Sentinel One vs Bitdefender Gravity Zone ATS/EDR

I’m looking at both products. I know Tom uses SentinelOne and Huntress and says he hasn’t heard anything good about Bitdefener GZ.
I’ve been using Sentinel integrated in Solarwinds RMM. I struggle with it. Perhaps the full blown standalone version is better? The interface just seems so constrained.
I am demoing BitDefender and it appears to have more features and a more granular approach but it seems overwhelming so far. The dashboard is full of options.
It seems Bitdefender includes their version of Huntress in the product as well.
What are your thoughts?

We get SentinelOne via Pax8 which gives us the full dashboard, but as many security products are, it can be a bit overwhelming to learn the tool.

Sentinel one uses shadow copies to recover encrypted data. Can’t the ransomeware just delete the shadow copies?

I would love it if you made a video demoing sentineone.

Yes, if the ransomeware get’s in deep enough it will destroy the shadow copies.

I had my meeting with Bitdefender yesterday and they claim that they do not use shadow copies. They use their own proprietary software that will allow you to revert encrypted files like SentinelOne.
And their system wont be destroyed like shadow copies can.

ALL SYSTEMS have fallen to ransomware, don’t care what the sales people claim. I hang out with the team over at Huntress and they have repeated it many times, NO SYSTEM is infallible.

Can you do a walkthrough video on SentinelOne one of theses days?

One day…not sure when.

Tom, which version of S1 do you get from Pax8? Control or Complete?

The more expensive one, which I think is complete.

1 Like

Do you purchase o365 from pax as well?

Yes, pax8 is generally easy to deal with.

1 Like

I just finished a large scale PoC with both, as well as CrowdStrike and Sophos.

We picked BitDefender Ultra for these reasons:

  1. Aced our internal tests. S1 blocked some false positives but blocked everything malicious we threw at it.
  2. Price isn’t even in the same ballpark. We added patch management and extended the crap out of EDR retention for less than half the price of S1 complete.
  3. Firewall management features are actually really good although not really hyped. It has taken over our client firewall management entirely and is doing a great job.
  4. XDR visibility is pretty damn good. Not quite as good as S1 but enough for our needs. Its a hundred times better than Sophos.

We loved S1 for the most part but its lack of a real useful UI for the users kinda killed it for us. We don’t have 24/7/365 coverage and have some users that run tasks that are prone to be detected and need to have some ability to self manage. Especially looking at a product more prone to false positives.

Crowdstrike and Sophos did not impress on our internal tests. Crowdstrike failed to block most of our tests.

Because of the price canyon between S1 Complete and BitDefender Ultra, we decided to get more optional addons out of BitDefender and look at doubling up down the road. One great option for these new AV vendors like CrowdStrike and S1 is to buy their XDR packages and have them run on top of a traditional AV vendor. This would still be cheaper than the S1 complete package.

Let me know if you want more info.

1 Like

I’m trialing both SentinelOne Complete and Bitdefender ATS EDR. Bitdefender seems like it has more to offer and the dashboard is more functional.
And yes, Bitdefender is less expensive.
I do like SentinelOne’s new agent UI though.

Jeez. SentinelOne is a pain. It was deleting quicken exe files right after trying to open quicken.
No pop up about quarantining files or anything. I told SentinelOne that it was benign and released the exe file. Then bam, it quarantined it again.

What vendor did you go thru ?

Solarwinds for SentinelOne. But I am cancelling Solarwinds and have opened an account with PAX8 (Thanks Tom!)
So, that being said, getting away from the Solarwinds RMM version of S1 and going with Pax8 is much better and perhaps I would not have had these issues with the Normail S1 thru Pax8.
Uninstalling the Solarwinds S1 from computers has been a nightmare. I had 2 computer that wouldn’t boot anymore and some would uninstall S1 but then magically re-install themselves. Solarwinds is awful.
But I am testing Bitdefender GravityZone thru Ninja and it looks pretty good.

I’ve been using Bitdefender Endpoint for few years and looking to add additional security. Are you testing EDR/ATS with Bitdefender ? That’s what I’m thinking of possibly adding to mine along with Huntress.

Yes. Advanced Threat Security with EDR.

I’ve started using GravityZone and it is a bit of a mess. Setup company, then setup policies, then setup Packages for each comapny? jeez. According to Bitdefender you can’t adjust machines granularly. But it appears you can? I don’t know man. SetininelOne is starting to look better.