We changed our name from IT Central Station: Here's why

Which is better - SentinelOne or Darktrace?


ITCS user
66 Answers

author avatar

You should not compare SentinelOne to Darktrace - they solve completely different problems. These types of questions show the ongoing challenges in cybersecurity. As written below, SentinelOne is an Endpoint Detection and Response tool. It is to protect a laptop or workstation from an attack. EDR is a core requirement for cyber defense.

Darktrace is a network detection and response tool. NDR tools detect attacks occurring against the network. NDR is also a core requirement for cyber defense.

Regardless of the quality of either tool, you need to cover both your endpoint and your network. So if you decide one is better and choose it, you remain vulnerable to attack. 

Cover your endpoint only, and I am going to hit you with an attack on your network. Cover your network only, and I will get you via an endpoint.

EDR tools - SentinelOne, Cybereason, CrowdStrike, Carbon Black to name a few.

NDR tools - Darktrace, Vectra, ExtraHop, Cyglass to name a few.

Comparisons of these tools by category would be more valuable.

author avatar
Top 5LeaderboardReal User

An easy answer for me - pretty much exactly what @Janet Staver described. 

DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew. 

S1 is an endpoint tool with deep inspection, a central console, and is cost-effective.

author avatar
Real User

Full disclosure:  obviously, I work at SentinelOne.  

I did want to clarify that the SentinelOne Singularity Platform does include both EDR and NDR - different modules, operated from the same management console.  

Singularity Ranger finds and fingerprints devices connected to your network, for real-time inventory.  Any unsecured endpoint is flagged, and can even be automatically secured via a p2p EDR agent deployment.  

Device comms are monitored, and suspicious devices can be isolated from your network with a click.  Ranger is one of our more popular solutions, and we have even more modules for the  Singularity Platform, such as hybrid cloud workload protection.  OK, that's all.  The marketing guy wants to be respectful here.

author avatar
Top 5LeaderboardReal User

You can't compare these two solutions - they are different. 

SentinelOne is an EDR similar to known EDRs (Sophos, Sandblast, CrowdStrike, Palo Alto XDR, etc.). 

You need an agent to install to the endpoint to manage. You can integrate via API if you want to integrate to existing networks like Clearpass and micro-segmentation software like Guardicore. 

Darktrace is an AI-based tool to analyze traffic for known cyber threats from the network level without any agent. Either mirror the port or redirect traffic from VLAN to the Darktrace sensor. The sensor notifies you if any devices are newly discovered to the network, or new users access the particular device. You can block that traffic or device to mobile devices or web UI. In addition, Darktrace also has a module to integrate to SaS like the Office365 email.

author avatar
Top 20Vendor

Both @Janet Staver ​and @ITSecuri7cfd are spot on.  

As a security vendor, like ITSecuri7cfd points out, one tool is for the endpoint and one tool is for the network side.  

If you looking for an EDR tool, you should look to compare solutions from Carbon Black, Crowdstrike, etc.  

As for Darktrace, they are classified as an NDR tool. Within the NDR market, there are essentially 2 types of solutions; tools for smaller organizations that have limited resources and tools that are designed for organizations that have SOC teams that need better visibility and data. 

If you want to learn more about NDR solutions in general we have written an ebook called "What to look for in an NDR platform": https://bricata.com/wp-content...

Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Protection for Business (EPP). Updated: January 2022.
563,780 professionals have used our research since 2012.