We just raised a $30M Series A: Read our story
Cancel
You must select at least 2 products to compare!
Darktrace Logo
44,155 views|29,158 comparisons
SentinelOne Logo
44,387 views|30,121 comparisons
Comparison Summary
Question: Which is better - SentinelOne or Darktrace?
Answer: You cant compare the two solutions they are different. SentinelOne is an EDR similar to know EDR (Sophos, Sandblast, cloud strike, Paloalto XDR, etc.). You need an agent to install to the endpoint to manage. You can integrate via API if you want to integrate to existing networks like Clearpass and micro-segmentation software like Guardicore. Darktrace is an AI to analyze traffic for known cyber threats from the network level without any agent. Either mirror the port or redirect traffic from VLAN to the Darktrace sensor. The sensor notify you if any devices are newly discovered to the network, or new users access the particular device. You can block that traffic or device to mobile devices or web UI. In addition, Darktrace also has a module to integrate to SaS like office365 email.
Featured Review
Find out what your peers are saying about Darktrace, Vectra AI, GFI and others in Intrusion Detection and Prevention Software (IDPS). Updated: November 2021.
554,676 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further.""It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports. Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk.""Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside.""I particularly like Antigena and the analytics around the real-time monitoring of our network. I also like its reporting because it has got a seven-day reporting period within the system. Every time you run the reports, it gives you the data about the previous seven days. I like that because it is in real-time. I enjoy reading those reports and getting a very clear and decisive idea of what's happening on my network on a real-time basis. I like the actual real-time monitoring of spoofing and things like that. I also like the user monitoring as well as the network logging capabilities.""It is a stable solution.""AI analytics are built directly into the product.""The solution is stable. We've never had any problems with it.""It is a stable solution without downtime."

More Darktrace Pros »

"The solution is powerful because we just have to update the agent by using the console, which is simple to do. I just select the endpoints and click "Update" on the console. That is it, because it is very easy to use.""The Storyline feature has significantly affected our incident response time. Originally, what would take us hours, now it takes us several minutes.""It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions""The best part of the agent is that users can't remove or disable it, so endpoints will be safe. I can control it from the portal. I can see when it's updated and I can push updates from the portal. The greatness of SentinelOne is that our end-users don't see anything to do with the agents. Some of them don't even know it's on their laptops. And that's a good thing.""When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help.""We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access.""SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's... There are cost savings not only on licensing but because I don't have to have different people managing different consoles.""It has a one-click button that we can use to reverse all those dodgy changes made by the virus program and bring the system quickly back to what it was. That's one of the most important features."

More SentinelOne Pros »

Cons
"It would be useful if there was a way to check to see if there are certain devices that are not in sync with the solution. I'm not sure if this is an option or not.""The user interface and the configuration are a bit complex and should be improved or simplified.""It would be helpful if they could recognize incidents and simplify the customer's challenge to identify what is happening.""This is quite an expensive product so the pricing is something that can be improved.""One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network.""It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace.""It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks.""The solution could be easier to use."

More Darktrace Cons »

"It's good on Linux, and Windows is pretty good except that the Windows agents sometimes ask for a lot of resources on the endpoints. That could be in the fine-tuning for scanning. In Mac, they are complaining about the same problems, that it's using a lot of resources, but that could also be that we have to configure what it is scanning and what it should not scan. Currently it scans everything.""As a cloud-based product, there is a minimum number of licenses that need to be purchased, which is unfortunate.""Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros.""I would like to improve the reports because they are not so customizable and we would like more info from them.""Periodically we have an application that does not work correctly when SentinelOne is installed, yet performs as expected when SentinelOne is removed.""One of the areas which would benefit from being improved is the policies. There are still software programs where we need to manually program in the policies to tell the system, "This program is legitimate." Some level of AI-based automation in creating those policies would go a long way in improving the amount of time it takes to deploy the system.""The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do.""In terms of improvement, they should work on agents' updates because that is not a strong part. It's not their strong point. It's not straightforward to upgrade agents. I send them questions about it. They already worked on this and they promised that in the next release that they will show me their solution for it. But this year I have had complaints about agents' updates, that they aren't clear."

More SentinelOne Cons »

Pricing and Cost Advice
"The pricing is a little high compared to the competition.""It is expensive. I don't have the price for other competitors.""When it comes to large installations, it can be expensive, but for small accounts it's fine.""Our customers feel that the price of Darktrace is quite high compared to other solutions.""It is a very expensive product.""The price of the solution is not cheap. It is not a one-time purchase, there is a subscription that needs to be paid every one to five years depending on your choice. It is expensive but you can reduce the price by only using the services that you want.""It was $3,600 a month or $2,000 plus or so. I am not sure. Its licensing is pretty simple.""If you consider the features and the cost of market leaders, we are satisfied with the pricing."

More Darktrace Pricing and Cost Advice »

"Our licensing fees are about $5 USD per endpoint, per month.""You have to look at the kinds of problems you can end up with and the fact that you want security against them, and then SentinelOne is not expensive.""The pricing level for this service and application was very interesting for us. I don't know exactly what the price was, but apparently it was a big surprise that the SOC was also included in our pricing model.""The larger count you have, the deeper discount you will receive in your contract.""The pricing is very fair for the solution they provide.""USD$6 per end point which decreases as end points increase.""We are on a subscription model by choice. Therefore, we are paying a premium for the flexibility. We would have huge cost savings if we committed to a three-year buy-in. So, it's more expensive than the other solutions that we were looking at, but we have the flexibility of a subscription model. I think the pricing is fair. For example, if we had a three-year tie-in SentinelOne versus Cylance or one of the others, there is not that much difference in pricing. There might be a few euro or dollars here and there, but it's negligible.""The pricing is very reasonable."

More SentinelOne Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
554,676 professionals have used our research since 2012.
Answers from the Community
Netanya Carmi
author avatarWilliam Munroe
Vendor

You should not compare SentinelOne to Darktrace - they solve completely different problems. These types of questions show the ongoing challenges in cybersecurity. As written below, SentinelOne is an Endpoint Detection and Response tool. It is to protect a laptop or workstation from an attack. EDR is a core requirement for cyber defense.


Darktrace is a network detection and response tool. NDR tools detect attacks occurring against the network. NDR is also a core requirement for cyber defense.


Regardless of the quality of either tool, you need to cover both your endpoint and your network. So if you decide one is better and choose it, you remain vulnerable to attack. 


Cover your endpoint only, and I am going to hit you with an attack on your network. Cover your network only, and I will get you via an endpoint.


EDR tools - SentinelOne, Cybereason, CrowdStrike, Carbon Black to name a few.


NDR tools - Darktrace, Vectra, ExtraHop, Cyglass to name a few.


Comparisons of these tools by category would be more valuable.

author avatarITSecuri7cfd (IT Security Coordinator at a healthcare company with 10,001+ employees)
Real User

An easy answer for me - pretty much exactly what @Janet Staver described. 


DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew. 


S1 is an endpoint tool with deep inspection, a central console, and is cost-effective.

author avatarNicholas Arraje
Vendor

Both @Janet Staver ​and @ITSecuri7cfd are spot on.  


As a security vendor, like ITSecuri7cfd points out, one tool is for the endpoint and one tool is for the network side.  


If you looking for an EDR tool, you should look to compare solutions from Carbon Black, Crowdstrike, etc.  


As for Darktrace, they are classified as an NDR tool. Within the NDR market, there are essentially 2 types of solutions; tools for smaller organizations that have limited resources and tools that are designed for organizations that have SOC teams that need better visibility and data. 


If you want to learn more about NDR solutions in general we have written an ebook called "What to look for in an NDR platform": https://bricata.com/wp-content...

Questions from the Community
Top Answer: Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a… more »
Top Answer: Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for… more »
Top Answer: The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in… more »
Top Answer: Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to… more »
Top Answer: IMO, it depends on whether you have abilities to validate and/or correlate telemetries - these guys brings out quite a lot of telemetry alerts for you to work on...
Top Answer: Our clients have been able to survive a ransomware attack without even knowing that they had had files encrypted and automatically rolled back - even their Point of Sale (POS) system did not miss a… more »
Ranking
Views
44,155
Comparisons
29,158
Reviews
19
Average Words per Review
575
Rating
8.1
Views
44,387
Comparisons
30,121
Reviews
19
Average Words per Review
1,870
Rating
9.7
Comparisons
Also Known As
Sentinel Labs
Learn More
Overview

Darktrace is a leading autonomous cyber security AI company and the creator of Autonomous Response technology. It provides enterprise-wide cyber defense to over 4,700 organizations, protecting the cloudemailSaaStraditional networksIoT devicesendpoints, and industrial systems.

A self-learning technology, Darktrace AI autonomously detects, investigates, and responds to advanced cyber-threats, including insider threat, remote working risks, ransomware, data loss, and supply chain vulnerabilities.

The company has 1,500 employees globally, with headquarters in Cambridge, UK. Every second, Darktrace AI fights back against a cyber-threat, before it can cause damage.

SentinelOne delivers autonomous endpoint protection through a single agent that successfully prevents, detects, responds, and hunts attacks across all major vectors. Designed for extreme ease of use, the S1 platform saves customers time by applying AI to automatically eliminate threats in real-time for both on-premise and cloud environments and is the only solution to provide full visibility across networks directly from the endpoint. To learn more visit www.sentinelone.com or follow us at @SentinelOne, on LinkedIn or Facebook.

Offer
Learn more about Darktrace
Learn more about SentinelOne
Sample Customers
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol
Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank
Top Industries
REVIEWERS
Financial Services Firm22%
Government11%
Healthcare Company6%
Reseller6%
VISITORS READING REVIEWS
Comms Service Provider25%
Computer Software Company21%
Government6%
Financial Services Firm5%
REVIEWERS
Retailer19%
Manufacturing Company13%
Healthcare Company13%
Energy/Utilities Company13%
VISITORS READING REVIEWS
Computer Software Company24%
Comms Service Provider23%
Government5%
Retailer4%
Company Size
REVIEWERS
Small Business50%
Midsize Enterprise14%
Large Enterprise36%
VISITORS READING REVIEWS
Small Business22%
Midsize Enterprise24%
Large Enterprise53%
REVIEWERS
Small Business29%
Midsize Enterprise18%
Large Enterprise54%
VISITORS READING REVIEWS
Small Business24%
Midsize Enterprise51%
Large Enterprise25%
Find out what your peers are saying about Darktrace, Vectra AI, GFI and others in Intrusion Detection and Prevention Software (IDPS). Updated: November 2021.
554,676 professionals have used our research since 2012.

Darktrace is ranked 1st in Intrusion Detection and Prevention Software (IDPS) with 21 reviews while SentinelOne is ranked 2nd in Endpoint Protection for Business (EPP) with 20 reviews. Darktrace is rated 8.0, while SentinelOne is rated 9.8. The top reviewer of Darktrace writes "A 10/10 solution with an awesome interface, good stability and scalability, flexible pricing, and good support". On the other hand, the top reviewer of SentinelOne writes "Made a tremendous difference in our ability to protect our endpoints and servers". Darktrace is most compared with CrowdStrike Falcon, Cisco Stealthwatch, Vectra AI, ExtraHop Reveal(x) and Palo Alto Networks Threat Prevention, whereas SentinelOne is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Carbon Black CB Defense, Cortex XDR by Palo Alto Networks and Sophos Intercept X.

We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.