Hey all, we're currently in the process of considering different XDR solutions for my clients and I've got PaloAlto Network's XDR Cortex and SentinelOne's Singularity on my radar.
I figured this is the best place to tap into some real-world experience and feedback about these platforms. If you've got experience with either (or both) of these, I'd love to hear from you.
Specifically, I'm curious about:
Ease of use: Are they intuitive? How's the learning curve?
Performance: Are they effective in threat detection and response?
Integration: How well do they play with the rest of your tech stack?
Cost-effectiveness: While I understand pricing varies, any insight into value for money would be great.
Overall experience:Would you pick one over the other? Why?
Every bit of insight helps 🙏🏼
Cheers!
Videos
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Which offers better endpoint protection: CrowdStrike or SentinelOne?
Which platform is easier to deploy: SentinelOne or CrowdStrike?
Hello all. I was wondering for those who have personal experience with Palo Alto Cortex XDR, how does it compare to Crowdstrike, Microsoft, and SentinelOne?
What are the pros and cons of each? And the cost also if you know. Thinking of switching from PA. Thanks!
Hey all, I'm sure this topic has been beaten into the ground however I'm currently torn on which AV/ EDR solution to pursue, since I'm finally ready to retire SEP (thanks, Broadcom)
I've been wanting to make this move for awhile, and at first glance Crowdstrike really stands out, however I stumbled upon a video from The PC Security Channel (here) which shows less than stellar results, which is a little concerning.
SentinelOne seems to do much better by the same set of tests, but InterceptX seems to do the best. Sophos SEEMS to have more customers than the other two offerings (and thus, more support, which may be good or bad) however I have seen a lot of bad things about Sophos (in particular with their server software (reboots) ).
Gartner ranks Crowstrike pretty high (same with Sophos) however S1 seems to be lagging behind in that regard.
Has anyone POC these three products, and what was your final result?
Environment: 175 Windows workstations, 15 servers (mostly Windows)
For products like CrowdStrike, Cylance, etc you’ll have to ignore the results from The PC Security Channel. These products require a huge amount of configuration and it’s clear from some of the videos that’s not being done in his tests.
With any of the enterprise NGAV products, particularly if you’re looking to add an EDR component, the question is largely how much time you’re willing to dedicate to configuring them. Also the vendor or VAR’s ability to assist with that will play a large role.
We went with Cylance because their professional services blew me away and gave me the comfort to feel like we could effectively manage the product.
SentinelOne has saved our ass time and time again
It has also broken more shit than the malware probably would have
Their support has been way better than any other AV vendor I've worked with, but we have had to use them a decent amount
We are currently evaluating the above products. Anyone have any good insight or things that I should look closely at before purchasing? I would appreciate any input you may provide.
Hey guys, we are an MSP with 1000 endpoints currently using webroot. We understand it isn't good enough and nearing the end of our POC evaluation for both sentinelone and crowdstrike. I can say I've had pretty good experiences with both so far but I have seen Crowdstrike be able to detect more things (fileless attacks), seen less false positives and also be a lighter agent on the machines we've tested. Also Crowdstrike's sales engineer went above and beyond with helping setup best practices etc.
I've done my research and it appears Crowdstrike much more often than not test better in independent evaluations like MITRE and be rated better (gartner). Sentinelone seems still to be mentioned 5/6 times more in these threads. I'd like to do my due diligence in questioning CS to make sure I make a good decision. Are most people's decision to not go Crowdstrike due to:
barrier to entry (minimums)
Slightly higher pricing?
Easy consumption model (pax8)?
I'd love to understand anyone else's viewpoint for other reasons!
So… the dust has almost settled.
my question is, what’s your alternative to crowdstrike if you want out?
the whole situation was kinda funny for me at least since we were heavily looking at getting crowdstrike or sentinel 1 over sophos but money issues prevented it from happening. I think this will now get factored in if we want to move out of sophos.
Doing a POC of both for endpoint security, but for those of you have used them - what's your take? We currently use Cisco for our physical network stack, but will likely be moving to PA for firewalls so XDR would play nice with them...and XDR seems legit.
But, word on the street is Crowdstrike blows everything else out of the water...
I realize there is a huge variation of offerings depending on the tier of license you buy with either product - what's been your experience? False positives? Remediation functions? Any and all opinions/info are appreciated.