SentinelOne vs McAfee

29 October 2020 | ITHQ Tech Team


Got SentinelOne and McAfee on your shortlist for endpoint protection? We've put together this like-for-like comparison to help you decide which platform is best for your business.

McAfee may be an established name, but is it the best for EDR?

Established in 1987, McAfee is a long standing name in AV software. Down as a visionary on Gartner's Magic Quadrant, its endpoint protection tools, nevertheless, stand against stiff competition in today's autonomous cyber security space.

McAfee now includes threat defense and response as part of its MVISION suite of cloud and device security products. However, their EDR is still heavily reliant on signatures for detection on the endpoint, and cloud look ups when those fail.

There is only 7-day data storage by default, which can be extended to 90-day at extra cost. They appear to be heavily promoting MVISION as a complete CASB solution, rather than making it simple to buy EDR alone so flexibility of choice here does seem limited.

Essentially, McAfee is a legacy AV company at heart. It has come a long way, but how does it stand up against built-for-today ActiveEDR?


SentinelOne: resetting standards for endpoint protection

SentinelOne is rapidly becoming synonymous with unbeatable endpoint protection, as its record-breaking MITRE ATT&CK APT29 2020 test showed and its 100% Total Accuracy Rating by SE Labs.

They are Gartner Magic Quadrant Leaders and making waves in further testing, as the table below shows. It is competitively and transparently priced, whilst Defender for Endpoint is more expensive and subject to Microsoft's complex licensing.

SentinelOne has published some seriously impressive video proof of its capabilities, not least where it defeats Maze ransomware in under two minutes. The platform also comes with a built-in ransomware warranty of up to $1 million - a warranty that has never been claimed.

If you're looking for a next generation endpoint protection solution and need help creating a shortlist, here's a direct comparison page to help.


Endpoint Protection: Key considerations

  • Is it easy to deploy and manage?
  • Is it dependent on cloud command and control for detection and response?
  • How effective has it been against zero-day attacks?
  • Do you have feature parity across Windows, Mac and Linux?
  • How does it perform in real world test scenarios?
  • What do other customers say about it?


Comparison of Business Benefits and Features



McAfee logo

SentinelOne logo
Business Benefits
Autonomous Protection and Response

Partial – dependent on signatures and cloud connectivity

Fast Recovery
Partial - varies across components / modules
Can be automated or 1-click
OS freedom (Windows / Mac / Linux feature parity)
Yes Yes
Fewer alerts with more context
Varies across deployments / based on integrations
Threat hunting
Yes - full storyline
API integration Graph & Rest - partial
On-device AI
No - signatures
On-device behavioural AI
Limited to OS events
Exploit protection
Limited Yes + context
Lateral movement Through firewall rules
Yes + context
Manual / Limited
Rollback No
Integrated threat feeds Partial - requires complex tie up between MVISION, and TIE (Threat Intel Exchange)
Remote shell
Device control
Firewall control Yes Yes
Bluetooth control Yes
Threat hunting
Partial - requires MVISION, ePO and SIEM integration
Yes - full storyline
Deep visibility No


Industry and Peer Reviews


Gartner Peer Insights


McAfee logo

Threat Defense & Response

SentinelOne logo

Endpoint Protection Platform


SentinelOne vs McAfee Gartner Peer Insights




Gartner Magic Quadrant for Endpoint Protection Platforms

May 2021 - full report here





Independent Testing


McAfee logo


SentinelOne logo
Provided lower end coverage across the attack chain stages


APT29 2020

Scored record results:

 - Least missed detections

 - Most high-quality detections

 - Most correlated   detections
Recommended rating 2016
NSS labs Top ROI score and Recommended rating 2019
Unknown VB100virus 100% block rate across   Windows testing
Top Product
AVTest Approved Product (2017)

AAA rated: 97%  accuracy

SELabslogo AAA rated: 100% accuracy




All prices calculated at per endpoint per month, for comparison purposes.

Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.

Correct at October 2020


Contact us for accurate pricing based on your specific requirements

SentinelOne logo

 Minimum purchase - 5 endpoints - only through ITHQ

Payment can be billed monthly - only through ITHQ

To achieve these prices below, minimum purchase 100 endpoints, billed annually.

Quote always required for accurate pricing

Core Control Complete
$4.16 $4.90 $9.00
Includes full advanced EDR
All Core features plus device, firewall and bluetooth control
All Control features plus threat hunting and deep visibility



Listed on and as MVISION EDR Premium & EPP

Priced according to

5 - 250 Endpoints
$8.60 per endpoint per month (billed annually)



New call-to-action