Cyber Resilience

SentinelOne vs Cybereason

17 March 2022 | ITHQ Tech Team

SentinelOne and Cybereason Endpoint Protection Platforms perform many similar EDR tasks. Both businesses have offices in Boston and Israel and independent comparison sites such as PeerSpot (formerly IT Central Station) regularly pitch them against each other. Particularly because both of their platforms are renowned for streamlining threat hunting amongst their customer base.

Whilst SentinelOne is a Leader on Gartner's Magic Quadrant for Endpoint Protection, Cybereason has yet to feature. SentinelOne also performed far better than Cybereason in the MITRE ATT&CK APT29 2020 testing.

But perhaps the biggest difference between SentinelOne and Cybereason is price, with Cybereason starting at $50 per endpoint (according to our research) compared with $4.16 per endpoint for SentinelOne.

If you're looking for a next generation endpoint protection solution and these two are on your list, here's a direct comparison page to help.

 

Endpoint Protection: Key considerations

  • Is it easy to deploy and manage?
  • Is it dependent on cloud command and control for detection and response?
  • How effective has it been against zero-day attacks?
  • Do you have feature parity across Windows, Mac and Linux?
  • How does it perform in real world test scenarios?
  • What do other customers say about it?

 

Comparison of Business Benefits and Features

 

cybereason logo

SentinelOne logo
Business Benefits
Autonomous prevention, detection, and recovery from threats in real-time. Yes Yes
Fast Recovery
Yes - 1-click Yes - Can be automated or 1-click
OS freedom (Windows / Mac / Linux feature parity)
Yes - Supports Windows, Mac, Linux and mobile coverage. Yes
Fewer alerts with more context
No – Utilises MalOps, which increases the alerts and has varying context. Yes
AI-powered prevention, detection, response, and threat hunting. Yes
Yes
API integration
Yes - API and syslog data integration with G Suite and Office 365.
Yes
Scalability Yes - Support for containers with agentless protection in Kubernetes nodes. Yes - Support for containers and serverless workloads, especially Kubernetes dynamic workloads.
Higher accuracy across entire attack surface. No - Context digression. Yes - Consistent identification of tactics and techniques in the MITRE Phase 2 evaluations.
Centralised Visibility Yes - Threat investigations are aided by root cause analysis, visual investigations, automation and a custom detection capability. Yes - full storyline.
Automation & Control

Yes

Yes - Automated mitigation options via the Storyline Active Response Capability.
Data analytics

No - does not have additional telemetry sources, such as network or identity data.

No - SentinelOne does not have its own network security sources to add.

Collection and reporting of; inventory, config and policy management of endpoint devices.

No - Does not have config management or reporting.

Yes

Mobile Threat Defence

Yes

Yes

Ease of deployment

Yes

Yes - Excellent timeliness and quality of customer support.

Features

AI across user endpoints, containers, cloud workloads, and IoT devices.

Yes - AI hunting engine Yes - New IoT discovery and protection capabilities in its Ranger product.
Static & Behavioural AI
Limited - behavioural 'rules'
Yes
Exploit protection Limited - behavioural 'rules' Yes + context
Lateral movement Limited - behavioural 'rules' Yes + context
Remediation Yes - Options are automatically created and can be initiated from the console across all affected machines. Automated
Rollback No
Automated
Integrated threat feeds Yes
Yes
Remote shell Yes - Powershell
Yes
Device control Yes - deactivation or suspension of integrated accounts.
Yes - Device discovery via Ranger.
Firewall control Yes - Policy options for Microsoft personal firewall. Yes
Bluetooth control No
Yes
Threat hunting
Yes - Correlates both known malware and behavioural detections for unknown malware across multiple assets to show the full attack timeline.
Yes - full storyline
Deep visibility Yes - optional
Yes
Event Correlation Yes Yes
Execution Restriction No Yes
Vulnerability scanning No Yes - Priority list of vulnerable applications.
Security patching No Yes
Triage Yes - Quick triage actions such as; kill process, quarantine or isolate can be manual or automated. Yes - Investigate in seconds with automated correlations and Storyline.
Disk Encryption Yes No - Missing add-on for fully featured DLP.

 

Industry and Peer Reviews

Gartner Peer Insights

cybereason logo

XDR Platform

Vector_PRM

Singularity | XDR Platform

GartnerPeerInsightsCybereasonVs.SentinelOneCropped

 

 

Gartner Magic Quadrant for Endpoint Protection Platforms May 2021

 

GMQ_21_leaders_S1

 

Independent Testing

 

cybereason logo

TESTING BODY

Vector_PRM
Scored good results

Mitre no backgroundAPT29 2020

Scored record results:

  • Least missed detections
  • Most high-quality detections
  • Most correlated detections
Recommended rating
NSS labs Top ROI score and Recommended rating 2019
N/A VB100virus 99.8% block rate across Windows testing
Unknown 1

100% protection against zero-day malware attacks

Have not been certified since 2017. SentinelOne_SE_Labs_Best_Innovator_WINNER_2021

In top 10 vendors

Recognized for the commitment to pushing the boundaries of autonomous technology — delivering innovation at scale and speed, and shaping the endpoint market.

 N/A PassMarkLogo

Performs better than several legacy AV products for the following:

  • Quickest boot time
  • Quickest install time
  • Smallest install size
  • Lowest CPU usage during scan

 

 

Pricing

All prices calculated at per endpoint per month, for comparison purposes.

Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.

Correct at February 2021

 

Contact us for accurate pricing based on your specific requirements

 

SentinelOne logo

 Minimum purchase - 5 endpoints - only through ITHQ

Payment can be billed monthly - only through ITHQ

To achieve these prices below, minimum purchase 100 endpoints, billed annually.

Quote always required for accurate pricing

Core Control Complete
$4.16 $4.90 $9.00
Includes full advanced EDR
All Core features plus device, firewall and Bluetooth control
All Control features plus threat hunting and deep visibility

 

cybereason logo

Minimum purchase - not specified

Payment billed: not specified

Priced according to third party sources

Pro Enterprise Ultimate
$50 per endpoint
$POA
$POA
Includes NGAV and threat detection
All Pro features plus controls, EDR and threat hunting
All Enterprise features plus advanced endpoint response and cyber posture assessment

 

SentinelOne Get a Demo