint market.

N/A  PassMarkLogo

Performs better than several legacy AV products for the following:

  • Quickest boot time
  • Quickest install time
  • Smallest install size
  • Lowest CPU usage during scan

 

 

Pricing

All prices calculated at per endpoint per month, for comparison purposes.

Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.

Correct at February 2021

 

Contact us for accurate pricing based on your specific requirements

SentinelOne logo

 Minimum purchase - 5 endpoints - only through ITHQ

Payment can be billed monthly - only through ITHQ

To achieve these prices below, minimum purchase 100 endpoints, billed annually.

Quote always required for accurate pricing

Core Control Complete
$4.16 $4.90 $9.00
Includes full advanced EDR
All Core features plus device, firewall and bluetooth control
All Control features plus threat hunting and deep visibility

 

CrowdstrikeLogo22

Pricing includes all indicated bundle components for

5-250 endpoints per month.

Billed annually. 

Falcon Pro
Falcon Enterprise

Falcon

Premium

Falcon

Complete

$8.99
$15.99
$POA
$POA

Includes Prevent only

Includes Prevent & EDR
Includes Prevent, EDR & Discover
Includes MDR & Breach Prevention Warranty
Including all features
$29 per endpoint per month (approx.)

Falcon X Threat Intelligence

$2.08 / endpoint / month

Falcon Prevent NGAV

$4.99 / endpoint / month

Falcon Host Firewall Management

$POA / endpoint / month

Falcon Overwatch Threat Hunting

$4.99 / endpoint / month

30 Day Data Retention

$1.30 / endpoint / month

 

 

New call-to-action