CrowdStrike vs. SentinelOne

An ETR Data Review on Leading EDR/XDR Competitors

Andrew Licini | ETR Research  

| March 03, 2023

CrowdStrike & SentinelOne Continue to Grow Customer Count, but CrowdStrike Leads in 2023 Expansion Rates

In this article, we highlight 2023 spending intention data for CrowdStrike and SentinelOne ahead of their upcoming earnings reports. While both vendors continue to grow their customer count, CrowdStrike leads in 2023 expansion rates. ETR Clients and Free Trial members can read the full JAN23 reports for each vendor on the ETR platform: CrowdStrike, SentinelOne. In the meantime, enjoy a data preview and analysis on these two leading next-gen endpoint protection vendors below.  

CrowdStrike still dominates ETR’s spending intentions data with the highest Net Score (58%) across the entire Information Security sector (among vendors with at least 50 citations). SentinelOne is also well-positioned with the 8th-highest Net Score (38%) in the Information Security sector. The disparity becomes wider when viewing the Pervasion metric, where CrowdStrike is in 5th position versus SentinelOne ranked 30th, illustrating just how entrenched the leading vendor is.

Both CrowdStrike and SentinelOne have seen impressive gains in Pervasion recently as compared to the 2019-2021 surveys; however, SentinelOne's customer count shows some signs of stagnation vs 2H22 surveys. On the other hand, CrowdStrike continues its penetration into large enterprises with no signs of slowing, extending its lead over endpoint security peers.

A key driver of CrowdStrike's elevated Net Score is customer expansion rates: 46% of customers plan to increase spend in 2023 vs 44% in 2022. SentinelOne also leads the majority of InfoSec peers in Net Score but shows a y/y decline due to weakened expansion rates, as 35% of customers plan to increase spend in 2023 vs 43% in 2022.

ETR not only collects and analyzes spending intentions data directly from our qualified community of IT decision makers that utilize today's leading enterprise technology solutions, we also have been conducting qualitative calls with them for years, specifically designed to capture IT trends and vendor evaluation commentary. Here is what a few recent calls uncovered about these two vendors:

"We've significantly increased our investment in CrowdStrike. We've deployed it across endpoints. And as a corollary to that, we’ve made investments with endpoint management tools, which has allowed us to with greater confidence roll out tools like CrowdStrike across university endpoints, staff, and faculty, and laptops and desktops. So we actually have a split deployment, where we have some of the XDR and EDR functions for CrowdStrike" - Director of Cloud Security, Large Higher Education Organization | ETR Insights September 2022

Despite CrowdStrike leading the JAN23 data, here we learn about another ITDM favoring SentinelOne for the vendors expanding feature roadmap and more flexible pricing:

"We evaluated CrowdStrike and SentinelOne, which are both great solutions. CrowdStrike is more focused on the managed detection and response (MDR) component, whereas Sentinel One left it more on the organization to manage. That's a good selling point for organizations that don't want to spend the extra money for a managed solution.”

"SentinelOne is now marketing itself as an XDR and really making a push into integrated endpoint detection response by integrating with third-party applications. We're really happy with SentinelOne... we had zero problems regarding the deployment and the maintenance.”

"SentinelOne is also incorporating a vulnerability management component into their EDR solution, but I don't know if they're going to be able to patch systems. Sometimes they tell us that they can actually replace Qualys, but if SentinelOne can't patch systems, then there will still be a need to have a solution like Qualys in place" - Director of Information Security, Large Higher Education Organization | ETR Insights February 2023

That comment about XDR vendors claiming the ability to safely and successfully replace a vulnerability management solution piqued our interest, so we looked at ETR's proprietary shared accounts analysis using Qualys' customers as the base sample.

Qualys' Shared Accounts: According to ETR’s proprietary shared accounts analysis, the Information Security vendor that has the highest spending rates among Qualys customers is actually CrowdStrike, with a shared citation overlap of 122 and a whopping Net Score of 60% within Qualys’ accounts. SentinelOne ranks 11th in this analysis, with a shared citation overlap of 50 and a Net Score of 32%.

Regardless of the correlating data, recent ETR Insights calls with CISOs state that EDR/XDR vendors will not be able to take share from the Vulnerability Mgmt. vendors until they reliably prove their ability to conduct the critical security hygiene of basic scanning and patching in an automated, repeatable, and effective manner. It seems more likely that that day is more a matter of when than if, something interested parties should monitor closely going forward.

If you want to dive deeper into the data and Insights interviews that helped support this article, log onto the ETR Platform or get started with your own Free Trial.  

If you would like to learn more about our syndicated research or request your own custom research projects, just reach out to us at  

Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to provide actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at