Binary Defense MDR Reviews

We're using it as a security operations center. Our main product is an Intellectual Asset Management system hosted in a SaaS environment. We have two hosting facilities, one at IBM Cloud and one at Microsoft Azure. We wanted an external provider to watch those servers for any indications of compromise and to immediately intervene if there was anything of concern. 

As we have been growing, we wanted to ensure there are extra measures put in place, and therefore involved an organization that had the security knowledge and the capabilities to work with us in a customized fashion.

When our clients talk with us about storing their data in our servers, because ours is a SaaS model, they need validation that it is secure. Having this outsourced SOC, Binary Defense, ensures that we can look our clients in the eye and say, "Your data is secure. It is being monitored 24/7/365 by a dedicated team of security professionals." That's huge. We're buying peace of mind and the ability to tell our clients that their data is secure (and we know it's secure because we have a team of experts watching it all the time).

It has certainly improved our security posture. We were a secure organization six months ago but even more so now because of our relationship with Binary Defense. They give us that second set of detection and are looking at everything because that's their job. They're not doing security in addition to other things. They're doing security, period. That laser focus on security adds to our internal security posture. It's now the sum total of the experts within our organization plus Binary Defense.

Another benefit has been the time savings in client security assessments. When we tell a prospect or a client that we're using a managed, outsourced SOC, that saves the back-and-forth of having to justify our internal security operations. They know there's a fully dedicated team looking at security, and that saves us time and, potentially, wins us business that we might not have been able to previously.

The customization has been the most valuable aspect and was really the reason we ended up selecting Binary Defense. They worked with us to provide exactly the level of support, features, response, and collaboration we needed. We didn't have to force-fit anything. They were able to customize their offerings specifically for our needs.

The most important thing for us is that, internally, Binary Defense has a toolbox they can use in any way needed and they were able to layer onto the systems we already had in place. They didn't come in and say, "Oh, you have to scrap everything that you already have." Instead, what they said was, "Great, here's what you have and here's what we're going to layer on. We'll combine it all together and give you a unified impression." That was really important to us. We already had a fair number of security tools in place that we like and trust. The fact that Binary Defense could work with them and layer on top of them was huge.

I have been very impressed with the level of partnership, and I don't use that word lightly. They really are a partner. They're not a vendor, they're a partner. Their staff has just been superlative.

Another valuable aspect is that they have an excellent ability to integrate with other applications and tools. We have all the external servers that support our SaaS operations already complete and we're now rolling it out on internal servers, like engineering and development and support servers. I don't think we've had a single issue with compatibility. It just drops in. It's seamless. We don't need to reboot the system when we deploy the agent. The integration is outstanding.

They also bring a solid XDR strategy to the table. Another important aspect of our partnership is that we’re putting our trust in Binary Defense. I trust them, and that's really what this whole thing is based on. They need to earn that trust—and they have. In terms of the threat landscape and looking at issues that come up, they're very solid.

When implementing a system like this, one would expect false positives. It's going to raise issues from normal business operations that are actually fine but just look bad. There are two things to note here. First, the rate of false positives has been quite low and has actually been decreasing over time as Binary Defense learns our operations, which is great. Second, and more importantly, the things they were raising were completely reasonable. For example, we added an administrator to the server and received an alert, which was great, because if a bad actor were to get into the system, it would be detected.

The alerts we've received have been spot-on and we have had zero real alerts, which is a good thing.

We have been using Binary Defense MDR for about six months.

The stability of the solution has been perfect, other than one issue where an agent had high memory usage, but that has not come back. It's been reliable.

The scalability is fine. We're licensed for 1,400 seats and we're using about three-quarters of them so far, and we're continuing to roll out. There have been no issues with scalability. 

I can't speak to a scenario where you're deploying higher amounts of seats, but certainly, in the hundreds or low thousands, we've had no issues at all.

The technical support is excellent. We found that an earlier version of the agent had high memory usage and that was a bit concerning, but we raised the concern with their support team and they immediately replied that they had noticed the same thing and had a candidate fix already available. Other clients were already testing the fix and found it resolved the issue, and they asked if we would like to test it as well. We said yes and deployed it, and it totally fixed the issue. It then rolled out automatically to the rest of our suite with the next available update. It was seamless.

All software has issues and it's a question of how the provider addresses those issues, and Binary Defense was outstanding.

This is our first MDR SOC.

One of the reasons we considered Binary Defense MDR in the first place is that we have a several-year relationship with their sister company, TrustedSec. They do things like penetration tests and we have them on retainer for incident response. We envisioned that it would be—and it has actually been—a benefit having our MDR provider related to our security consultants. The relationship between Binary Defense and TrustedSec has been valuable for us.

Our deployment model for the solution is all Azure and IBM Cloud and we use an IaaS model. We have hundreds of virtual machines and we have rolled out the agent to each of them. We're fully a Windows organization, so we've only deployed the Windows agent. We've deployed it to virtual machines in Azure, Azure Government, and IBM Cloud, in various locations around the world.

I directed the team that did the initial setup. It was very straightforward. You run an installer and it's there and you don't have to reboot. It just works. I did this as part of the proof of concept and you're able to see it reporting into the master console within a few minutes. It's very easy. It's very well documented.

The solution doesn't require any active maintenance. It automatically updates. Every month or so I receive an email that says, "There's a new version of the agent. Here are the new features. Yours will auto-update within the next couple of weeks unless you've disabled auto-update." It's basically set-and-forget.

We received the information from Binary Defense but we did the work ourselves, but we did work with them to ensure we were going down the right path. They conducted checks on everything and reported back to us on effectiveness. We validated the approach with the team, but we did the work.

We had two people working on the implementation, but it wasn't full-time. We used an automated tool to push it out. We didn't deploy to hundreds of VMs manually.

We haven't yet seen ROI because we haven't had an issue, but these expenditures were approved by our board. It is known that this is money needed to protect the organization and reliably stay in business. 

There is a "peace of mind ROI", that can't be quantified. Do I think we're getting good value for the money? Yes, I do.

The pricing is on target. Working with their sales team on pricing negotiations was a pleasant process. They were very respectful of the constraints we had and I feel that we're paying a fair price.

If you're considering a managed detection and response solution but the cost is an issue, you can pay a fixed amount now or, potentially, a catastrophically larger amount later. There is a saying that there are two types of people in the world: those who have had a hard drive failure and those who will have a hard drive failure. The same is true in cybersecurity. It's not a question of if, but a question of when a security issue will arise. It is incumbent on every IT professional to have as many arrows in their quiver as possible for handling those situations. Ideally, we prevent it from happening, but if something gets through, we must be able to detect it and respond.

What you're buying is peace of mind. You know that even at 3:00 AM on Christmas Eve if something happens, it's going to be taken care of quickly, and that counts for a lot.

We evaluated other options but the key reason we chose Binary Defense was the customization. The MDR industry is fairly robust at this point and everyone has pretty similar capabilities. In fact, some of the capabilities of their competitors were actually a little ahead of what Binary Defense has, but the customization and the ability to work with us to fit into our existing environment was what catapulted the company to the top of the pack.

Most, if not all, of the providers we looked at, would work and have the base features we needed, but for our particular environment and the customizations we needed, Binary Defense was by far the best.

We still monitor internally so it hasn't reduced our workload, but it has made us more efficient. It's like putting on a pair of glasses. The world is sharper as a result of the information they're providing us.

With the last six months under our belt, I've been very impressed with the operations, both from a technical perspective as well as from management and executive perspectives.

The most important advice I can give is to make sure you're comfortable with the company and the staff. All of the products that Binary Defense competes with basically do the same thing. They're all good and they're all going to help you. So the top consideration is whether you are comfortable with the people you're interacting with.

We use it to get security notifications. There are only two security people on my team, and monitoring things 24/7 would take a team of 10 or 12. We use Binary Defense to help monitor things for us so that my team can work on the day-to-day security tasks.

They send us alerts and have done a really good job of eliminating the false positives. Early on, there were quite a few. But as they learned about our organization and the roles of individuals within it, that has drastically gone down. For example, initially, they would say so-and-so ran a script. Now, they know who our sys admins are and that running that script is typical for them.

The benefits are the visibility into current critical security events and the effect on our time to respond. Binary Defense has helped reduce our security alerts because we know where our trouble points are, or if we're missing things, and what we need to deploy. It has given us visibility into what to put in and that is how it has helped us the most. I would estimate it has reduced our security alerts by 60 to 70 percent. It has improved our security posture significantly.

And because they do a lot of the management for us, it has reduced our team's workload. We only have to work on the stuff that's identified as something we need to work on, so it has definitely helped performance.

Among the valuable features are the

• agent and continuous reporting
  
• dashboard.

It has all the features we need and we haven't had to customize it, other than turning on certain features that we wanted.

It's hard to think of anything that they need to improve on, but just to point out something, I would like to see them provide advanced XDR.

I've been using Binary Defense MDR for a little over three years.

It's very stable.

We have just under 2,300 agents deployed. I don't know how much it scales. I don't think we rank among the larger sizes of companies, but they thought we were a pretty big organization.

Their support is great. Our experience with them has been very good every time we've had to contact them. They are responsive.

Positive

We did not have a previous solution.

The initial deployment of MDR was straightforward and very easy. It installs automatically and we were pretty impressed with that. They had the right tools to give us to deploy it.

There were three of us involved in the deployment, and that includes me as director of our team, but I didn't do much. It was mostly one technician with some help from another, and it really was done mostly by that one.

There is no maintenance on our side. They automatically update the agents.

The return on investment is the amount of time that we're saving and the fact that we're getting a security analyst. Without Binary Defense, we would only have a team of two security analysts. We would need 10 to 12 analysts to do what they're doing and give us 24/7 coverage. Without them, we only have nine-to-five coverage.

The pricing is very good. They are definitely competitive and they were lower at the time that we went with them. That's not why we chose them, but it's always something you have to consider.

You need the right security tool. Cost doesn't matter if it's a little bit higher but it's the right solution for your business. You shouldn't skip on security for costs.

We did what we call a "battle card" and compared Binary Defense to CrowdStrike, Sophos, and other leaders. Our team's consensus was that they were the best fit for our organization. Compared to competing solutions, the response times from Binary Defense were equal or better.

We have not done an integration of Binary Defense with other tools. We're looking at integrating it with our help desk, but we don't use ServiceNow. We use BMC Remedy and that's what we have to look into. I don't think any issues with the integration would be limitations of Binary Defense, but there might be with our older ticketing system. Binary Defense can work with many open APIs, if I recall correctly.

They also have a great open XDR strategy for securing infrastructure, although we haven't started using it. Early on, I talked about it with the owner of the company who was part of the technical team. It was definitely on their road map and something they knew they had to do and they were working on it.

Overall, our partnership with Binary Defense is excellent. If someone at another company that is using MDR doesn't think that their provider is an extension of their team, they have the wrong provider. Maybe they don't have Binary Defense, because it shouldn't be that way.

We use Binary Defense MDR to monitor our security alerts and network traffic continuously. The solution provides a monitoring service that includes initial triage of alerts and escalation to my team for further action.

Binary Defense MDR is willing to customize its services to meet its customers' needs. Although they have standard service level agreements and escalation pathways, they are flexible and open to adopting solutions or practices that work better for their customers. They are committed to working closely with their customers and customizing their services to ensure their satisfaction.

Binary Defense MDR has improved our visibility through the implementation of some best practices in tuning and helping us establish our security solutions. These areas have provided the most benefit for us.

Binary Defense MDR has assisted us in decreasing the number of security alerts we receive. This has been achieved through the tuning aspect, where a significant amount of noise is generated, and they continuously collaborate with my team to reduce this noise, enabling us to concentrate on the critical components.

Binary Defense MDR has enhanced our security posture in terms of visibility and detection. The improvement is a result of the combination of their service and the technology implemented by my team. As a result of this project, we have significantly increased our ability to detect and respond to threats. Overall, the project and the service have minimized our threat landscape and enhanced our security posture.

Initially, there was a lot of noise and not much value in the alerts we received. We worked closely with Binary Defense to improve the process and specify our requirements. Through this partnership, they have improved their processes and quality checks to provide a better service. In the beginning, the influx of false positives increased my team's workload, but we worked to reduce the noise and focus only on what mattered. This took time, but overall, there have been improvements in reducing the additional workload for my team. However, we still want to be alerted when additional work is needed. Binary Defense's initial triaging has eliminated the need for my team to analyze every single alarm and alert.

One of Binary Defense MDR's main benefits is the ability to easily meet with their support team to discuss any issues we encounter. The team works with us to develop a plan to mitigate the issue and then implements a solution going forward to resolve it. Their responsiveness and willingness to adapt to our needs as a customer has been the greatest benefit.

Historically, Binary Defense MDR did not have a strong ability to integrate with other applications or solutions. However, they are currently undergoing a transformation driven by previous issues, where there was a need for capabilities to streamline operations. As a result, they are in the process of implementing additional solutions that will enable integrations with other platforms and applications.

The current reporting system could benefit from improvement. It would be helpful to have regular reports that provide value and clearly demonstrate the team's accomplishments over the past month. This should include information on resolved issues, metrics, and any additional details that highlight the team's contributions.

I have been using Binary Defense MDR for six months.

Binary Defense MDR is a stable solution with a commitment to ongoing improvement. Without their continued efforts to get better and implement changes based on our feedback, this review would be quite different. The organization has also brought in a new leadership team, which has brought fresh ideas and a clear vision for improvement. This partnership, combined with the leadership team's efforts, has led to increased stability and sustainability for the company.

Binary Defense MDR is scalable. 

The Binary Defense support team is a great team to collaborate with. They hold regular meetings with the project team, offer suggestions, and establish rules within the system. Once completed, they transfer these responsibilities to their production team that handles MDR services in a steady-state manner.

I changed to a specialized provider from our previous solution. I aimed to look for a smaller organization that I could potentially partner with more effectively. Large companies often treat their clients as just another component of their operations. Therefore, I sought a smaller niche firm to work with closely and create something together, resulting in a better relationship and improved work outcomes. Consequently, we decided to partner with Binary Defense.

The setup process is complicated. I am uncertain whether this is due to our own internal issues, or if it is partly a result of my environment and our own processes. While it was easy to initially set up the platform, the integration, and tuning required a significant amount of time. The deployment also took a lot of time, and it took us around six to eight months to achieve a steady state where we were satisfied with everything. Fifteen to twenty people were required for the deployment.

The implementation was completed by Binary Defense's professional services.

The primary return on investment has been in risk reduction, which has allowed us to gain better visibility of our environment. We can now identify our biggest threats and tailor our defense strategies to protect against them. This also helps when communicating with regulatory commissions and government entities, as we can demonstrate our 24/7 monitoring capability and provide additional assurance. Risk reduction and improved communication with stakeholders are our two most significant ROIs.

Binary Defense has changed its pricing model from being primarily based on the volume of data to one based on escalations and incidents they handle. This change is positive because it encourages clients to provide as much data as possible to assist the Binary Defense team in triaging and identifying true positives. However, they also aim to keep costs within a set parameter. This allows for better management of costs and higher accuracy in detecting true positives while minimizing false alerts.

I give Binary Defense MDR a seven out of ten.

For someone who wants to purchase a managed detection response solution but is concerned about the cost, I would like to understand the primary concern, whether it's related solely to cost or to the cost model. Depending on the company and its requirements, the reason for cost concerns can vary greatly. If the concern is cost, I may not have much to say. However, if I ask questions to better understand their concerns and where they should focus their security monitoring, perhaps they can reduce the volume they send and focus on a smaller solution, such as an EDR, instead of sending their firewall logs.

The maintenance is performed by either Binary Defense or their technology provider.

Binary Defense MDR has demonstrated a willingness to invest in our relationship to the same extent as we do. As a result of our ongoing collaboration, they have reciprocated our efforts. Although having a third party as an extension of our team can be challenging, we believe that frequent communication and nurturing this partnership will lead to better outcomes. Our experience with Binary Defense has been positive overall.

To evaluate the solution, individuals should consider running a proof of value or a proof of concept, if possible. It would be beneficial to have Binary Defense demonstrate the value and services they can offer to gain an understanding of the type of service provided by their MDR solution.

We're a big company with a small IT shop, specifically when it comes to IT security. We needed a partner that could be an extension of our existing team.

Binary Defense MDR has been that "bolt-on" that we need, giving us extra visibility into our environment and things that may or may not be seen by our existing products. That was really the goal of bringing an MDR in. We have a lot more visibility into things that we didn't before. It has made security operations a little easier, and that was the goal. Automation is king for smaller shops.

It has allowed us to have a little more peace of mind because we know, if somebody knocks on the door or gets on our network or even from the perimeter, Binary Defense is listening. They have adequately detected things and been able to let us know. Even if some things may not be actual threats, they're out there monitoring and letting us know when we might have an issue to look into. The biggest issue for most organizations is that they have people who don't know what to look for or who don't get enough visibility, especially internally on their network. Having a partner that is able to say, "Hey, you've got A, B, and C going on here," and actually filter what's an actionable threat versus what is just white noise, has been a great benefit for us. That was a big problem with our previous MDR: we got way too much white noise.

With every MDR, you go through a period of white noise first for a month or two. That period, for Binary Defense, wasn't anywhere near as long as it was with our last provider. There were reports that we would get from our last MDR that just weren't valuable, on a regular cadence. We also have other tools that Binary Defense integrates with, like Microsoft's Defender for Identity product, and they are able to respond at a faster rate. And there isn't a pile of noise that we have to go through and waste people's time. It's not just done with AI, but they actually have someone looking at a ticket and saying, "I've got X, Y, and Z," or "I've got possible indicators of compromise. Let me escalate to somebody."

Using Binary Defense has saved our organization time. I wasted a lot of time going through white noise tickets from our prior MDR. On average, I would see 10 or 12 tickets from them per day and, 90 percent of the time, they had no valuable information. They were things that really didn't need to be brought to my attention or that somebody in their SOC didn't really look at closely or correlate the data. Their white-listing time period was really long, and I gave them that feedback a lot of times in our one-on-ones.

With a new MDR, you expect a time period where you're going to get hit with white noise. We really didn't have that when Binary Defense flipped the switch. Sure, we've seen a little bit of white noise here and there, but nothing on the scale that we saw from our previous provider. We had a few oddball tickets, but they actually had valuable information, things that I didn't know were going on. We were able to change processes around those. That has been pretty helpful.

For example, our pen tester likes to be sneaky. They used one of our help desk tech's credit cards to create an account to do their tax with, and Binary Defence caught it. Through the purple test, we were able to identify that we needed to see this information. We changed our process so that when those tickets come in, we're able to copy our help desk so that they can verify things.

Binary Defense has definitely helped reduce our IT team's workload. It allows us to focus on things that are high-priority security issues. Our last MDR would just toss stuff over the fence. But this service has helped to reduce the footprint of escalations from a security perspective, and if something is a "911", they'll call and say, "You need to look at this immediately." That is very valuable because we're not wasting people-cycles trying to chase little things that may or may not be important.

Also, I've had phone calls from their SOC team where I have been shocked at how fast they have responded. For example, suppose one of our admins escalates somebody's rights. They have called me directly and said, "I've got a user here that's doing these changes," and that was within a few minutes of them detecting it. That is A1 customer service, especially when time matters from a security perspective. I believe the pitch that Binary Defense gives people is that they respond somewhere within 13 to 15 minutes, but they've always met or beat that.

Compared to our past MDR, their time to alert has been fantastic. Before, we had a lot of scenarios where we just weren't getting effective alerts. Binary Defense also has honeypot tech deployed and that has been really great. I've had some really good feedback from other ops folks about that. 

Their processes and the way they document their tickets have been really valuable to us too. With our prior MDR, they would say, "Hey, we see this," but there would be no technical details. We're a very technical group because we're so small. We have to have experience in a multitude of things. The tickets from our prior MDR just weren't valuable. With Binary Defense, we don't just get an alert, but also a detailed rundown of why they're alerting us on it. They tell us what was executed, or the username, script, or IP. That way, we're not wasting time investigating.

Customizability with Binary Defense is better than a lot of companies that I've seen in terms of modifying their playbooks and tooling them the way you need them. We've done a few things, especially after doing pen tests and purple tests, and we have been able to tighten or customize a rule. That has been really great. With our last provider, one of their failures was that they didn't really want to talk about their playbooks and there wasn't that level of customization that Binary Defense has. I definitely give them top points for that.

Their integration with other applications and tools is not something I would call a complaint, but it is something they need to work on. In my experience, a lot of our integrations are done through APIs. A lot of what I've seen so far from Binary Defense—not all of it—seems to be beta integrations.

For example, their Duo and Proofpoint integrations aren't really what I would call ready for production. They have probably been working with those vendors to work out the kinks, but they're really not 100 percent production ready. And while there isn't really anything valuable we would get from Duo from a reporting standpoint, sometimes Proofpoint's SIEM tool or SOC can see something that might be valuable. We already get alerts from Proofpoint, so it's not a "make or break", but I have given this feedback to Binary Defense: This is something that should go the API route.

Their Microsoft integrations are top-notch and they do some third-party stuff really well for log ingestion, but I would like to see Binary Defense's development team change over to an API connection, versus how they do it today.

Also, if I were shopping for an MDR solution today, I would not only look for a company that has the ability to alert, detect, and remediate, but also the ability to integrate vulnerability management. That's a big thing that they're lacking today. We offset that with another product, but that should be part of their product offering. I've given this feedback to our account manager too.

Another point is that maybe they should have their own SIEM offering. Today, they offer AT&T's AlienVault, which is a good product in its own right, but it's not something that they offer directly from themselves. It's the same thing with Azure Sentinel. They just started offering that as a product you can buy as part of their service, but it's not their own SIEM. I would be interested in seeing them build out their own SIEM and offering that as a product you could buy. That would be very valuable to their customers because they would not have to rely on their folks learning another system.

We've had Binary Defense MDR for about seven months.

So far, the stability has been good.

The feedback we got from another company that had passed on Binary Defense was that they thought it had good scalability, but they didn't think it would work for them. The reason that it wouldn't work for them was that they had too many kinds of devices. They not only had workstations and servers and endpoints, but they had a lot of specialized manufacturing devices that they needed to monitor.

That is no fault of Binary Defense. That kind of customer isn't really their target audience. Their target audience is shops that are purely Linux/Macintosh/Windows, that don't have specialized industrial products.

Their support varies on who you get, but in comparison with other companies that I've dealt with, like Rapid7 and a few others, I would give Binary Defense's support an eight out of 10. There are definitely some improvements that could be had, but those are more around training. I think they're going through expansion right now, building out their product and adding more folks.

My only call-out would be that they have some techs that need to take a closer look at account notes for customers. They may need to work with some of their newer folks and get them to be a little more attentive or a little faster in their responses.

I've had a couple of tickets where the replies were delayed, but those things happen when you're hiring new people or training them. Sometimes that slips through the cracks and there's nothing you can do about it.

Also, I can't say that Binary Defense has changed our security posture because our relationship, at least so far, has not been like that. They should probably add an SME or an adviser to each account. We have regular cadence meetings with our account manager, but other MDRs that I have PoC'd would always have, as part of their product stack, a time period where somebody from the SOC would say, "Hey, these are the things we saw." That's something our account manager does, but those other services would give recommendations on goals, from a security perspective, that we should look toward.

In terms of our partnership with them, I would give it a grade of 90 percent. Obviously, there are days when things fall through the cracks, you always have to calculate for human error, but it has been a great partnership so far. A year from now—and this is what we do with every product—we will reassess and evaluate and do a pen test to make sure that we're getting the security operations that we expect out of our products and teams. I would suggest that anybody in the midsize company space that needs a good partner to keep an eye on their environment, one that can be flexible in that environment, look at Binary Defense.

Positive

We had a prior company for a year called Arctic Wolf that we were not happy with at all. One of my colleagues who is a pen tester had suggested Binary Defense, and we ran a PoC with them. They did really well, scored really high, and they have been a great partnership so far. 

When we did the purple test with Arctic Wolf, they failed really badly. We gave them an opportunity over the course of a year to improve but they just weren't improving. They were wasting our time by pointing out things that were more "busy work" instead of actually addressing their problems. The big buzzword that they used was in saying, "Well, this is in beta." I would say, "Well, you're a production-level company. Everything in your playbook should not be in beta." I would hit them with random pen tests and, in almost every instance, they would fail. They might catch one or two things here and there, but they were things that I would have expected anybody to catch. And the things that they failed on were things that any MDR product that's worth its marketing should be able to catch.

We don't have anything in the cloud, we have some other sensors on-prem, but we do have their agents deployed everywhere. That means we have some Azure assets that have their agents installed. We have API integrations with all of our Microsoft products and some third-party stuff such as Proofpoint and Duo MFA. All of our servers and workstations have their agents deployed and we have the AT&T AlienVault SIEM set up. We have logs from our firewalls being sys-logged up to that and a few other products. We're somewhat blended but it's mostly on-prem.

In terms of the initial setup, my career path has been engineer-level, so for me, it was pretty straightforward because I'm familiar with how their configurations work. Someone who is, say, only five years in, might have a little more of an issue. But their documentation is done really well, once you get access to the portal. They have links that walk you through it step by step to do the configuration. Obviously, there is an expectation that you are at a certain level of IT experience to install and deploy it. But it was well within my expectations of what an MDR deployment process should be. 

The follow-up, from an implementation standpoint, could have been a little more fine-tuned. For example, with Proofpoint, Binary Defense doesn't use an API integration. They use some script with a VM to ship that data off to their cloud ingestion. I think there's a better way to do that but I can't fault them for that because that's what they're getting from Proofpoint. Overall, the complexity of the setup, between one and 10, was a seven or eight. For me, it was really easy.

The only maintenance that I've seen is agent-based, and that's all done through the cloud.

I worked with Binary Defense to implement the system. They have an implementation team, a few engineers and a product manager, who walk you through the process. Our experience with them was good. It was better than my last MDR deployment, in terms of how they ran the process.

Near the end, it was our team pushing forward certain things, but the things we were griping about were things that are out of their control, waiting for third-party vendors to address. But that is something I would have liked to have been apprised of earlier in the process, that they really didn't have a great integration with this or that. 

But overall, it was a night-and-day difference in comparison to Arctic Wolf.

We have seen ROI with Binary Defense, and my leadership is in agreement with me on that. Our CIO and our director of infrastructure both said they have had a really good experience with them, especially when compared to our last MDR. 

It has saved us a lot of time, headaches, and money overall. Today, it's not if you're going to be breached or attacked, it's when. That's the reality of the security space, so monitoring and having those insights are key. There will always be threat actors who try to exploit something. For example, as soon as the SVB failure happened, there were reports of phishing attacks increasing exponentially for customers of that bank. The threat actors understood they had a little bit of a window to attack these folks because they were vulnerable to a phishing attack. That's something you have to address in this space.

With our prior MDR, there would be three or four days during the work week, and sometimes weekends, where I was wasting time responding to tickets. Now, going into the evening or the weekend, the only time we get a call is for something that has actionable intelligence. That has been a relief for our team. We know that if something crazy is happening, they will call us and tell us we need to address it immediately.

All IT companies inflate their pricing to some extent. But sometimes companies don't have a big budget. The provider comes in with a high number and then they whittle it down to what both parties can accept. 

Binary Defense is hindered by the fact that the SIEM they are offering is a big part of their price point and they have to eat it, sometimes, when they try to get a midsize or small company. They either have to filter down their log ingestion or lose some of those logs at the end of the month to meet their cap. That was one of the only positives with Arctic Wolf. I don't know who they were using, but they claimed to have an unlimited monthly amount, and then had cold storage for 90 days.

That is one thing that is lacking for any MDR. It's not necessarily an issue specific to Binary Defense. It's just how their pricing structure has to be.

From the initial cost that Binary Defense came in with, we pared it down quite a bit over the course of 30 or 60 days. My leadership would say that their cost was high, but realistically, they were in line with the market.

They have a good product offering in terms of their XDR strategy, but they could retool it a little bit. I've talked to CSOs and other people in the security space— and this isn't just a problem for Binary Defense—but they have what I call the "package problem" where they try to "line-item" things. I understand they're a service and trying to make money, but the big players like Binary Defense and CrowdStrike need to talk with their marketing and product line people and say, "We need to offer an all-in-one solution."

Binary Defense also offers things like deep web scans and a new product that is a collaboration with ExtraHop Networks. They should look at providing their own product. And that deep web stuff should be in an all-in-one package. The reason that we didn't go with that is I didn't think the cost was worth it when there are third-party or even free tools that you can use to supplement that. It just didn't seem like the value was there. If it had been an all-in-one package, as part of the MDR, there would be more value in that. Maybe a larger company that has a bigger spend might be more inclined to mix and match and buy parts of it, but a midrange company like ours needs an all-in-one solution.

We PoC'd, Binary Defense, Rapid7, and a third product, but we eliminated that last one pretty quickly because it didn't meet our needs. Rapid7 had what looked like an okay product offering but we got some feedback from some CSOs and other people in the security space who were not happy with the product overall.

I wasn't happy with Rapid7 because they would not let us PoC their SOC. They would only let us PoC their MDR bolt-on. Near the end of the process they said we could PoC their SOC, and that really annoyed us because they had wasted our time saying that we couldn't do that.

At the end of the day, from a technology standpoint, Binary Defense met our needs for an MDR provider and checked all the boxes. They went above and beyond and that really played into our final decision. I also got some feedback from pen testers who said they had gotten really great feedback on that company and that influenced our decision as well.

You can't just take response time into consideration. The information that they respond with is just as important. But Binary Defense succeeded in both those aspects every time. During the PoC, their response time was really fast, within a few minutes. In my experience, they have been in the 89th to 90th percentile for response time, given what I would expect from MDR.

With Arctic Wolf and Rapid7 as examples, they would alert within a pretty decent amount of time, but the information wasn't as valuable. They would link to MITRE ATT&CK documentation, but that doesn't do you any good. I want to know "who, what, where, when". That's essentially what I get from Binary Defense, the meat and potatoes information that is most valuable to me as an IT professional. 

There are two types of MDR and security solutions today. There is the kind that deals with IT people who want to see a certain level of information so that they can investigate things on their own, and they need the right information in front of them. Other solutions are for IT folks who are at a certain level but they only want just enough information to allow them to check off a box. 

The playbooks for Arctic Wolf and Rapid7 were not that impressive. Rapid7's technology was a little better than Arctic Wolf's, but neither was anywhere near as complex or as well thought out, as a product stack, as Binary Defense.

Anybody who is looking for an MDR needs to have a serious conversation with their leadership about their needs or what problem they are trying to solve. That's what we did. In our case, the problem was that we didn't have enough people to keep our eyes on every single bit of day-to-day operations from a security perspective. We needed a partnership, an extension to our staff. And it has been great.

The big "gotcha" is you need to figure out what you need and what your expectations are for the cost. You have to weigh what it would cost to pay a full-time security person throughout, because they're not cheap. The market is screaming for security people right now. There are hundreds if not thousands of companies looking for security people. IT leadership has to say, "We can either pay X dollars per year for a SOC service to help us manage things, or we can get a manager and a handful of SOC analysts to bolt on to our existing staff and pay them 2X dollars a year."

Another driving factor is cyber security insurance. That space has changed a lot, especially in the last five years. That was a big talking point within our organization because we needed to tick the boxes or we were not going to be able to get cyber insurance.

Another factor to be aware of is long-term stability. Mandiant was on our shortlist when sourcing our prior MDR solution, and we didn't go with them because they were way overpriced. But what ended up happening was that the company was split up. So that was a concern of ours with Binary Defense. You see that in the market. There are companies that are really hot, they do really well, and then they get to a certain level and they're bought by a larger company. That was a conversation we had with our account manager. We asked what their "five-year" looked like and what their growth looked like.

That was the big concern for our CIO: Are we going to be replacing you in a year or two? Are we going to reevaluate this conversation because the relationship has changed or the quality of the product has changed because you've decided to have a third party invest in you and now you're not giving us the same product stack or customer service that we had? That has not been an issue so far. Based on the outlook that they gave us, it seemed that it was not going to be an issue.

Binary Defense provides us with Security Incident and Event Management (SIEM), managed by their third-party SOC team. They are our MDR provider that provides MSSP services; they review the alerts coming into our SIEM from all our devices across the globe, then translate those into alerts and incidents, and elevate them to my internal team, and we take care of it from there.

Our environment is global, with three primary regions: Asia-Pacific, Europe, and North America. We have several remote sensors in each area, with intrusion detection sensors at some locations.

The solution improved our organization because we have a very small information security section augmented by a great team at Binary Defense. There's no way my small staff could handle the volume of work they do; to sift through the 23 million plus alerts, do the analysis, address them promptly, and provide 24/7 support. The service is truly remarkable.

The product helped reduce our security alerts; when I first came to the company, they hadn't had a security person for about six months before I arrived. Binary Defense was dealing with the lion's share of the load on the outside, and when I came in, we reduced the alerts through our collaboration. Since then, we've also streamlined the filtering and notification process, which has been integral to updating processes on our side. The Binary Defense team is just as responsive if we see a possible improvement in their operations to improve their service for us or other customers.  

Binary Defense helped reduce our IT team's workload, mainly by streamlining the processes and reducing the volume of notifications and alerts, which equates to less time spent on false positives, etc. My team can focus on actual alerts rather than false ones, and that's integral. Regarding time saved, we went from having close to 300 alerts when I first got here, and we're now down to about half that. That's a 50% time saving due to the analysis the solution provides and how it now tunes out all the noise.  

The most valuable features are the SIEM and the ticketing function; the latter is very smooth and easy to read and understand. We don't have any issues looking at the ticketing information when we're trying to identify what's going on.

I love how customizable the solution is; the Binary Defense team has been integral in ensuring we get the right alerts etc. They're super responsive; whenever we reach out to them, we have never waited more than 30 minutes to get a reply to an email.  

Binary Defense MDR's ability to integrate with other applications and tools is incredible; their team's knowledge of the platform and their ability to integrate it into our environment is outstanding. Their capacity to work not only with me but, on occasion, directly with my users across the globe to assist and fix problems has been remarkable.  

The solution is excellent for securing our infrastructure from end to end so we can detect and remediate threats. We're a very small shop with three staff on the operations side of information security. As such, we lean heavily on the provider that provides MSSP services tool and relies on the logging solution to keep an eye on the situation as well as it does. The way the Binary Defense team can change with the environment, how alerts are happening, and even the log sources have been fantastic. 

The most significant area for improvement is in support for non-English speakers; we're a global organization, so many of our users are not English speakers, which can make interacting with them a challenge. There's no Chinese language support, so we must rely on what we can do with the internet. We don't expect Binary Defense to build a language staff, but details can get lost in translation when we assume the whole world speaks English.

We have been using the solution for just over three years. 

The solution is highly stable; the only stability-related issue we ever had was on the AT&T side when they pushed updates, but that's unrelated to Binary Defense. Binary Defense provides 100% stability; we haven't had a day without support.

A testament to the scalability is how we have deployed the solution globally, and it's very flexible in this respect. We have moved sensors left and right to adjust to the network or structure change; Binary Defense is very scalable.

The implementation team is there to help us whenever we have an issue, and I rate them nine out of ten. We only once had an issue, so minor I'm hesitant to call it an issue, and overall, we're delighted with the support we receive.

Positive

Binary Defense is the first solution of this kind I have used. I wasn't involved in choosing the product, but I did decide that we would stay with it. I reviewed some other solutions, but none would provide the same level of support we get with Binary Defense. It's tough to find a product that can match its combination of SIEM and MDR provider that provides MSSP services.

I wasn't involved in the initial setup, but I worked with the Binary Defense implementation team to deploy the product's sensors, etc. They're outstanding; they're always there to help us if there's an issue with a sensor or a portion of the program, deploying to remote areas as we do. Whether filtering the program down or tuning it, we always have access to their support.

Regarding maintenance, general tuning is the most significant aspect we spend time on, which is the case for most solutions in the security environment. Specifically the tuning out of false positives so we're only focusing on the true positives. We have two internal staff responsible for maintenance, and on the Binary Defense side, their implementation team has at least three managers with staff under them.

We see an ROI all the time; the fact that my team is free to work on other projects and security initiatives alone is worth its weight in gold. To quote my manager in our last budget meeting, ''There is no service out there that could compare to what we're receiving from Binary Defense. Binary Defense is a supplier that we must maintain and retain going forward in this company.''

The solution's price is spot on; if anything, it's slightly below the norm for most services. Compared to building the same team internally, it would cost more to create the same amount of capability than what we get from an external team. Price-wise, Binary Defense is in a great spot.

I rate the solution eight out of ten based on AT&T's portion, as they have to be ranked together because of the integration. Regarding the Binary Defense portion of the product, it's nine out of ten. AT&T sometimes doesn't consider how their updates apply to everybody else, which is a typical IT problem.

My assessment of our partnership with Binary Defense is ten out of ten, and I wouldn't want anyone else to be doing it.  

To those looking at buying a managed detection and response solution but concerned about the cost, every information security professional is likely aware there is a general lack of money spent in the industry on information security. It is an easy budget for organizations to cut, and it can be challenging to expand it. Although the cost is somewhat high, Binary Defense provides two services quoted as one. I cannot overstate how much of a load the combination of SOC and SIEM provided by the MDR provider that provides MSSP takes off an internal security team, freeing them up for other security projects. You spend some money but make a lot more in the end.

Comparing response times from Binary Defense versus competing solutions is challenging as I have yet to experience competing solutions. However, if we were to remove the SOC element that manages alerts, which many solutions either don't have or integrate as well, then the time spent looking at false positives would increase so much that we would lose any benefit from the service. A provider who can't offer the SOC and SIEM integration Binary will always be at a loss to them because the way those two elements work together can only be found in their product.

I advise anyone evaluating the solution to do a POC; you won't be sorry. The product offers peace of mind that can't be found with a singular solution alone.

With Binary Defense MDR we check and handle security issues, closing ones that are okay and acting fast on potential problems. It is all about keeping things safe and responding quickly to any cyber threats.

The alerts from using Binary Defense have been a significant benefit. They help us identify potential problems, prompting further research to determine if there is a cybersecurity incident.

Binary Defense has helped reduce security alerts by providing weekly recommendations on actions we can take to decrease them. It has significantly strengthened our security posture.

It has reduced our IT team's workload by handling entry-level tickets, requiring less research from our side.

The most valuable feature is reviewing tickets and the notes added by technicians. It helps us decide whether to close a ticket or if more research is needed. It is a straightforward way to understand and take action on what happened.

We are very satisfied with Binary Defense's XDR strategy for end-to-end infrastructure security.

The only area I see for improvement with Binary Defense is their service portal. It could benefit from some enhancements.

I have been using Binary Defense MDR for a year.

We have not had any stability issues with the solution.

The support is very timely and accurate. I would rate the support as a nine out of ten.

The response times from Binary Defense have been in line with the agreed-upon statement of work. They have consistently followed through on the features and promises outlined in their quotes and statements of work.

We are pleased with our overall partnership with Binary Defense and hope to see the relationship continue to grow.

A good enterprise MDR provider, like Binary Defense, should feel like an extension of your team. Their approach makes it seamless and ensures the client feels supported, which might not be the case with other providers.

Positive

We were using Tech Mahindra as our third-party SOC before Binary Defense. We decided to switch because we moved from QRadar to Sentinel, and Binary Defense was a better fit for that transition.

The initial setup was quite straightforward. We worked with Binary Defense for the initial setup and implementation of the system. There is some maintenance required after the deployment. Ongoing updates to data collectors are needed to stay current with software versions and patches.

Binary Defense is fairly priced. I would say that Binary Defense is flexible in negotiating and tailoring a solution based on your specific needs. They can work with you to customize the MDR solution, potentially saving you money on features you may not need. They are customer-friendly and flexible in that sense.

I would advise new users to research at least three vendors to ensure they find the best fit. While Binary Defense works well for us, it might not be the ideal choice for everyone. We are satisfied with it, but it is crucial to compare it with at least two other options before making a decision.

I find Binary Defense to be less customizable. While they are flexible if we need changes, the current product we use doesn't offer much room for customization.

Binary Defense doesn't currently integrate with other tools, but they are working on it. While it is not a problem now, the fact that they are actively addressing it is reassuring.

Overall, I would rate Binary Defense MDR as a nine out of ten.

We use Binary Defense MDR as a third-party managed malware protection service. It has visibility into all of our company's devices, and it can automatically report malware events.

Binary Defense has a cloud dashboard, but each of our network devices also has a piece of software that needs to be deployed. We can deploy this software using an executable file or through group policy. Each deployment takes about two or three minutes, so it is a relatively quick process.

The solution is highly customizable, with a variety of options for deployment and reporting. For deployment, there are a few different options, including on-premises, cloud-based, and hybrid deployment. For reporting, there are also a variety of options, including a dashboard, email reports, and more.

Binary Defense MDR has excellent integration with other applications and tools. We have not experienced any compatibility issues with our many different operating systems and custom software. Binary Defense MDR seamlessly integrated with all of our systems and provided us with accurate and timely reporting.

Binary Defense MDR's Open XDR strategy is a great way to secure our infrastructure from end to end. It allows us to detect and remediate threats without having to do much work ourselves. In the past, we had to manually check and update our security software. Now, Binary Defense takes care of all of that for us. We can simply check reports and dashboards to make sure everything is running smoothly.

The biggest benefit of Binary Defense MDR is that it has freed up my time. As a one-man IT department, I have a lot on my plate. MDR takes care of a lot of the day-to-day security tasks, so I can focus on other things. This has been a huge relief, and it has allowed me to be more productive.

The number of security alerts has not changed, but I am now more confident in the security system, so I don't check them as often.

Binary Defense greatly improved its handling of our organization's security posture. We conducted a cybersecurity audit and went through a cyber insurance process. These measures were a significant part of improving our insurability and overall security score. As a result, we are now better protected from cyberattacks.

Binary Defense MDR helped our IT team save approximately three hours per week.

Binary Defense has a human service department that provides live monitoring for our systems. This is probably the most valuable aspect of their service, as it gives us peace of mind knowing that there are people actively watching over our systems and keeping them protected.

It would be helpful to have more personal interaction with Binary Defense. Currently, we rely on the system to run in the background and only speak with our security account manager quarterly. I would like to see more frequent check-ins with our security status.

I have been using Binary Defense MDR for one year.

Binary Defense MDR is stable and reliable in my experience. I have never experienced any downtime or unavailability of the service. Alerts have been consistent and timely.

We do not have much experience with the scalability of this solution. While they do offer other products, we are primarily focused on managed detection and response and security specialist services. As such, we have not yet had the need to scale.

We have three physical locations, and our Salesforce team is spread out across the country. Our company has 80 employees who use Binary Defense MDR.

We previously used traditional antivirus solutions but switched to Binary Defense MDR because it was competitively priced and had a good reputation. Binary Defense is a local company to us in Ohio, and we had heard positive things about them from a former company of mine. We decided to switch to Binary Defense MDR based on a combination of factors, including price, reputation, and local ties.

The initial setup is straightforward. We deployed Binary Defense's end-user software to all of our machines, including our computers and servers. We have a number of IUI group policies, which allow us to distribute software to certain machines at once. We also have remote users, who we can connect to and install the software on their computers. This process takes only two or three minutes. Once the software is installed, it is reported to Binary Defense's security center, where it is monitored immediately. The entire process is very seamless.

A total of five people were involved in the deployment. In addition to myself, there were four people from Binary Defense: an account manager, a security specialist, a software engineer, and a trainer.

The implementation was completed with the assistance of Binary Defense. The software was quick to install, so most of the experience was spent training on Binary Defense's process for responding to alarms and alerts. This included what would happen if they detected malware, who our contact people were at different times of day, and the kind of reports we would receive. In essence, it was an introduction to their overall security strategy. The actual software installation was a very small part of the process, as it went very quickly.

We have definitely seen a return on investment. We were able to get rid of our traditional antivirus, which saved us quite a bit on our cyber insurance. We qualified for a lower rate because we had a higher security posture using Binary Defense MDR. It's also saving me hours per week. So, in the end, we have a better, more secure environment for roughly the same cost.

Binary Defense MDR is priced competitively and may be slightly lower than CrowdStrike.

I give Binary Defense MDR a ten out of ten.

Binary Defense MDR is a worthwhile investment for small IT departments, especially for those with limited resources. Larger departments may have a different evaluation process, but for small departments, the benefits are clear.

Binary Defense MDR automatically updates and has not required any maintenance from our team.

Our partnership with Binary Defense has been positive so far. We have not had any security threats, so I cannot yet evaluate their response to a security incident. However, the reporting and accessibility through the dashboard have been excellent. I have a granular view of all activities on our network, which has been very helpful.

People who don't feel that their current MDR provider is an extension of their team would be happy with Binary Defense MDR. It's a security solution that can be used to offload IT security tasks. For companies with dedicated security professionals, Binary Defense MDR would be a great tool. And even if they don't have dedicated security professionals, Binary Defense MDR would still be a great addition to their security team.

Organizations evaluating Binary Defense MDR should be familiar with using group policy tools to deploy the solution rapidly. This can save a significant amount of time compared to installing the solution one endpoint at a time. The size of the organization will affect the amount of time it takes to deploy the solution, as larger organizations will have more endpoints. Overall, using group policy to deploy Binary Defense MDR is a standard practice in IT.

We rely on Binary Defense MDR to protect our servers and employee computers from malware. It keeps a constant watch and lets us know quickly if there is any suspicious activity.

I like Binary Defense MDR's customizability. They have been great with technical support, customer service, and our account managers. Always happy with their overall support. 

Using Binary Defense has brought our organization more peace of mind and excellent security. 

Fortunately, we haven't faced major cybersecurity issues, but I trust that if we did, Binary Defense would catch them before things got out of hand. It has significantly improved our security posture compared to before we had them and it has greatly reduced my IT team's workload. 

It also saves me time, at least an hour a day or more.

I love our partnership with Binary Defense. Bringing it to the board has made my life much easier and provides me with significant peace of mind. If you don't see your enterprise MDR provider as an extension of your team, you probably have a strong team. However, Binary Defense is so focused on security that they are top-notch in our view. They are a trusted partner for us.

The best part about Binary Defense MDR is that it runs on everything, and they keep an eye on things 24/7. As a one-man IT security team, I can't handle it all alone. Knowing we have a solid product and a reliable partner watching over everything allows me to sleep soundly at night.

In terms of improvement, Binary Defense MDR could be even better with additional features, like automatic scans and file quarantine.

I have been using Binary Defense MDR for almost four years.

I haven't experienced any issues with stability. There is no lagging, crashing, or downtime. Everything runs smoothly.

It is highly scalable.

The technical support is very quick and helpful. I would rate them as a nine out of ten.

Positive

Before Binary Defense, we used Webroot antivirus. We switched because Webroot missed a serious security incident. After a demo and comparing it with other options, I found Binary Defense to be the best all-around solution.

The initial setup was straightforward and it took about a week to deploy the solution. I worked with the Binary Defense team for guidance, but I handled the actual implementation myself. It was straightforward, and I had helpful interactions, including discussions with their head of software development.

Binary Defense's pricing and licensing are standard compared to others offering similar products. I would say it is worth the cost because it significantly improves your security and can save you more in the long run by preventing major cybersecurity incidents.

Binary Defense hasn't necessarily reduced the number of security alerts, but the fact that they handle it means I don't have to sift through them. Most of the time, they spot serious issues, saving me a lot of time and providing a sense of security. It has been great. I would say Binary Defense is at the top in terms of response times. As soon as something happens, I'm hearing about it. 

My advice to others is that if you choose Binary Defense, you will be in good hands. They are thorough, attentive, and always ready to help. Overall, I would rate Binary Defense MDR as a nine out of ten.