Hey guys, we are an MSP with 1000 endpoints currently using webroot. We understand it isn't good enough and nearing the end of our POC evaluation for both sentinelone and crowdstrike. I can say I've had pretty good experiences with both so far but I have seen Crowdstrike be able to detect more things (fileless attacks), seen less false positives and also be a lighter agent on the machines we've tested. Also Crowdstrike's sales engineer went above and beyond with helping setup best practices etc.

I've done my research and it appears Crowdstrike much more often than not test better in independent evaluations like MITRE and be rated better (gartner). Sentinelone seems still to be mentioned 5/6 times more in these threads. I'd like to do my due diligence in questioning CS to make sure I make a good decision. Are most people's decision to not go Crowdstrike due to:

1. barrier to entry (minimums)

2. Slightly higher pricing?

3. Easy consumption model (pax8)?

I'd love to understand anyone else's viewpoint for other reasons!

Hi All,

I was asked at work to look into the difference(s) between CS and S1 for a subsidiary of ours. Currently, they use S1 and are considering switching to CS. I’ve gone through a lot of the documentation and understand both tools on paper, but I’m looking for insights from people who have actually used them.

From everyone's experiences, what are the real world pros and cons you’ve experienced with each? Which do you think performs better overall? My hands on experience with both is pretty limited, and from what I can tell, the pricing seems fairly comparable.

Thanks!

Edits:

• The subsidiary only has 1 full-time IT Person to manage the consoles. Not sure on how the maintenance / configuration is like for either.

• The company has < 100 employees and devices

• The company is currently using S1, but, they're using the 'Control' license. The decision is to whether to upgrade to 'SentinelOne Enterprise', or, switch to CS.

I am in no way affiliated with an MSP/MSSP or any vendor. I started at my current role 14 months ago and inherited CrowdStrike. I never understood why companies would pick an expensive EDR like CrowdStrike when you can do so much on an E5 license. Previous to this company MDE was the EDR I had the most experience with. I'd implemented the full MS security stack from MDE to MDI, MDO and Sentinel. Some of the specific challenges I face is that the IT department is significantly understaffed and the resources who are available have only junior level expertise. I have more time than they do most days and this leads to challenges in trying to implement something like MDI (Are you sure you installed the agent? Are you sure you added the RAM and storage?) or even ASR in MDE (We sent the communication people would experience a warning page, but IT did not prepare for this and now we're facing a lot of help desk calls).

The idea of moving to CrowdStrike Identity protection where it doesn't require a net new agent (or the same idea for S1 I would assume?) or moving to CrowdStrike's SIEM (same thing for other vendors) is suddenly so appealing. If I couldn't trust IT to correctly execute on even basic tasks without handholding, why would I ever try to do something like ASR?

Sometimes the ease of implementation is worth its weight in gold.

*This is in no way affiliated with my current employer as that could get me fired.