London, UK | 020 3997 7979
Microsoft Defender for Endpoint was, until recently, known as Defender ATP. How does it stack up against rising star, SentinelOne, for endpoint protection?
If you're a start-up or SME heavily invested in a Microsoft environment, you'll already be familiar with Defender Antivirus and Exploit Guard - they are included with all versions of Windows.
However, most enterprise buyers will want to move to Defender for Endpoint for better EDR functionality such as attack visibility, reporting and threat hunting, as well as vulnerability management. Ultimately, next-generation malware requires next-generation cyber security.
Opting for another Microsoft product might seem like an attractive option for familiarity. But the ever-present and inevitability of outages demonstrate the dangers of putting all your tech eggs in one - albeit well-known and trusted - basket.
Spreading risk across multiple products and platforms is by far the safer option. It's worth exploring newer companies that offer a serious challenge to the established players.
SentinelOne is rapidly becoming synonymous with unbeatable endpoint protection, as its record-breaking MITRE ATT&CK APT29 2020 test showed and its 100% Total Accuracy Rating by SE Labs.
It is a Gartner Magic Quadrant Leader and also making waves in further testing, as the table below shows. It is competitively and transparently priced, whilst in contrast, Defender for Endpoint is more expensive and subject to Microsoft's complex licensing.
SentinelOne has published some seriously impressive video proof of its capabilities, not least where it defeats Maze ransomware in under two minutes. The platform also comes with a built-in ransomware warranty of up to $1 million - a warranty that has never been claimed.
If you're looking for a next generation endpoint protection solution and need help creating a shortlist, here's a direct comparison page to help.
 |
 |
|
| Business Benefits | ||
| Autonomous prevention, detection, and recovery from threats in real-time. | Cloud dependent |
Yes |
| Fast Recovery |
Partial (AIR on E5) |
Yes - Can be automated or 1-click |
| OS freedom (Windows / Mac / Linux feature parity) |
Yes | Yes |
| Fewer alerts with more context |
Incident based |
Yes |
| AI-powered prevention, detection, response, and threat hunting. | Explorer - manual storylines | Yes |
| API integration |
Yes | Yes |
| Scalability | Yes | Yes - Support for containers and serverless workloads, especially Kubernetes dynamic workloads. |
| Higher accuracy across entire attack surface. | Yes - attack surface reduction enhancements. | Yes - Consistent identification of tactics and techniques in the MITRE Phase 2 evaluations. |
| Centralised Visibility | Yes | Yes - full storyline. |
| Automation & Control | Yes | Yes - Automated mitigation options via the Storyline Active Response Capability. |
| Data analytics | Yes | No - SentinelOne does not have its own network security sources to add. |
|
Collection and reporting of; inventory, config and policy management of endpoint devices. |
Yes - e.g. threat intelligence reporting. | Yes |
|
Mobile Threat Defence |
Yes | Yes |
|
Ease of deployment |
No - no on-premise console. |
Yes - Excellent timeliness and quality of customer support. |
| Features | ||
|
AI across user endpoints, containers, cloud workloads, and IoT devices. |
No - dropped support for E-o-L systems. |
Yes - New IoT discovery and protection capabilities in its Ranger product. |
| Static & Behavioural AI |
Heuristics |
Yes |
| Exploit protection | Heuristics | Yes + context |
| Lateral movement | Heuristics | Yes + context |
| Remediation | Automated |
Automated |
| Rollback | No |
Automated |
| Integrated threat feeds | Yes |
Yes |
| Remote shell | No |
Yes |
| Device control | Yes - Device Discovery |
Yes - Device discovery via Ranger. |
| Firewall control | Yes |
Yes |
| Bluetooth control | Yes | Yes |
| Threat hunting |
Yes |
Yes - full storyline |
| Deep visibility | Yes - Sandbox (deep analysis) |
Yes |
| Event Correlation | No |
Yes |
| Execution Restriction | Yes - EDR in block mode. | Yes |
| Vulnerability scanning | Yes - UEFI scanning. | Yes - Priority list of vulnerable applications. |
| Security patching | No | Yes |
| Triage | Yes - decision-making algorithms. | Yes - Investigate in seconds with automated correlations and Storyline. |
| Disk Encryption | No | No - Missing add-on for fully featured DLP. |
|
|
|
 |
TESTING BODY |
 |
| Provided coverage across the attack chain stages |
APT29 2020 |
Scored record results:
|
| N/A |
 |
Top ROI score and Recommended rating 2019 |
| NOT CURRENTLY CERTIFIED |  |
99.8% block rate across Windows testing |
|
Top Product for Windows Only 1 false-positive |
 |
100% protection against zero-day malware attacks on Windows |
 |
 |
In top 10 vendors Recognized for the commitment to pushing the boundaries of autonomous technology — delivering innovation at scale and speed, and shaping the endpoint market. |
|
Above average UI launch time Below average memory usage Quickest file copy, move and delete time Longest file compression/ decompression time |
 |
Performs better than several legacy AV products for the following:
|
All prices calculated at per endpoint per month, for comparison purposes.
Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.
Correct at February 2021
Contact us for accurate pricing based on your specific requirements
|
Minimum purchase - 5 endpoints - only through ITHQ Payment can be billed monthly - only through ITHQ To achieve these prices below, minimum purchase 100 endpoints, billed annually. Quote always required for accurate pricing |
||
| Core | Control | Complete |
| $4.16 | $4.90 | $9.00 |
| Includes full advanced EDR |
All Core features plus device, firewall and bluetooth control |
All Control features plus threat hunting and deep visibility |
Minimum purchase - 100 endpoints
Payment always billed annually
Priced according to Microsoft
$22.00 per user per month
Can't be bought separately – requires Microsoft 365 Business Premium.
This means that to buy security from Microsoft, you have to effectively buy email, the office suite, Azure AD, Windows 10, Teams, OneDrive, Sharepoint, Bitlocker, SCCM and more.
