Cyber Resilience

SentinelOne vs Kaspersky

07 April 2022 | ITHQ Tech Team

SentinelOne and Kaspersky Endpoint Protection Platforms make many shortlists, despite Kaspersky being a controversial contender. 

Kaspersky is banned across US government due to its links with the Russian government. It has also been reported to falsify malicious hashes in open source virus databases and has been at the centre of many controversies included executives being arrested for treason.

Despite all this, it continues to score well as an anti virus platform and has been responsible for identifying

several new malware variants. Notably, however, the malware they've discovered has always been linked to the US and European governments, further enhancing their reputation as a Russian state actor.

SentinelOne is far more balanced when it comes to malware discovery, pointing the finger of shame in all directions equally depending on the evidence.


Got questions about SentinelOne? Talk to an expert


SentinelOne also performed far better than Kaspersky in the MITRE ATT&CK APT29 2020 testing and places higher right on the Gartner Magic Quadrant.

However, if you're looking for an XDR solution and these two are on your list, here's a direct comparison page to help.


Endpoint Protection: Key considerations

  • Is it easy to deploy and manage?
  • Is it dependent on cloud command and control for detection and response?
  • How effective has it been against zero-day attacks?
  • Do you have feature parity across Windows, Mac and Linux?
  • How does it perform in real world test scenarios?
  • What do other customers say about it?


Comparison of Business Benefits and Features


kaspersky logo

SentinelOne logo
Business Benefits
Autonomous prevention, detection, and recovery from threats in real-time. Partial - legacy signatures but reliant on cloud
Fast Recovery
Yes - Can be automated or 1-click
OS freedom (Windows / Mac / Linux feature parity)
Yes Yes
Fewer alerts with more context
No Yes
AI-powered prevention, detection, response, and threat hunting. Yes - Cloud Threat Intelligence. Yes
API integration
Limited Yes
Scalability Yes - scalable management console. Yes - Support for containers and serverless workloads, especially Kubernetes dynamic workloads.
Higher accuracy across entire attack surface. No Yes - Consistent identification of tactics and techniques in the MITRE Phase 2 evaluations.
Centralised Visibility No - Disjointed solutions. Yes - full storyline.
Automation & Control Yes - Adaptive Anomaly Control. Yes - Automated mitigation options via the Storyline Active Response Capability.
Data analytics Yes No - SentinelOne does not have its own network security sources to add.

Collection and reporting of; inventory, config and policy management of endpoint devices.

No - significant policy tuning required. Yes

Mobile Threat Defence

Yes Yes

Ease of deployment

Yes - hybrid deployment model.

Yes - Excellent timeliness and quality of customer support.


AI across user endpoints, containers, cloud workloads, and IoT devices.

Yes - New IoT discovery and protection capabilities in its Ranger product.
Static & Behavioural AI
Partial - limited ML
Exploit protection Partial - legacy signatures
Yes + context
Lateral movement Partial - legacy signatures and OS events
Yes + context
Remediation Manual
Rollback Yes but no VSS - proprietary method
Integrated threat feeds Yes
Remote shell No
Device control Yes - unencrypted device discovery.
Yes - Device discovery via Ranger.
Firewall control USB - no Bluetooth control
Bluetooth control Yes Yes
Threat hunting
Cloud dependent
Yes - full storyline
Deep visibility Manual
Event Correlation Manual
Execution Restriction Yes - Dynamic allowlisting database. Yes
Vulnerability scanning Yes Yes - Priority list of vulnerable applications.
Security patching Yes Yes
Triage Manual Yes - Investigate in seconds with automated correlations and Storyline.
Disk Encryption Yes No - Missing add-on for fully featured DLP.






Industry and Peer Reviews

Gartner Peer Insights

kaspersky logo

Endpoint Security for Business

SentinelOne logo

Endpoint Protection Platform




Gartner Magic Quadrant for Endpoint Protection Platforms May 2021





Independent Testing




Scored good results in Telemetry


APT29 2020

Scored record results:

  • Least missed detections
  • Most high-quality detections
  • Most correlated detections
AA rating 2020
NSS labs Top ROI score and Recommended rating 2019
N/A VB100virus 99.8% block rate across Windows testing
Lowest number of false positives for the last 4 consecutive years.

100% protection against zero-day malware attacks on Windows


In top 10 vendors

Recognized for the commitment to pushing the boundaries of autonomous technology — delivering innovation at scale and speed, and shaping the endpoint market.

Lowest overall score PassMarkLogo

Performs better than several legacy AV products for the following:

  • Quickest boot time
  • Quickest install time
  • Smallest install size
  • Lowest CPU usage during scan





All prices calculated at per endpoint per month, for comparison purposes.

Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.

Correct at February 2021


Contact us for accurate pricing based on your specific requirements

SentinelOne logo

 Minimum purchase - 5 endpoints - only through ITHQ

Payment can be billed monthly - only through ITHQ

To achieve these prices below, minimum purchase 100 endpoints, billed annually.

Quote always required for accurate pricing

Core Control Complete
$4.16 $4.90 $9.00
Includes full advanced EDR
All Core features plus device, firewall and bluetooth control
All Control features plus threat hunting and deep visibility


kaspersky logo

Minimum purchase - 5 users

Payment always billed annually


Small Office Cloud Cloud Plus
Includes anti-spam, vulnerability scanning, and patch management All Standard features plus web controls, enhanced auditing and cloud discovery
All Advanced features plus device controls, cloud discovery blocking, and data discovery