London, UK | 020 3997 7979
SentinelOne and Cybereason Endpoint Protection Platforms perform many similar EDR tasks. Both businesses have offices in Boston and Israel and independent comparison sites such as PeerSpot (formerly IT Central Station) regularly pitch them against each other. Particularly because both of their platforms are renowned for streamlining threat hunting amongst their customer base.
Whilst SentinelOne is a Leader on Gartner's Magic Quadrant for Endpoint Protection, Cybereason is a Visionary. SentinelOne also performed far better than Cybereason in the MITRE ATT&CK APT29 2020 testing.
But perhaps the biggest difference between SentinelOne and Cybereason is price, with Cybereason starting at $50 per endpoint (according to our research) compared with $4.16 per endpoint for SentinelOne.
If you're looking for a next generation endpoint protection solution and these two are on your list, here's a direct comparison page to help.
|
|
 |
|
| Business Benefits | ||
| Autonomous prevention, detection, and recovery from threats in real-time. | Yes | Yes |
| Fast Recovery |
Yes - 1-click | Yes - Can be automated or 1-click |
| OS freedom (Windows / Mac / Linux feature parity) |
Yes - Supports Windows, Mac, Linux and mobile coverage. | Yes |
| Fewer alerts with more context |
No – Utilises MalOps, which increases the alerts and has varying context. | Yes |
| AI-powered prevention, detection, response, and threat hunting. | Yes |
Yes |
| API integration |
Yes - API and syslog data integration with G Suite and Office 365. |
Yes |
| Scalability | Yes - Support for containers with agentless protection in Kubernetes nodes. | Yes - Support for containers and serverless workloads, especially Kubernetes dynamic workloads. |
| Higher accuracy across entire attack surface. | No - Context digression. | Yes - Consistent identification of tactics and techniques in the MITRE Phase 2 evaluations. |
| Centralised Visibility | Yes - Threat investigations are aided by root cause analysis, visual investigations, automation and a custom detection capability. | Yes - full storyline. |
| Automation & Control |
Yes |
Yes - Automated mitigation options via the Storyline Active Response Capability. |
| Data analytics |
No - does not have additional telemetry sources, such as network or identity data. |
No - SentinelOne does not have its own network security sources to add. |
|
Collection and reporting of; inventory, config and policy management of endpoint devices. |
No - Does not have config management or reporting. |
Yes |
|
Mobile Threat Defence |
Yes |
Yes |
|
Ease of deployment |
Yes |
Yes - Excellent timeliness and quality of customer support. |
| Features | ||
|
AI across user endpoints, containers, cloud workloads, and IoT devices. |
Yes - AI hunting engine | Yes - New IoT discovery and protection capabilities in its Ranger product. |
| Static & Behavioural AI |
Limited - behavioural 'rules' |
Yes |
| Exploit protection | Limited - behavioural 'rules' | Yes + context |
| Lateral movement | Limited - behavioural 'rules' | Yes + context |
| Remediation | Yes - Options are automatically created and can be initiated from the console across all affected machines. | Automated |
| Rollback | No |
Automated |
| Integrated threat feeds | Yes |
Yes |
| Remote shell | Yes - Powershell |
Yes |
| Device control | Yes - deactivation or suspension of integrated accounts. |
Yes - Device discovery via Ranger. |
| Firewall control | Yes - Policy options for Microsoft personal firewall. | Yes |
| Bluetooth control | No |
Yes |
| Threat hunting |
Yes - Correlates both known malware and behavioural detections for unknown malware across multiple assets to show the full attack timeline. |
Yes - full storyline |
| Deep visibility | Yes - optional |
Yes |
| Event Correlation | Yes | Yes |
| Execution Restriction | No | Yes |
| Vulnerability scanning | No | Yes - Priority list of vulnerable applications. |
| Security patching | No | Yes |
| Triage | Yes - Quick triage actions such as; kill process, quarantine or isolate can be manual or automated. | Yes - Investigate in seconds with automated correlations and Storyline. |
| Disk Encryption | Yes | No - Missing add-on for fully featured DLP. |
|
XDR Platform |
Singularity | XDR Platform |
 |
TESTING BODY |
 |
| Scored good results |
|
Scored record results:
|
| Recommended rating |
 |
Top ROI score and Recommended rating 2019 |
| N/A |  |
99.8% block rate across Windows testing |
| Unknown |  |
100% protection against zero-day malware attacks |
| Have not been certified since 2017. |  |
In top 10 vendors Recognized for the commitment to pushing the boundaries of autonomous technology — delivering innovation at scale and speed, and shaping the endpoint market. |
| N/A |  |
Performs better than several legacy AV products for the following:
|
All prices calculated at per endpoint per month, for comparison purposes.
Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.
Correct at February 2021
Contact us for accurate pricing based on your specific requirements
|
Minimum purchase - 5 endpoints - only through ITHQ Payment can be billed monthly - only through ITHQ To achieve these prices below, minimum purchase 100 endpoints, billed annually. Quote always required for accurate pricing |
||
| Core | Control | Complete |
| $4.16 | $4.90 | $9.00 |
| Includes full advanced EDR |
All Core features plus device, firewall and Bluetooth control |
All Control features plus threat hunting and deep visibility |
|
Minimum purchase - not specified Payment billed: not specified Priced according to third party sources |
||
| Pro | Enterprise | Ultimate |
| $50 per endpoint |
$POA |
$POA |
| Includes NGAV and threat detection |
All Pro features plus controls, EDR and threat hunting |
All Enterprise features plus advanced endpoint response and cyber posture assessment |
