SentinelOne vs McAfee

29 October 2020 | ITHQ Tech Team

 


Got SentinelOne and McAfee on your shortlist for endpoint protection? We've put together this like-for-like comparison to help you decide which platform is best for your business.

McAfee may be an established name, but is it the best for EDR?

Established in 1987, McAfee is a long standing name in AV software. Down as a visionary on Gartner's Magic Quadrant, its endpoint protection tools, nevertheless, stand against stiff competition in today's autonomous cyber security space.

McAfee now includes threat defense and response as part of its MVISION suite of cloud and device security products. However, their EDR is still heavily reliant on signatures for detection on the endpoint, and cloud look ups when those fail.

There is only 7-day data storage by default, which can be extended to 90-day at extra cost. They appear to be heavily promoting MVISION as a complete CASB solution, rather than making it simple to buy EDR alone so flexibility of choice here does seem limited.

Essentially, McAfee is a legacy AV company at heart. It has come a long way, but how does it stand up against built-for-today ActiveEDR?

 

SentinelOne: resetting standards for endpoint protection

SentinelOne is rapidly becoming synonymous with unbeatable endpoint protection, as its record-breaking MITRE ATT&CK APT29 2020 test showed and its 100% Total Accuracy Rating by SE Labs.

They are Gartner Magic Quadrant Leaders and making waves in further testing, as the table below shows. It is competitively and transparently priced, whilst Defender for Endpoint is more expensive and subject to Microsoft's complex licensing.

SentinelOne has published some seriously impressive video proof of its capabilities, not least where it defeats Maze ransomware in under two minutes. The platform also comes with a built-in ransomware warranty of up to $1 million - a warranty that has never been claimed.

If you're looking for a next generation endpoint protection solution and need help creating a shortlist, here's a direct comparison page to help.

 

Endpoint Protection: Key considerations

  • Is it easy to deploy and manage?
  • Is it dependent on cloud command and control for detection and response?
  • How effective has it been against zero-day attacks?
  • Do you have feature parity across Windows, Mac and Linux?
  • How does it perform in real world test scenarios?
  • What do other customers say about it?

 

Comparison of Business Benefits and Features

 

 

McAfee logo

SentinelOne logo
Business Benefits
Autonomous Protection and Response

Partial – dependent on signatures and cloud connectivity

Yes
Fast Recovery
Partial - varies across components / modules
Can be automated or 1-click
OS freedom (Windows / Mac / Linux feature parity)
Yes Yes
Fewer alerts with more context
Varies across deployments / based on integrations
Yes
Threat hunting
Manual
Yes - full storyline
API integration Graph & Rest - partial
Yes
Features
On-device AI
No - signatures
Yes
On-device behavioural AI
Limited to OS events
Yes
Exploit protection
Limited Yes + context
Lateral movement Through firewall rules
Yes + context
Remediation
Manual / Limited
Automated
Rollback No
Automated
Integrated threat feeds Partial - requires complex tie up between MVISION, and TIE (Threat Intel Exchange)
Yes
Remote shell
No
Yes
Device control
Yes
Yes
Firewall control Yes Yes
Bluetooth control Yes
Yes
Threat hunting
Partial - requires MVISION, ePO and SIEM integration
Yes - full storyline
Deep visibility No
Yes

 

Industry and Peer Reviews

 

Gartner Peer Insights

 

McAfee logo

Threat Defense & Response

SentinelOne logo

Endpoint Protection Platform

 

SentinelOne vs McAfee Gartner Peer Insights

 

 

 

Gartner Magic Quadrant for Endpoint Protection Platforms

May 2021 - full report here

 

GMQ_21_leaders_S1

 

 

Independent Testing

 

McAfee logo

TESTING BODY

SentinelOne logo
Provided lower end coverage across the attack chain stages

MITRE ATT&CK logo

APT29 2020

Scored record results:

 - Least missed detections

 - Most high-quality detections

 - Most correlated   detections
Recommended rating 2016
NSS labs Top ROI score and Recommended rating 2019
Unknown VB100virus 100% block rate across   Windows testing
Top Product
AVTest Approved Product (2017)

AAA rated: 97%  accuracy

SELabslogo AAA rated: 100% accuracy

 

 

Pricing

All prices calculated at per endpoint per month, for comparison purposes.

Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.

Correct at October 2020

 

Contact us for accurate pricing based on your specific requirements

SentinelOne logo

 Minimum purchase - 5 endpoints - only through ITHQ

Payment can be billed monthly - only through ITHQ

To achieve these prices below, minimum purchase 100 endpoints, billed annually.

Quote always required for accurate pricing

Core Control Complete
$4.16 $4.90 $9.00
Includes full advanced EDR
All Core features plus device, firewall and bluetooth control
All Control features plus threat hunting and deep visibility

 

mcafee-logo1

Listed on McAfee.com and Insight.com as MVISION EDR Premium & EPP

Priced according to Insight.com

5 - 250 Endpoints
$8.60 per endpoint per month (billed annually)

 

 

New call-to-action