Real-world Experiences with Sophos MDR vs. SentinelOne Singularity MDR

I'm not a sysadmin, but I've found that SentinelOne can really chew up CPU resources. I manage a different agent and have seen SentinelOne consuming about 10% of CPU on average, which affects overall performance, especially on less powerful machines. It can be a bit of a trade-off depending on your hardware.

Why not consider CrowdStrike Complete? It tends to use less resources compared to SentinelOne, plus you avoid many false positives. But I get that it’s significantly pricier, especially for nonprofits.

I really like SentinelOne, but wow, it can heavily impact performance. You have to plan around it and expect higher costs for hardware or cloud services due to its resource demands.

As a current Sophos employee, I'd like to clarify that all Sophos products, including the firewall and Microsoft M365, are included in the MDR license. If you decide to integrate other products later, you can do so without any extra costs. Also, the analyst team can send IoCs directly to the firewall for blocking threats, which adds a layer of protection. If you're already managing your own Sophos Firewall, this integration would be advantageous for you.

We just switched from Sophos to SentinelOne, and here's what I think. SentinelOne is more affordable and way easier to deal with through our VAR. The installation for both was pretty similar, but SentinelOne's UI feels more user-friendly. Unfortunately, Sophos had issues consistently responding to detections, and we often found it failing to isolate devices during false positives. Plus, we faced some performance issues with Sophos on Macs, requiring significant manual intervention. In short, I'd pick SentinelOne again without hesitation!