We just raised a $30M Series A: Read our story
2021-08-16T06:26:00Z

What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?

66

Hi community members, 

I work as the Director of Information Technology at a legal firm and I'm looking at replacing our Symantec EDR with either SentinelOne or CrowdStrike but can't seem to get any balanced views other than those from each vendor.  

Currently, I'm doing a POC on both and am interested to know: has anyone already gone through the same dilemma and which solution did you end up with?

Thanks!

ITCS user
Guest
68 Answers

author avatar
Top 5LeaderboardReal User

We RFI/POC'd them all. 


Sentinel One came out on top for every aspect of the requirements that we needed to fulfill from our architect.


That said, CrowdStrike is a good tool as well but I think ends up being more expensive. The best bang for the buck was S1.

2021-08-18T12:42:43Z
author avatar
Top 5LeaderboardReal User

Hi Ron - SentinelOne without a doubt - it has not been breached.

2021-08-20T13:00:22Z
author avatar
Top 5LeaderboardReal User

We are currently in the process of looking for "new tools" in regards to endpoint security. We use McAfee at the moment and we lean more towards S1.


But I am interested how your POCs go. Please come back with some insight!

2021-08-19T14:08:18Z
author avatar
User

It really depends what you want as outcomes, reporting integration with other security technologies. Be happy to discuss.

2021-08-19T13:52:25Z
author avatar
Consultant

BetterI would suggest moving it to Microsoft Defender for Endpoint, which will help more in feature.

2021-08-19T08:32:36Z
author avatarEvgeny Belenky
Community Manager

@AJITH H G, can you please explain "why"?

author avatarAJITH H G
Consultant

@Evgeny Belenky, I have deployed Microsoft Defender for Endpoint to 10 -12 customers and 5 of them as a replacement of CrowdSrtike.

EDR is also very accurate and easy to analyze.

For Defender, we just need to have ASR Policies defined for Block, Warn, Audit and Enable for the endpoint to action detection. Microsoft Defender for Endpoint comes with a vulnerability assessment as well. This will help remediate and keep a clean environment to avoid security attacks.

Microsoft365 is this unified tool that we can integrate with Cloud app, security Device policy and alerts.

author avatar
Top 5Real User

S1 for sure. 


Disconnect Falcon from the internet and it looses its ability to do anything. Falcon is still a fine product, for EDR I'd go S1.

2021-08-18T17:58:59Z
Find out what your peers are saying about CrowdStrike Falcon vs. SentinelOne and other solutions. Updated: November 2021.
552,305 professionals have used our research since 2012.