Cyber Resilience

SentinelOne vs Symantec

16 March 2022 | ITHQ Tech Team

Symantec is one of the oldest names in AV: it has also faced many security issues. How does its endpoint protection stand up against one of the most innovative solutions, SentinelOne?


Symantec: one of the most recognisable brands in technology

Symantec has been around since 1982, becoming one of the most recognised names in anti-virus software following its M&A with Peter Norton Computing in 1990.

However, this company - with its foundations in preventing viruses from spreading via floppy disk - has also had to weather some well publicised security scandals.

In 2012 alone, source code was stolen from an Indian government server, the New York Times was hacked and details of an exploit were posted that would allow attackers to crash Symantec's connection product, pcAnywhere, on computers running Windows.

There followed lack of trust issues with both Google and Firefox, over SSL certificates. Yet Symantec Endpoint Protection (now owned by Broadcom) remains a well-regarded enterprise tool.



SentinelOne: resetting standards for endpoint protection

SentinelOne is rapidly becoming synonymous with unbeatable endpoint protection, as its record-breaking MITRE ATT&CK APT29 2020 test showed and its 100% Total Accuracy Rating by SE Labs.

Already a Gartner Magic Quadrant Leader, SentinelOne is making waves in further testing, as the table below shows. It is competitively and transparently priced, whilst in contrast, Defender for Endpoint is more expensive and subject to Microsoft's complex licensing.

SentinelOne has published some seriously impressive video proof of its capabilities, not least where it defeats Maze ransomware in under two minutes. The platform also comes with a built-in ransomware warranty of up to $1 million - a warranty that has never been claimed.

If you're looking for a next generation endpoint protection solution and need help creating a shortlist, here's a direct comparison page to help.


Endpoint Protection: Key considerations

  • Is it easy to deploy and manage?
  • Is it dependent on cloud command and control for detection and response?
  • How effective has it been against zero-day attacks?
  • Do you have feature parity across Windows, Mac and Linux?
  • How does it perform in real world test scenarios?
  • What do other customers say about it?


Comparison of Business Benefits and Features


Symantec Logo

SentinelOne logo
Business Benefits
Autonomous prevention, detection, and recovery from threats in real-time.

Yes - continuous security posture assessments.

Fast Recovery
No - manual ops
Yes - Can be automated or 1-click
OS freedom (Windows / Mac / Linux feature parity)
Yes Yes
Fewer alerts with more context
Partial - high alert volumes
AI-powered prevention, detection, response, and threat hunting. Manual - separate product Yes
API integration
Graph & Rest - partial
Scalability Yes Yes - Support for containers and serverless workloads, especially Kubernetes dynamic workloads.
Higher accuracy across entire attack surface. Yes Yes - Consistent identification of tactics and techniques in the MITRE Phase 2 evaluations.
Centralised Visibility Yes - single agent/cloud console architecture. Yes - full storyline.
Automation & Control Yes - automated workload discovery. Yes - Automated mitigation options via the Storyline Active Response Capability.
Data analytics Cloud analytics No - SentinelOne does not have its own network security sources to add.

Collection and reporting of; inventory, config and policy management of endpoint devices.

Yes Yes

Mobile Threat Defence

Yes Yes

Ease of deployment

Yes - on-prem, cloud or hybrid cloud

Yes - Excellent timeliness and quality of customer support.


AI across user endpoints, containers, cloud workloads, and IoT devices.

Yes - AI-guided policy management Yes - New IoT discovery and protection capabilities in its Ranger product.
Static & Behavioural AI
Exploit protection Yes Yes + context
Lateral movement Through firewall rules
Yes + context
Remediation Manual / Limited
Rollback No
Integrated threat feeds Yes
Remote shell Yes - Powershell sessions for investigation and remediation. Yes
Device control USB & supported devices
Yes - Device discovery via Ranger.
Firewall control Yes
Bluetooth control Yes Yes
Threat hunting
Yes - full storyline
Deep visibility Manual - IPS deep packet inspection.
Event Correlation No - relies third-party SIEMs and SOARs.
Execution Restriction Yes - App isolation and Control. Yes
Vulnerability scanning Yes Yes - Priority list of vulnerable applications.
Security patching Yes Yes
Triage Yes Yes - Investigate in seconds with automated correlations and Storyline.
Disk Encryption Yes No - Missing add-on for fully featured DLP.


Got questions about SentinelOne? Talk to an expert


Industry and Peer Reviews

Gartner Peer Insights

Symantec Logo

Endpoint Protection

SentinelOne logo

Endpoint Protection Platform





Gartner Magic Quadrant for Endpoint Protection Platforms May 2021




Got SentinelOne questions? Book time with an expert


Independent Testing


Symantec Logo


SentinelOne logo
Provided coverage across the attack chain stages


APT29 2020

Scored record results:

  • Least missed detections
  • Most high-quality detections
  • Most correlated detections
NSS labs Top ROI score and Recommended rating 2019
NOT CURRENTLY CERTIFIED since 2013 VB100virus 99.8% block rate across Windows testing
Top Product & ZERO false positives

100% protection against zero-day malware attacks on Windows

AAA rated: In top 10 vendors

100% Accuracy


In top 10 vendors

Recognized for the commitment to pushing the boundaries of autonomous technology — delivering innovation at scale and speed, and shaping the endpoint market.

Longest installation Time

Quickest scheduled scan time

Highest CPU usage during scan

Quickest file copy, move, and delete time

Quickest file compression/decompression




Performs better than several legacy AV products for the following:

  • Quickest boot time
  • Quickest install time
  • Smallest install size
  • Lowest CPU usage during scan




All prices calculated at per endpoint per month, for comparison purposes.

Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.

Correct at February 2021


Contact us for accurate pricing based on your specific requirements

SentinelOne logo

 Minimum purchase - 5 endpoints - only through ITHQ

Payment can be billed monthly - only through ITHQ

To achieve these prices below, minimum purchase 100 endpoints, billed annually.

Quote always required for accurate pricing

Core Control Complete
$4.16 $4.90 $9.00
Includes full advanced EDR
All Core features plus device, firewall and bluetooth control
All Control features plus threat hunting and deep visibility


Pricing questions? Get in touch

Symantec Logo

Symantec Endpoint Protection Endpoint Detection and Response

Minimum purchase - 50 licenses

Priced according to

Initial subscription - 1 year license + 1 year support: $72.99 per device


SEP SMB (cloud) SEP EDR (initial)
$3.67 per device per month $6.08 per device per month



New call-to-action