We changed our name from IT Central Station: Here's why
Get our free report covering Bitdefender, Seqrite, SonicWall, and other competitors of Bitdefender GravityZone Enterprise Security. Updated: January 2022.
563,780 professionals have used our research since 2012.

Read reviews of Bitdefender GravityZone Enterprise Security alternatives and competitors

Kevin Mabry
CEO at Sentree Systems, Corp.
Real User
Top 5Leaderboard
Lowers costs for my clients and has the ransomware solution built into it, but there should be more telemetry information and more promotion
Pros and Cons
  • "I like the fact that it has the ransomware solution in there. I'm glad that the ransomware solution is built into it. That's probably the biggest thing that I see in Microsoft Defender."
  • "It is not very scalable from the eyes of an MSP because there is no dashboard that you can use to see all of your devices that have Windows Defender unless you have your own dashboard or an RMM tool to actually look at it. So, you might not get to know that a particular computer of a client is doing something, and it might have got a virus. That person might know that, but unless you set it up to actually send you the information, you won't get to know that. That's one of the things that is hard with Microsoft Defender. It is not made for the MSP world where you have one pane of glass to see all of your clients with Microsoft Defender on it unless your RMM tool already has that built-in and it can see the telemetry from Microsoft Defender."

What is our primary use case?

I offer a Security Operation Center (SOC), which is like a person standing and going through the metal detector at the airport. We're like the staff standing there and watching people and then having them send stuff through the conveyor. It is real-time detection and response.

I don't use Microsoft Defender that much. If I come across a client who doesn't want to spend on a different endpoint solution, I just have them use Microsoft Defender that is built into their devices.

How has it helped my organization?

The ransomware and some of the other features that are built into it give you more telemetry now. From the security side, I don't look at what an endpoint solution does. I look at what it gives me. I need data. I don't want something to just say, "Oh, I stopped it." That's good, but I need to be able to figure out what did it stop. Was it a good thing or a bad thing that it stopped, and what is it doing. I need to be able to break that down and go deeper into that analysis to figure out what is being stopped. Microsoft Defender is doing that now and is giving more telemetry. It doesn't give nearly as much as Bitdefender does, but it is pretty good.

It is built into Windows 10. So, I don't really have to go out and get an extra or a separate endpoint security solution. It stands on its own. I have some clients who are using Microsoft Defender, and it is perfectly fine because my SOC can actually get the telemetry from Microsoft Defender and use that as well. Microsoft Defender does have the telemetry information, and I can get some of that out of it for my SOC. I can use what's built into it to stop and do more of a response layer. I can use Microsoft Defender to stop something right there.

What is most valuable?

I like the fact that it has the ransomware solution in there. I'm glad that the ransomware solution is built into it. That's probably the biggest thing that I see in Microsoft Defender.

It is useful when a client does not want to spend extra on getting a new endpoint solution or does not want to get something else installed on their devices.

What needs improvement?

The biggest thing that I would emphasize to Microsoft is that if they are confident in their solution, they should brag more about it. In other words, they should put more stuff out there to prove that they're just as good as the others. The biggest thing is that people still don't believe in it. When it comes to the IT world, they still don't believe in Microsoft Defender. It has been there for a while, and I know that I used to not trust it because it was free and I didn't know what it was doing and if I could trust it. If you go to comparison sites, you would hardly see it being compared to solutions like Norton, Bitdefender, Webroot, etc. Microsoft can do a better job of promoting it.

They should offer more telemetry or more information coming out of there for Syslog type of scenario so that a SOC could use the data that they have built into it. This would be useful.

It is not very scalable from the eyes of an MSP because there is no dashboard that you can use to see all of your devices that have Windows Defender unless you have your own dashboard or an RMM tool to actually look at it. So, you might not get to know that a particular computer of a client is doing something, and it might have got a virus. That person might know that, but unless you set it up to actually send you the information, you won't get to know that. That's one of the things that is hard with Microsoft Defender. It is not made for the MSP world where you have one pane of glass to see all of your clients with Microsoft Defender on it unless your RMM tool already has that built-in and it can see the telemetry from Microsoft Defender. 

For how long have I used the solution?

I have been using it off and on for some time.

What do I think about the stability of the solution?

Its stability is fine. It is a built-in and legacy solution. It can stand up to any other endpoint security solution. 

What do I think about the scalability of the solution?

It is not very scalable from the eyes of an MSP. There is no dashboard that you can use to see all of your devices that have Windows Defender unless you have your own dashboard or an RMM tool to actually look at it. Because it doesn't give you one pane of glass to look at everything, you have to have an RMM tool that can actually see the data coming from Microsoft Defender. If you don't have an RMM tool, you would need one, and that would be an extra cost.

I don't really use an RMM tool. We have a SOC, and I don't really deal with individual computers themselves. In the past, I have used RMM tools, and some of them do well with looking at Microsoft Defender, but my SOC has a really good dashboard that I can use to see what's going on with Microsoft Defender. I can actually control stuff on Microsoft Defender from my SOC.

How are customer service and technical support?

I have not used their support for Microsoft Defender. Generally, their support is fine. They've definitely improved and gotten better.

Which solution did I use previously and why did I switch?

I don't use Microsoft Defender that much. It is built into Windows 10, and if you put the antivirus or endpoint security on, it kind of turns itself off automatically. I've been using Bitdefender lately. I used to use Panda Security, but now I use Bitdefender.

I recommend it for clients who don't want to spend on a different endpoint solution, but I don't put all my eggs in one basket. I don't say that a particular antivirus or endpoint security solution is 10 times better than the other one. I just don't look at things that way because I know the process and what hackers actually go through to get past all of them. So, none of them are that much better. The only thing I tell others is to not use the free ones, but to that defense, they all have a level of reachability.

When it comes to performance, Microsoft Defender is much faster because it really doesn't look at all of the things that are Microsoft-focused. It has a better understanding of what Microsoft has made, whereas other solutions are going to look at anything as a potential threat. It is definitely a better option because it knows Windows. You install another antivirus on Windows, it has to try to figure out the software. Microsoft already knows how Word, OneNote, or their other solutions work. So, Microsoft Defender doesn't need to scan specific things, whereas Bitdefender or another solution doesn't know that, and it is going to scan everything, which can slow your system down. 

I offer a SOC, and we do real-time detection and response. I don't put all my eggs in one basket when it comes to endpoint security. I believe endpoint security needs to be there because it is a layer of security, but it is not everything. The reason I use Bitdefender is that it has more telemetry and more information coming out of it to put into my SOC than Microsoft Defender, which doesn't have as much telemetry coming out of it.

For telemetry or forensics, Microsoft Defender doesn't give you reports. It just does what it does. Microsoft Defender will give you information, but you got to go to the individual device. I can't pull much telemetry information into a SOC. So, if you want to see from where the hacker or the hacking software came in, how it got there, and how it moved unilaterally across the system or network, you may not get all of that with Microsoft Defender, but with the telemetry data that comes out of Bitdefender, you will get more of such information and you can follow its path.

How was the initial setup?

It just comes on a device when you buy it. When you buy a laptop, it is built into Windows 10. They have Windows Security, and there are separate pieces of it. When you look into some of it, it is called Defender. They also have a standalone Windows Defender.

It is a full endpoint security solution, and they have a firewall in there. You can go in there and set different things up for your firewall. When it comes to security, not everything is turned on. You actually have to go in and turn the ransomware part on. There are things about ransomware that you got to turn on, and they really depend on what you need in your practice or business. You have to make sure you go in there and look at it. You can't just set it and forget it. It does come automatically, but you got to go in there and set things up because they know that some things can stop certain aspects of your business from running. So, they don't want to turn everything on. They leave it up to you.

The configuration of those extra parts can get complex, but I do believe it is pretty straightforward. It involves more yes or no type of questions. It is just flipping a switch on each individual part that you want to use. It is just like everything else. You have to test and see if it is going to work in your environment.

In terms of maintenance, all the updates come with Microsoft. Every time they update Windows 10, they also update Microsoft Defender. It is pretty simple.

What was our ROI?

It doesn't really affect my business because the cost goes out to my client either way. If they have 200 devices and they are charged $2 per endpoint for each one of them, that's an extra $400 a month. If they are just using Microsoft Defender built into their systems, that cost goes away for them. My clients are definitely saving money with Microsoft Defender.

It doesn't affect my business because I'm looking at telemetry regardless of the solution. So, it doesn't matter if it is coming from Microsoft Defender or Bitdefender.

What's my experience with pricing, setup cost, and licensing?

It is built into Windows 10. If our clients are using Microsoft Defender, the cost goes away for them.

What other advice do I have?

It is just like anything. You should definitely do your homework and see if it is going to give you the information that you need. You should focus on forensics and the kind of information you are going to get out of Microsoft Defender. Will you get the reporting that you need? Will you get the telemetry and all the data that you need to be able to follow the path of an attack? You need to be able to see that. You need to know this information for your clients because they may need it for the FBI or something else. So, you need as much information as you can. You need to make sure that that you're going to get the information out of there and you have the right setup to be able to see everything with all of your clients. You should have an RMM tool or whatever you're using to be able to see all of your clients, and you need to make sure that you have the setup for that.

Microsoft Defender has been around for many years, and since Windows 10, they've really ramped it up, and it has gotten a lot better. I've seen some of the statistics on it, and it stands up against some of the other solutions out there, such as Norton. They've added things that make it more of an EDR, which is the endpoint detection and response layer. The ransomware was one of the big add-ons, and it is good that they've put that in there. It can stand on its own now.

It has not affected our organization's security posture a lot, but it has given me more options to lower costs for my clients. It has helped my clients and in turn, my business. It has not affected our end-user experience in a negative or a positive way. It is just a tool. I do the monitoring, stopping, blocking, and everything else for clients. 

It can be a good solution, and I hope that they grow with it and do more with it. They can make it simpler for the security and MSP world. If their solution just gets better for the MSP world, it would help everyone.

I would rate Microsoft Defender a seven out of 10 because of its lack of usability for an MSP and its lack of telemetry information, but it is useful, and it does stop ransomware.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Johnson Bresnick
Director of Learning and Development at ACA - Ateliers de conversation anglaise
Real User
It has helped us become more knowledgeable about our environment and aware of threats
Pros and Cons
  • "Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment."
  • "The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor."

What is our primary use case?

It detects and flags malware and other attacks. We also have MDR services completely managed by Cybereason. They look into any threats, give recommendations, and analyze what's happening in our system.

How has it helped my organization?

The program has taught us a lot, so our team has become more knowledgeable about what's happening in our environment and what is or isn't a threat with the solutions and the services provided to us. There's also an excellent learning process with the EDR wherein they encourage the users to learn what's happening to, I think, be more confident when mitigating any threats or any problems in the environment. Before we had the solution, we were largely unaware of what was happening. Now we are more confident and better grasp what's happening in our environment.

Cybereason EDR helps us isolate and mitigate on the fly, which is essential because we're a small team, and we don't always have a spare IT person waiting to work. We need our team to be proactive in those situations.

Cybereason's operation-centric approach has helped us move beyond chasing multiple alerts and visualize the entire timeline of malicious operations. We can see when they started when they were detected, and if there's any lateral movement. It uses behavior indicators to detect attacks which is an innovative approach. I believe the indicators help remediate attacks quickly, but then again, we have the complete monitoring solution, so they're the ones doing the remediation and sending us recommendations.

It has cut down on the time we spend hunting and responding to threats, which has increased our efficiency because we spend less time thinking about it or managing the system. Cybereason is helpful to us as a small team because we don't necessarily need a dedicated person to analyze threats. Cybereason's monitoring service takes care of that. If there's a threat, we don't need to investigate to see if it's a false positive,

What is most valuable?

Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment.

I would give the dashboards a perfect 10 out of ten for ease of use. The interface is intuitive, with excellent menus. You can view the data in different ways and customize it fairly easily. There is always a learning curve with any IT solution, but this one is pretty user-friendly, and you can learn it quickly.

Cybereason gives us real-time visibility of an entire malicious operation from the root cause to all affected endpoints. It's an excellent way to visualize the timeline, see what's involved, find out what's happening, and learn what kind of connections or processes are running. I think that's if I'm ever shopping for another solution, that would be a must-have.

What needs improvement?

The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor.

For how long have I used the solution?

I've been using Cybereason EDR since June, so about half a year.

What do I think about the stability of the solution?

Cybereason is stable. We haven't had any hiccups or outages so far. 

What do I think about the scalability of the solution?

I think Cybereason is highly scalable. If we added doubled, tripled, or quadrupled our team size, we could easily continue operations as normal with this solution. It's currently on all the endpoints, but we might increase our usage if we get more language training clients.

How are customer service and support?

Cybereason support has been great. 

Which solution did I use previously and why did I switch?

We used BitDefender previously, but we decided to switch to Cybereason because it offers some new technology like AI. The company is growing and it looks promising. 

How was the initial setup?

Setting up Cybereason was straightforward. However, if you don't have an IT team that can program the exceptions you need or run the automatic installation,  it might take some time to figure out how it all works. Cybereason offered us some support during deployment. They have a forum, and if we had any questions, Cybereas support could offer customized solutions or guide us through the process. 

The deployment didn't take too long because we didn't have many endpoints. It was maybe a couple of days. We can automatically deploy the sensors on our new machines, so it's quick and easy to expand. The policies are set automatically when we onboard employees and the sensors run pretty smoothly.

What's my experience with pricing, setup cost, and licensing?

Cybereason is affordable.

Which other solutions did I evaluate?

We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money.

What other advice do I have?

I rate Cybereason EDR 10 out of 10. I recommend it because it's much better than anything else out there. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
NoufalMohamed
Technical Manager at Mignet Technologies
Reseller
Good device control, good features in the basic plan, and good price, but needs better performance and user-friendly dashboard
Pros and Cons
  • "Device control is most valuable. Symantec is providing all such features in the basic plan, whereas when we last checked, such a feature was not available in the basic plan of Malwarebytes."
  • "More control features can be added, and its performance can also be better. Sometimes, the performance is not good when we access the cloud console. Moving to each tab is slow. The dashboard can be a little bit user-friendly. For some users, it is a bit difficult. If someone is a little bit familiar with it, then it is fine. Otherwise, it is hard to find policies in Symantec."

What is our primary use case?

We are providing endpoint protection services. Our customers are very basic, and they usually enquire about endpoint protection, mainly antivirus. We try to explain to them about the threats and suggest that they go for endpoint security. We suggest this solution because it is a cloud-based solution, and they don't need to spare a VM for it. However, most of the time, they insist that nothing will happen to their system, and they just want to renew their endpoint protection system. They are usually not aware of ransomware or other threats.

How has it helped my organization?

I recently checked with a customer, and the feedback that we have got from this customer is that it is catching almost all pirated applications. They are very happy with it. The customer was using a few pirated applications, and it blocked all those applications. The IT person was able to convince them to go for genuine applications.

What is most valuable?

Device control is most valuable. Symantec is providing all such features in the basic plan, whereas when we last checked, such a feature was not available in the basic plan of Malwarebytes. 

What needs improvement?

More control features can be added, and its performance can also be better. Sometimes, the performance is not good when we access the cloud console. Moving to each tab is slow. 

The dashboard can be a little bit user-friendly. For some users, it is a bit difficult. If someone is a little bit familiar with it, then it is fine. Otherwise, it is hard to find policies in Symantec.

For how long have I used the solution?

I have been using this solution for just one year.

What do I think about the stability of the solution?

It is stable.

How are customer service and technical support?

Initially, our customer had a problem with SSO, and they contacted Symantec's technical support. They got immediate support, but the support that they received was not good.

How was the initial setup?

Initially, it was a bit complex, and we spent some time understanding it. Since then, it has been straightforward. We know where exactly everything is. We have become familiar with it.

What about the implementation team?

We usually set it up for our customers.

What's my experience with pricing, setup cost, and licensing?

It is cheap. It is especially cheaper than Malwarebytes, which is three times higher than this. It is also cheaper than Cisco. Its price is almost similar to Bitdefender, Gravity, and CloudZone. 

What other advice do I have?

Before recommending a solution, we check out the new features in each solution because we provide constant support. I would recommend this solution if a customer's requirements are basic. Similarly, if you are concerned about the price and looking for a safer option to secure your endpoints, you can go with Symantec.

It lacks certain features that are there in other solutions. There are certain features that are available in Bitdefender, but they are not there in this solution. I'm also not sure how good is its anti-ransomware protection.

I would rate Symantec End-User Endpoint Security a seven out of ten. As compared to other solutions, I don't find it to be a great solution, but our customers are very satisfied with it, and they would rate it at least an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
Network Engineer at a tech vendor with 1-10 employees
Real User
Excellent at detecting viruses, very stable and easy to use
Pros and Cons
  • "It's excellent at detecting viruses."
  • "The initial setup is complex."

What is our primary use case?

We primarily use the solution for securing our endpoints.

What is most valuable?

The solution always has the most up-to-date software.

The solution runs well.

It's excellent at detecting viruses.

The solution is very stable.

Our organization can easily scale the solution.

The solution is very compatible with Windows devices.

The solution is very basic and easy to use.

What needs improvement?

The solution seems incapable of stopping the proxy connection. The proxy server seems to be bypassing the antivirus. It's an aspect they need to improve.

The initial setup is complex.

While it's compatible with Windows, it may not work as well with other operating systems.

Reporting is not that good for Kaspersky. I want more detailed reporting, I want the details reported in the reporting section, and everything is in one report. That is not possible now on Kaspersky. The reporting consists of the computer name or the IP only. I want complete detailed reporting capabilities in the next update.

For how long have I used the solution?

We're only been working with the solution for about a year or so.

What do I think about the stability of the solution?

The solution is stable. I haven't had issues with it and found it to be reliable. It doesn't crash or freeze. There aren't bugs or glitches.

What do I think about the scalability of the solution?

The solution is easily scalable. If a company needs to expand the solution, they can do so easily.

How are customer service and technical support?

The technical support is okay, however, they need to have more expertise on the solution. Sometimes you will get a member of their support staff and they don't seem as knowledgeable as they should be.

Which solution did I use previously and why did I switch?

We work mostly with Kaspersky, as well as Trend Micro and Bitdefender.

How was the initial setup?

I wouldn't say that the solution has a straightforward implementation. It's a bit complex. It needs access to the Kaspersky server on-premises. It isn't an easy process.

You only need one day to deploy the server.

You only need one or two people to manage the deployment.

What about the implementation team?

I handled the implementation myself.

What other advice do I have?

We're a Kaspersky partner.

We have clients of different sizes and the solution works well for all of them. It's perfect for any sized company.

It's a very good product. Everything is in a very professional environment. It's largely easy to set up. However, we've noticed that the RAM utilization is very high when Kaspersky is running on a computer. This might distract users that don't have too much memory on their machines.

On a scale of one to ten, I'd rate it at eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Get our free report covering Bitdefender, Seqrite, SonicWall, and other competitors of Bitdefender GravityZone Enterprise Security. Updated: January 2022.
563,780 professionals have used our research since 2012.