We performed a comparison between Darktrace and SentinelOne based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on our users’ reviews, we would conclude that SentinelOne is a stronger, more secure solution than Darktrace. Reviewers say that SentinelOne offers a deeper and more thorough level of security. Additionally, SentinelOne provides equal protection across Windows, Linux, and macOS. It can also support legacy infrastructure as well as newer environments. The single-pane feature helps protect numerous endpoints with a very lean team, saving time and money.
"The technical support is good and quick to resolve issues."
"Defender is a SaaS platform, so it offers more flexibility. Managing the permissions is easier. The solution's automated detection and response features are scalable."
"Since we have started using the solution, there have been fewer compromises."
"Threat Explorer is an invaluable tool for me, and it plays a crucial role in helping me discern the origins of various email campaigns, pinpointing where they emanate from, and identifying the individuals within our organization who are affected."
"The basic features are okay and I'm satisfied with the Defender."
"The initial setup is straightforward. You just add the license, click it, and then you can set up the rules. It is quite simple."
"The good part is that you don't have to configure it, which is very convenient."
"Defender for Office 365 has helped eliminate having to look at multiple dashboards and that is the aspect I like most about it. It is simpler, effective, and convenient. The users like the process efficiency."
"It is a stable solution."
"One member of staff is enough for deployment and maintenance because Darkforce is AI-driven. It does a lot of things by itself."
"I am impressed with the product's ability to give insights into network traffic."
"I like the Antigena feature in Darktrace, as it offers immediate response and is helpful."
"We liked their approach to identifying intrusions or network anomalies using AI."
"The solution is stable. We've never had any problems with it."
"The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further."
"The ability to see what we have not seen before is most valuable. It is very interesting to find out the most vulnerable devices in our network."
"The solution is easy to set up."
"The remediation and rollback features are pretty impressive."
"The reporting part is awesome."
"I like the centralized management with the web dashboard."
"I find the application inventory feature to be extremely useful."
"The ability to get queries by pressing the "tab" button is a plus for SentinelOne."
"The best feature of SentinelOne Singularity Complete is that you don't need to configure a lot with it because it provides an unmatched layer of protection out of the box."
"I am particularly interested in the new app vulnerability module that is included with the Singularity Complete edition."
"Several simulation options are available within 365, and the phishing simulation could be better."
"There is room for improvement with the UI."
"The XDR dashboard has room for improvement."
"The UI needs to be more user-friendly."
"Microsoft Defender for Office 365 should improve the troubleshooting tools. It's unclear whether the device is blocked at the firewall level or at the device itself. The granularity needed for troubleshooting is currently lacking. From my perspective, Microsoft should address this issue to benefit many users who likely share the same sentiment."
"There is room for improvement in terms of reporting."
"Microsoft Defender for Office 365 must improve the overall management style, including the GUI. It also needs to change the filters so that it is easy to whitelist and blacklist data."
"We need to be able to whitelist data at the backend."
"There aren't so many third-party vendor platforms natively integrated with the platform."
"Getting logs from different sources can be a challenge."
"The program is quite expensive."
"The interface and dashboards could be improved for ease-of-use."
"The initial setup is more complex and time-consuming than some solutions."
"This is quite an expensive product so the pricing is something that can be improved."
"The dashboard and reporting for this solution could be improved as it is currently complex. The GUI for this solution could also be improved."
"It is expensive, but everything else has been great so far."
"Although the SentinelOne firewall seems to offer potential benefits, in reality, it hasn't proven to be very helpful."
"SentinelOne could improve by creating an autopilot or automated way to roll out the solution more efficiently which would be helpful."
"SentinelOne Singularity Complete could improve by having DNS filtering. Other competitor solutions have this feature."
"There are features that I would like them to add. They have little to do with endpoint protection, but if they could add encryption and DLP on, it would make it even better."
"I really haven't done enough to really see any improvements."
"We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future."
"The MDM functionality and maturity still need improvement."
"All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers."
More Microsoft Defender for Office 365 Pricing and Cost Advice →
More SentinelOne Singularity Complete Pricing and Cost Advice →
Darktrace is ranked 13th in Email Security with 32 reviews while SentinelOne Singularity Complete is ranked 2nd in Anti-Malware Tools with 140 reviews. Darktrace is rated 8.2, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of Darktrace writes "A stable, scalable, and valuable tool that provides excellent network monitoring". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "You don't need to configure a lot with it because it provides an unmatched layer of protection out of the box". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, Cortex XDR by Palo Alto Networks, Cisco Secure Network Analytics and ExtraHop Reveal(x), whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, ThreatLocker Protect, Datto Endpoint Detection and Response (EDR) and Bitdefender GravityZone EDR.
We monitor all Email Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
You should not compare SentinelOne to Darktrace - they solve completely different problems. These types of questions show the ongoing challenges in cybersecurity. As written below, SentinelOne is an Endpoint Detection and Response tool. It is to protect a laptop or workstation from an attack. EDR is a core requirement for cyber defense.
Darktrace is a network detection and response tool. NDR tools detect attacks occurring against the network. NDR is also a core requirement for cyber defense.
Regardless of the quality of either tool, you need to cover both your endpoint and your network. So if you decide one is better and choose it, you remain vulnerable to attack.
Cover your endpoint only, and I am going to hit you with an attack on your network. Cover your network only, and I will get you via an endpoint.
EDR tools - SentinelOne, Cybereason, CrowdStrike, Carbon Black to name a few.
NDR tools - Darktrace, Vectra, ExtraHop, Cyglass to name a few.
Comparisons of these tools by category would be more valuable.
An easy answer for me - pretty much exactly what @Janet Staver described.
DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew.
S1 is an endpoint tool with deep inspection, a central console, and is cost-effective.
I have done a POC with Darktrace three different times at different orgs.
They are actually a borderline scam company. On each POC, I set up tests that even a free install of Suricata could detect. DT failed to detect anything in each case.
The other thing is that they call their alerts breaches. This is a BAD idea and they would not listen to reason on this. They will send out young, good-looking salespeople, but by the time you are done with your POC, they will be gone and replaced by someone else.
Their sales engineers are too young to have any experience with a security issue you may be dealing with. And I suspect after a few POCs they see that this does not work, at all, and leave! Stay away from Darktrace!
You can't compare these two solutions - they are different.
SentinelOne is an EDR similar to known EDRs (Sophos, Sandblast, CrowdStrike, Palo Alto XDR, etc.).
You need an agent to install to the endpoint to manage. You can integrate via API if you want to integrate to existing networks like Clearpass and micro-segmentation software like Guardicore.
Darktrace is an AI-based tool to analyze traffic for known cyber threats from the network level without any agent. Either mirror the port or redirect traffic from VLAN to the Darktrace sensor. The sensor notifies you if any devices are newly discovered to the network, or new users access the particular device. You can block that traffic or device to mobile devices or web UI. In addition, Darktrace also has a module to integrate to SaS like the Office365 email.
Both @Janet Staver and @ITSecuri7cfd are spot on.
As a security vendor, like ITSecuri7cfd points out, one tool is for the endpoint and one tool is for the network side.
If you looking for an EDR tool, you should look to compare solutions from Carbon Black, Crowdstrike, etc.
As for Darktrace, they are classified as an NDR tool. Within the NDR market, there are essentially 2 types of solutions; tools for smaller organizations that have limited resources and tools that are designed for organizations that have SOC teams that need better visibility and data.
If you want to learn more about NDR solutions in general we have written an ebook called "What to look for in an NDR platform": https://bricata.com/wp-content...
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organizations who have limited security resources but still need deep insights into threats and network intrusions. Darktrace also has an invaluable feature that produces weekly reports.
A unique feature Darktrace has to its name is its use of artificial intelligence for cybersecurity and machine learning capabilities. Darktrace is able to successfully detect threats over networks before it's even possible for them to spread. In addition, it notifies you with all the threat details. Although Darktrace is geared toward smaller-sized organizations, it does come with a hefty cost. The cost increases as the number of products that need to be monitored increases.
SentinelOne is a great product and effective for mitigating threats. It allows you to have granular control over your environments and your endpoints. SentinelOne has a central management console. It also provides insight into lateral movement threats, by gathering data from anything that happens to be related to the security of an endpoint. Another SentinelOne feature that’s fantastic is their one-click automation remediation, along with rollback for restoring an endpoint, which can often be very helpful.
SentinelOne is also known for its ability to decrease incident response time and has deep visibility that comes in handy quite often. However, the dashboard design isn’t wonderful. In contrast to Darktrace though, SentinelOne is efficient because minimal administrative support is required, and it offers a lot for a solution that is cost-effective.
Conclusion
While both SentinelOne and Darktrace boast many beneficial features, one outweighs the other when it comes to price. If Darktrace is within your budget, I would recommend it. But if not, SentinelOne is a great solution that makes a lot of sense.