SentinelOne vs. Symantec | Cybersecurity Comparisons

Competitive Comparison Page

Get a Personalized Demo

By clicking Request a Demo, I agree to the use of my personal data in accordance with SentinelOne Privacy Policy. SentinelOne will not sell, trade, lease, or rent your personal data to third parties.


Platform Capabilities


ONE console, ONE agent: Centralized & intuitive operations through a single platform, includes EPP + EDR, Cloud Workload Protection, and Network Attack Surface ManagementMultiple consoles: Requires switching between SEP and EDR interfaces, “other” enterprise security offerings severely limited following Broadcom acquisition
Quick to deploy, easy to manage: Customers see fast time to value without extensive tuning and configuration
Complex and siloed: Each component (e.g. AV, firewall, device control, etc.) requires significant policy tuning to scale

Automation & Recovery


Real-time, machine-powered attack reconstruction: Events are automatically reconstructed into an easily navigable Storyline™, focused & contextualized alerts for analysts means faster MTTRTedious correlation & contextualization: Investigation & hunting requires manual connection of events, manual addition of context, and parsing through false positives
Fully automated recovery: Autonomous & 1-click remediation and patented rollback
Manual & scripted remediation, legacy signature-based repair

EDR Quality & Coverage


Static & behavioral AI-driven detection: Equipped to handle unknown threats and modern TTPs, including fileless and in-memory attacksLegacy, signature-based approach with immature ‘next-gen’ capabilities: Misses fileless & advanced attack TTPs (including ransomware), also misses advanced crypter/packer use
Fewest misses, richest detections in 2020 MITRE ATT&CK® evaluation: SentinelOne outperformed Symantec, correlating 9x the telemetry, tactics, and techniques (118 vs. 13) and producing half as many misses
Sparse data correlation, 2x as many misses: Symantec generated many detections, but without correlation between related events
365 day max EDR data retention in console
180 day max EDR data retention for cloud customers: Data automatically purged after 6 months, or as soon as the database reaches a certain threshold

The Gartner Peer Insights Customers’ Choice badge is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.