ESET Enterprise Inspector Reviews

What is our primary use case?

ESET Protect & Inspect Cloud is an extremely powerful tool. When you look at a traditional anti-malware solution, you can see it as a relatively passive solution that actively monitors your network for malware without your interference on a regular day-to-day basis. Sure, the admin's role is to deploy and configure such a solution and respond to emerging issues, but in the majority of cases, antimalware solutions do the magic on their own, automatically. As opposed to that, XDR solution gives the administrator a deep insight into all ongoing processes on every endpoint and server in real-time, and tools to respond to events that are maybe suspicious or unwanted in the network. Sure, there is a certain level of automation that is necessary for managing a large database of events, based on the cloud reputation system (ESET Live GRID) and built-in rules that simplify administration, but still - the admin has a decisive role in every process. You can keep an eye out for executables, dependencies, registry keys, and network connections, all in one console. Every anomaly will be detected, with deep insight into what is going on in your network.   EPIC management is based on built-in and, later on, your custom rules and exclusions that you defined in a response to events that occurred. There are over a thousand built-in rules that are constantly updated by ESET engineers and they are monitoring ongoing processes. For example, in one case, EPIC informed me that one of my colleagues is using a nonstandard port in his Outlook. If the company policy doesn't allow that, I can intervene based on the information. If some app is trying to modify the startup folder, you will be notified. If some process is trying to modify a standard or build a new registry key that is previously unknown, you will know the source, possible malicious or benign causes, and all other required information about the case that will help you decide if it's bad or not. If it's bad, you can kill the process, isolate or shut down the endpoint and make the rule that will deal with it next time it occurs. If it's OK, you can create an exclusion that will ignore the case for that particular endpoint, a whole department, or the entire network. After a while, perhaps a month or two of actively monitoring your network, you will, practically, build a white list of allowed processes, and we all know how whitelisting can be useful in IT security, overall.

How has it helped my organization?

It gave us an insight into the regular, day-to-day operations on endpoints and servers and a pretty remarkable and continuous penetration tool for ongoing testing of our environment. 

What is most valuable?

The rules are the most useful feature. On the vendor side, rules are created and distributed to EPIC servers continuously. A rule is defined using XML-based language and they are the behavior and reputation-based descriptions that EPIC can identify from the received events and metadata which he then updates, or they update the rules to update. EPIC now has around 1,000 rules that define all sorts of behavior in the network. With custom rules, you can additionally define specific behavior and remediate, for example, exploitation of log4j vulnerability. Also, the Learning mode in the exclusions section is extremely useful. True ML EPIC can smell reoccurring benign events and offer the creation of exclusion for such events. The administrator can check an offered exclusion, deny it or proceed with creation.  ESET Inspect Connector, the required component on the endpoint side, takes a few percent of processor time, nothing noticeable indeed, which is not the case for most other vendors. EDR/XDR is a very demanding service, but ESET managed to make it lightweight, like in all other of their products.

What needs improvement?

ESET's main goal is to create lightweight, highly configurable products with a high detection rate. Sometimes it can be overwhelming for customers to have such a vast area of possibilities for configuring and ways to solve problems in the implementation or exploitation of ESET software. Customers like easy-to-use solutions with not much servicing under the hood, and that's perfectly fine. We all like the administration where software does it all by itself, but that's not possible in the area of IT security. The vendor's job is to provide easy-of-use, but not to jeopardize the abbility to configure protection to the smallest details. ESET successfully maintains that perfect balance through the years, and with exceptionally good technical support, you can find answers to every question.

For how long have I used the solution?

My company has been selling ESET security products for 20+ years. ESET PROTECT Cloud Enterprise in a bundle with the ESET Cloud Office Security, are the products we use. ESET Protect & Inspect Cloud is a part of the Enterprise bundle, practically an add-on on top of the regular ESET Business protection package. Former known as ESET Enterprise Inspector, now ESET Protect & Inspect Cloud (EPIC) is a brand-new ESET XDR product based in the cloud. Extended EDR solutions (XDR) are the next big thing in the world of IT security because they add a new layer of protection with extended detection and response features they provide. Like all cloud solutions, EPIC is hosted on ESET servers, so there is no need for engaging customers' infrastructure and resources for deploying such a demanding server. It can serve up to 5000 clients for now.

What do I think about the stability of the solution?

If it's not working, I am doing something wrong. There are no "ghost" problems with ESET products.

What do I think about the scalability of the solution?

When it comes to scalability, the main concern is how well the network is built. We have ESET installations ranging from five to 20,000 endpoints, and we have no issues with the software itself. The good thing is that we've been able to find a solution for every case.

How are customer service and support?

Providing support as well as the product is our main concern. Percent of renewal customers tells us that we are doing a good job.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Yes, we used to have Symantec and Kaspersky solutions, but ESET's powerful and lightweight culture prevailed for many, many years.

How was the initial setup?

The deployment time depends on the size of the network. For example, my company has about 100 devices, including servers, endpoint devices, and mobile devices. If you've prepared your network environment so that no other antivirus products are present before installing, and if you have a good, maintained infrastructure, you should be able to complete all of the work from bringing a server up to configuring policies, preparing packages and deploying them in about two hours.

What about the implementation team?

It's done in-house. We must be knowledgeable about the product we are selling. If I'm having some trouble in deployment, the main point of contact is the regional ESET headquarters which then communicates with the vendor.

What's my experience with pricing, setup cost, and licensing?

There is a saying in Serbia - quickly, quality, pricey, pick up two. If your network is in good, working order, implementation of ESET products won't be a problem. If you administer a neglected infrastructure, you will still be able to finish the job along with ESET support that has years of experience and very good documentation. Don't always go for the cheapest option and test the solution before purchasing. Every vendor offers a month of a trial which is sufficient for making a decision. Check for users' opinions on sites like this, they will tell you what hurts the most.

What other advice do I have?

I've mostly written about EPIC, but that's only one of the products ESET provides. The EPIC is, in fact, an upgrade to existing ESET products that already have proven themselves, and this one won't be any different. The recipe is the same - fast, capable, configurable, lightweight with advanced technology and perfect tech. support.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other