SentinelOne vs Symantec

28 October 2020 | ITHQ Tech Team

Symantec is one of the oldest names in AV: it has also faced many security issues. How does its endpoint protection stand up against one of the most disruptive solutions, SentinelOne?


Symantec: one of the most recognisable brands in technology

Symantec has been around since 1982, becoming one of the most recognised names in anti-virus software following its M&A with Peter Norton Computing in 1990.

However, this company - with its foundations in preventing viruses from spreading via floppy disk - has also had to weather some well publicised security scandals.

In 2012 alone, source code was stolen from an Indian government server, the New York Times was hacked and details of an exploit were posted that would allow attackers to crash Symantec's connection product, pcAnywhere, on computers running Windows.

There followed lack of trust issues with both Google and Firefox, over SSL certificates. Yet Symantec Endpoint Protection (now owned by Broadcom) remains a well-regarded enterprise tool.


SentinelOne: resetting standards for endpoint protection

SentinelOne is rapidly becoming synonymous with unbeatable endpoint protection, as its record-breaking MITRE ATT&CK APT29 2020 test showed and its 100% Total Accuracy Rating by SE Labs.

Already a Gartner Magic Quadrant Leader, SentinelOne is making waves in further testing, as the table below shows. It is competitively and transparently priced, whilst Defender for Endpoint is more expensive and subject to Microsoft's complex licensing.

SentinelOne has published some seriously impressive video proof of its capabilities, not least where it defeats Maze ransomware in under two minutes. The platform also comes with a built-in ransomware warranty of up to $1 million - a warranty that has never been claimed.

If you're looking for a next generation endpoint protection solution and need help creating a shortlist, here's a direct comparison page to help.


Endpoint Protection: Key considerations

  • Is it easy to deploy and manage?
  • Is it dependent on cloud command and control for detection and response?
  • How effective has it been against zero-day attacks?
  • Do you have feature parity across Windows, Mac and Linux?
  • How does it perform in real world test scenarios?
  • What do other customers say about it?


Comparison of Business Benefits and Features


Symantec Logo

SentinelOne logo
Business Benefits
Autonomous Protection and Response

Cloud Dependent + Signatures

Fast Recovery
No - manual ops
Can be automated or 1-click
OS freedom (Windows / Mac / Linux feature parity)
Yes Yes
Fewer alerts with more context
Partial - high alert volumes
Threat hunting
Manual - separate product Yes - full storyline
API integration Graph & Rest - partial
On-device AI
No - signatures
On-device behavioural AI
Limited to OS events
Exploit protection
Limited Yes + context
Lateral movement Through firewall rules
Yes + context
Manual / Limited
Rollback No
Integrated threat feeds Yes
Remote shell
Device control USB & supported devices
Device control
Firewall control Yes Yes
Bluetooth control Yes
Threat hunting
Yes - full storyline
Deep visibility No


Industry and Peer Reviews

Gartner Peer Insights


Symantec Logo

Endpoint Protection

SentinelOne logo

Endpoint Protection Platform


SentinelOne vs Symantec Gartner Peer Insights




Gartner Magic Quadrant for Endpoint Protection Platforms

May 2021 - full report here




Independent Testing


Symantec Logo


SentinelOne logo
Provided coverage across the attack chain stages


APT29 2020

Scored record results:

 - Least missed detections

 - Most high-quality detections

 - Most correlated   detections
NSS labs Top ROI score and Recommended rating 2019
Unknown VB100virus 100% block rate across   Windows testing
Top Product
AVTest Approved Product (2017)
AAA rated: In top 10 vendors
SELabslogo AAA rated: In top 10 vendors




All prices calculated at per endpoint per month, for comparison purposes.

Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.

Correct at October 2020


Contact us for accurate pricing based on your specific requirements

SentinelOne logo

 Minimum purchase - 5 endpoints - only through ITHQ

Payment can be billed monthly - only through ITHQ

To achieve these prices below, minimum purchase 100 endpoints, billed annually.

Quote always required for accurate pricing

Core Control Complete
$4.16 $4.90 $9.00
Includes full advanced EDR
All Core features plus device, firewall and bluetooth control
All Control features plus threat hunting and deep visibility


Symantec Logo

Complete Endpoint Defense Suite with SEP

Minimum purchase - 50 licenses

Priced according to

Initial subscription - 1 year license + 1 year support: $117.99 per device


500 - 999 licenses 50 - 99 licenses
$12.99 per device per month $15.99 per device per month



SentinelOne Get a Demo