Field Effect MDR Reviews

I am with an IT MSP or IT Managed Services Provider. We have clients who allow us to provide their IT services. We provide services for desktop support and all the way up to network administration, technical projects, and so forth.

We use Field Effect MDR for our clients as well as for ourselves, so we use it internally as well as resell it to our IT MSP clients.

Field Effect MDR is backed by experts who are constantly monitoring for attacks and risks. It is extremely important and relevant to us. Field Effect or at least the core team, comes out of offensive security with nation/state actions. That is very practical knowledge. Being able to take that and understand both from the offensive side and the defensive side is valuable. Knowing how to counter those offensive acts and how to anticipate them puts them in a great spot to understand the cyber landscape. We are able to stay on top of trends within that cyber landscape. Because they have intelligent sources or habits that they have developed from their history, it is very effective. We have a lot of trust in the leadership of Field Effect, the line managers, the SOC in charge, the forensic teams, and the incident response teams. We have very high confidence that our interests are highly regarded by them, and they are trying to protect our business, our interests, and our clients. They are also able to steer us in great directions. 

Even though they have such deep industry experience, they are willing to collaborate and listen. This is something that I would not have expected from a team like Field Effect. On the partnership side, we have used other top-tier EDR or MDR products. The products are great, but the partnerships in some cases have been just average. In some cases, they have been antagonistic, so from Field Effect, I was not expecting much, particularly having learned about their background. However, when we got working with them, it was just a revelation of how open they were to our situation and our particular needs, which are very different from their own priorities. They have been willing to work with us within reason. They have a development roadmap that they have to follow, but whenever we needed critical things to make Field Effect MDR a part of our core business and a successful part of our core business, they were very willing to listen. In many cases, they also acted on the requests. It has been a fantastic and very effective partnership.

We use its tagging of security threats as actions, recommendations, or observations. It is critical. We have used a lot of platforms, We have used the second-tier ones and also the top-tier ones in Magic Quadrant. The main issue with all of those platforms is noise. How do you improve the signal-to-noise ratio so that you are not spending a lot of your senior security analyst's time triaging non-actionable tickets, events, or alerts and they can focus on those truly actionable things that might require some level of direct incident response? With other platforms, including other top-tier platforms such as SentinelOne or CrowdStrike, we would get a lot of false positive notifications, and cutting through the noise was difficult. With Field Effect, because they use the ARO system of actions, recommendations, and observations, they have severity levels within each of those bands. I am not sure, but I believe there are five bands between each of those. We use a system called ConnectWise PSA as our ticketing system, so we are able to insert workflow rules and other automation assistance so that we can do some pre-filtering of the alerts to make sure that we direct all the high-priority notifications to our SOC team. We can either auto-close lower priority or lower severity notifications because they are non-actionable or are more informative, or we can funnel them to our regular help desk. A notification about your web browser being out of date does not need to go to the SOC. That can go to the regular service team to help walk the client through an update or do the update for them and things like that, so AROs are critical. It definitely allows us to maximize our limited and expensive resources so that we are focused on truly actionable things and not waste time on false positives.

As of now, Field Effect MDR gives us a single cybersecurity product that proactively protects all our threat surfaces, but who knows what may happen in the future. Field Effect MDR is holistic. With this one product, you get the host-based stuff. You get the network appliance. You get cloud monitoring. You get the DNS firewall. It is a much simpler product to handle from a billing perspective. From an account management perspective, the full version of Field Effect MDR is effective and easy to manage. They also have other versions, but the full product version is a one-stop shop. There is an add-on that they have probably introduced over the last year or maybe six months. It is for cloud retention. Field Effect MDR in many aspects is a SIEM, but they have not exposed all the traditional capabilities of SIEM, namely the dashboarding side or the user-facing side. It also lacked the ability for a SIEM to be a generic log aggregator or a log ingestion sync of any source of log data. They have now added that capability where you can add on log retention services if you need it for compliance or insurance or just your own digital forensics requirements. By default, it retains its own telemetry for 90 days, but if an organization wants to retain logs for 360 days or longer for compliance and data retention, they have a service for that. That is an add-on, but the core platform with its 90-day retention is usually acceptable to the majority of our clients.

Field Effect MDR most certainly helps our security team save time. It does that passively via ARO classification. The Field Effect SOC is doing its job through machine learning, human analysts, and other heuristics to make sure that events are categorized as best as they can. We can leverage their deep experience, which makes it much easier for my team. When we get an alert via Field Effect MDR, it is already packaged as an action, a recommendation, or an observation. When we get an action of medium or higher severity, that automatically goes to my company's SOC for some triaging and analysis to determine whether we need to spin up an incident response or what the proper response is to that notification. Lower-scored items, such as observations, recommendations, and low severity or priority actions, go to a SOC coordination team, which will also do some less technical triage to classify them, or it will be handled by some of our automations. The fact that AROs are being so effectively and correctly targeted allows us to focus our most senior, most expensive, and most skilled resources on things that actually matter.

We also gain efficiencies because the Field Effect SOC is collaborative. We do not just get an ARO. We are also able to initiate communication. If we have an action or event that we want to follow up on, be it an action, recommendation, or observation, we can request help. If my company SOC needs some guidance because we are not quite sure, or it is on the bubble of being actionable versus non-actionable and we want a second opinion before we close a ticket or spin up an incident for the response team, we can request help from the Field Effect SOC. They collaborate with us and explain the logic behind why they classified something like this. They listen to our points, perspectives, and considerations. They work with us to figure out whether it is something that we need to worry about, or it is something that we can defer or ignore. That is extremely helpful. With some of our other partnerships on technology products, including security products, it has been very difficult to get this level of effective collaboration from the vendor. That has been fantastic. That has allowed us to accelerate our plans. Initially, we were thinking about using Field Effect MDR only for certain clients who have purchased a higher tier or premium security service, like an MSSP service specific to security and compliance. However, given how scalable Field Effect MDR is through those efficiencies built into the platform, into their classification system of events, and indirect staff augmentation via their Field Effect SOC, we have now made Field Effect MDR the standard security platform for all of our clients, even the ones who are only on core IT support plans.

Field Effect MDR informs us of the threats that matter and how to address them. AROs are very detailed. A lot of security platforms provide that detail, so I do not know if that is especially unique in the Field Effect's case, but it is certainly effective. AROs are very well-detailed, and they describe which event triggered the alert. They explain why it is of interest but not an actual problem. They also detail the steps to remediate, mitigate, or dismiss a particular alert. They are very effective from that perspective.

They also provide us with bulletins. We have been lucky so far. None of our clients have been subject to any sort of rising threat. However, we would not necessarily know about it unless we are paying attention to security forms and other information sources. Field Effect is one of those sources. When they start to see a negative trend, they alert their community. As a channel partner of Field Effect, we get alerts, warnings, or notifications on those emerging threats. We can then alert our SOC and pay attention to some of the indicators of compromise that might not be flourishing into a full attack but are indicative of attack precursors. Those advanced alerts of emerging threats are key. Field Effect is attempting to keep us informed as a channel partner. I do not know how true that would be for a direct customer of Field Effect.

As a channel partner, we also get visibility into their development roadmap. We have influence over that roadmap. Understanding what is coming down the line in terms of feature enhancements, feature improvements, new features, new capabilities, and new services is great for us. We are a decently sized IT MSP with a growing set of MSSP services. We cannot always turn on a dime, so advanced notice, particularly in terms of forthcoming items, is very key. It allows us to help make sure that our various teams—technical teams on the SOC or the service delivery side, client-facing teams such as our account management teams, our VCIOs, our VCSOs, and marketing team—are working in a highly synchronized or collaborative manner. They can make our new services and offerings as successful as possible with minimal friction in our particular marketplace.

It is hard to take them in isolation. It is a security product, so it is all about defense and depth. You cannot be monolithic, so you have to be holistic, and that is what Field Effect MDR is. It starts with their host-based agents, their EDR agents, which are very capable, but those are bolstered by network compliance, which does network intrusion detection. We are getting visibility over the network, not just for those hosts that have a Field Effect EDR agent but also things like the Internet of Things, guest networks, or rogue devices. We definitely have visibility into all network traffic, which is very cool. They also provide a DNS firewall, so that is pretty key. These days, with zero trust, you have to assume a breach at some point. It is sad but true. Even folks like CrowdStrike, who are not necessarily getting compromised, are falling victim to their own internal processes, so having multiple layers of protection is certainly beneficial. With a DNS firewall, even if something were to go haywire, such as an intruder breaches the perimeter and gets onto an endpoint, or somehow the endpoint itself fails to be effective, we still have the ability to block those command and control hubs. That is pretty key.

Cloud monitoring is another thing that we found valuable in addition to host endpoint protection. We also have cloud monitoring in addition to the host-based agent, the secure DNS, the network intrusion detection, and the network compliance that sits on-prem monitoring all traffic. We are able to ingest all the events for all the top services, such as Microsoft 365, GCP, AWS, Dropbox, Salesforce, and ServiceNow, and make sure that we are looking at the entire distributed footprint of an organization and not just a particular endpoint or a particular office, so it is very comprehensive.

On top of all of that telemetry being captured, we have the Field Effect security operation center. Their SOC analysts are awesome. They are very flexible in terms of particular rules, which might change from organization to organization. They are able to take those particular provisioning or service definitions and still remain very responsive and according to our service level agreements. We found their SOC to be incredibly engaging. That is on the service delivery side.

We are a channel partner of Field Effect. We deal with a lot of products, but Field Effect has certainly distinguished itself as being a stellar partner. They are not just providing us with fantastic products, which are highly effective, they are also helping us. They are helping our clients. Their partner team or their marketing team helps us with go-to-market activities. It has been a fantastic relationship.

The interface is perhaps the weakest part of the entire platform, and that does not mean that it is deficient. It is just not as optimized and as efficient as other aspects of the platform. Given their background of coming from the offensive security side of things, understanding how attackers are going to operate, and having played that role in their previous careers, they have built a great platform that understands what to look for. Their threat detection, rules, and their correlation engine are amazing. They have very high accuracy. That is built throughout the platform. From the technology side, because of their experience, they know what to prioritize in terms of their development roadmap, so they get the best features out as quickly as possible, which is fantastic. There is comfort in knowing that our protected environments will be well safeguarded by the entire platform, including their security operation center.

The weak point, particularly as an MSP, because we have multiple IT clients, is that we need a multi-tenant type of interface. We need a single pane of glass that allows us to manage all of our clients, including our own tenant for our own internal use. Their web console has seen some development over the past couple of years. Their focus was perhaps not as much on the user-facing side of things as it was on the core technology or the actual cyber defense side of things, so we have had some points of challenges over the past couple of years. Over the last six months, however, there have been some pretty drastic positive changes to the user interface for the web console or the web admin console. The interface is a lot better, but there are still some gaps that we would love to see getting filled. For example, we would like to be able to export all data grids to CSV so that we could bring them into some other format to do data analysis outside of the web console. That is still a bit hard to do. However, they have added so many other quality-of-life, user efficiency, and multi-tenant management features over the last six to nine months that the interface is now much better. It is a highly usable interface now.

Field Effect MDR is a compelling platform because it is not monolithic. It is distributed, and it is layered. You have the host, DNS, network, and cloud. They have something called SEAS or Suspicious Email Analysis Service, which is awesome because everyone is suspicious of emails, perhaps even multiple times per day. If you multiply that by multiple clients and the number of users per client, you can imagine the volume of tickets that we get within our company to know if it is a phishing email. Having that service from Field Effect where they ingest an email reported by an end user and do the analysis to determine whether to trigger some sort of incident response action or to ignore it because it is legitimate. Having that is amazing. Where they have a gap currently is that they have their telemetry coming from so many different areas of an organization. Field Effect MDR is basically collecting all the data that a SIEM does. I guess to the Field Effect SOC, Field Effect MDR is a SIEM, but a lot of those SIEM capabilities are not fully exposed to end customers or MSPs, such as MSSPs or MSPs like my company. It would be awesome if somewhere on the development roadmap, they continue to evolve the platform and expose more of the native SIEM functionality so that it is available to end customers and not just to the Field Effect SOC.

The UI and SIEM capabilities are two main things that I would love to see. That would make it a slam dunk. They would then cover everything. They have a holistic security defense platform. They have log retention. They have MDR capabilities. Those are massive checklist items in an organization's cyber defense footing. An organization looks for things like compliance assessments, cyber insurance, and cybercrime coverages.

I would certainly love Field Effect to continue to be very judicious in expanding its precious development resources in the pursuit of market competitiveness. I imagine their competitors seeing the success that Field Effect MDR is having with their holistic approach, so I would expect more of that from their competitors. I see them providing a one-stop-shop type of solution. It would be incumbent for Field Effect to continue driving the initiative by expanding its universe of products and services. It would be interesting to see other elements from them that lead to good cyber hygiene. As an IT MSP or MSSP, one of the big challenges for us is a simple thing like patching. We have tools where we can pretty confidently patch operating systems such as Microsoft Windows, Linux, and macOS, but we are not able to patch third-party applications with a high success rate. That is due to a host of causes, some of which are user-driven but a lot of them are platform-related. It would be awesome if Field Effect started to include features like patch management into the mix so that we could leverage the ubiquity of Field Effect MDR to tackle one of our highest service delivery challenges. We are already using some third-party application patching tools, but even with multiple of them in play, we are far below our desired success rate for monthly application updates. I would love to have another layer to that mix to help improve our patch compliance rate. 

I have recently been exposed to an application allowlisting platform. It is very capable, and it is solving some specific needs, particularly for companies that are trying to maximize their cyber insurance spend. If you have application allowlisting deployed, some site insurers are willing to provide more coverage or reduce the premium for those clients. They see that as a very positive or defensive posture and are willing to incentivize it. Currently, Field Effect MDR does not have any form of application allowlisting capability. It would be interesting to have it added to the platform in some fashion. That would be great. The host agent in Field Effect MDR is kernel-based, so it is already well-positioned to do things like application allowlisting.

I believe it has been just over two years.

You have occasional issues with a new hire who might be just out of training, but that is very rare. The majority of times that I contact Field Effect support, I get an analyst who not only seems to be very knowledgeable about our particular deployments but is also aware of the platform and the landscape. The analyst is able to create a nice little intersection of all of those to help provide the best direct guidance for a given situation. I found them to be very effective and responsive.

They follow the sun. If we get after-hours alerts, we are still able to get hold of Field Effect SOC analysts to help us triage or respond to high-sensitivity or high-severity events. Because we are a channel partner of Field Effect, in addition to contacting support directly, I often copy our partner success manager to keep him in the loop regarding what is going on, so we usually get a very good and fast response from Field Effect support. When we have supercritical issues that require immediate and most senior attention, it is awesome to have a champion within Field Effect who knows us. We meet with our partner success manager at least monthly, but often, it is biweekly. It is great having a champion within Field Effect who can immediately escalate issues important to us or our clients. They are great, and they are greater when we get our partner rep involved.

In terms of rating, I hate giving out tens because it does not leave room for growth. I am going through SOC 2 and HIPAA compliance certification right now. I just went through this exercise of documenting all of our vendors and all of the systems that we have running. There are over a hundred, and some of those are packaged applications that we just buy. We are just using them off the shelf. With many of them, however, it is a channel relationship where we are a partner or a reseller, and we have an account rep or some sort of extended relationship, or business development relationship with a provider. Among all of our providers, I can confidently and unconditionally say that Field Effect is the best, so based on that, I would rate them a ten out of ten.

Positive

I was a part of our internal pilot, and I remember us taking a while to get the network appliance deployed. That was not because of Field Effect. When we first partnered with Field Effect, we were unfortunately still in the depths of the pandemic. This would have been 2022. We were just coming out of things. We wanted to do a pilot to evaluate it. We were doing our due diligence, but at the time, common shipping carriers were experiencing massive delays. There were transport delays and supply chain issues. Everything was up and down, so it took a while for us to get our appliance. That also caused a delay or lag in implementing the pilot. It was not due to any fault of Field Effect, but it took us a while to get Field Effect to the point where we could even begin to evaluate it. We finally got it installed and got a feel for it. 

Field Effect MDR has multiple layers. We had just come from another tier-one Magic Quadrant solution. It was also an MDR solution, but it only allowed us to have host-based agents installed. The only thing that was on the network was an appliance to collect agent telemetry that could then feed it to a SIEM. Prior to Field Effect MDR, we had to do a bunch of things with Linux boxes and so forth. It was a one-off per client to do things like SIEM integration, whereas Field Effect, out of the box, gives us multiple layers of telemetry, host, network, DNS, cloud, and email as a trailing indicator. That immediately allowed us to have much greater visibility. We had 360-degree visibility of a protected environment. That was something we had not expected or anticipated. We probably heard it during the early demonstrations and overviews from Field Effect, but we did not fully comprehend it. When we got our hands on the platform, it was pretty evident, very early on, that the platform was superior. It took us a bit longer to then do some field testing to make sure that the technology was working as well as we thought based on what it was reporting and doing. 

We then started doing some pilot tests. We did pilot tests at two clients initially and then at around five clients before we fully committed to the platform. There were upwards of 500 to 750 managed endpoints in this due diligence plus pilot phase. That was when we got to evaluate the SOC because we started getting a significant volume of alerts and AROs. We were then confidently able to say that the platform is awesome. It has multiple layers. It is distributed. It is 360 degrees. It is holistic. Their SOC is effective. They are quick. They are responsive. They are capable and competent, and they are tailored. Each client can have a different service profile, so we can adjust how aggressive or passive we want to be in a given environment based on client requirements and our requirements. That took a while to discover but not due to any failings of Field Effect. It takes a while to go through all of that due diligence and all of that hands-on testing.

Within the first quarter, we were convinced of the capability of the platform. So, after an initial sales cycle or a partnership cycle of maybe two to three months, and then another month and a half of just COVID-related shipping supply chain delays, we could get everything we needed to set up our initial due diligence environment.

A top-tier competitor to Field Effect in Magic Quadrant that we had been using until our switch to Field Effect was a great product, but each capability had an additional charge. We had to license modules separately, and each of those add-ons had to be added onto its own consumption and agreement. It was a nightmare from a billing perspective because we had multiple agreements, and each one had a jagged anniversary or a renewal anniversary. It was a nightmare, whereas Field Effect MDR is one product.

To a colleague who is interested in a cybersecurity solution but says they have never heard of the vendor Field Effect, I would ask if they have heard of CrowdStrike. Have they heard what CrowdStrike did just a couple of weeks ago? Name recognition is not necessarily the be-all and end-all. I am a motorcyclist. I am a car nut. I watch F1 which is a walking billboard of security providers. You have Darktrace. You have CrowdStrike. You have even Bitdefender out there. You have Webroot out there. You have all these folks out there. Some of these are very recognized brands or names. Are they effective forever? No.

We have had very well-recognized platforms that were horrible to operate. They were either ineffective at doing the job they were supposed to do, or they were not highly interoperable, causing lots of problems with particular operating systems. I remember an issue with the Mac platform with a very low-cost and ineffective platform. That caused us to abandon it and use a different platform for Macs because it was highly problematic. Name recognition is great, and one day, Field Effect might be up there as one of those top-tier brands where upon seeing the Field Effect logo, people would say that they are in security, they are top-tier, and they are in Magic Quadrants. It is just a matter of time. 

I would encourage people to do their due diligence and get referrals from Field Effect about partners like me or end customers. Run a pilot. Run a proof of concept. Get the product. Run it for yourself. Try it in the field. Field Effect has been pretty generous at least to the partner community. I do not know what would happen with direct customers for this, but with their channel partners, they are very willing to allow a bit of latitude in making sure that Field Effect is the best fit for an organization. So, name recognition is great, and it helps to shorten that initial introductory meeting because you already know a lot about the company. That is fantastic, but that is merely the start of the relationship. It is not the end. It would be nice if Field Effect had better name recognition, but let us look at the merits of the platform, the capabilities, the success, and the effectiveness of the platform and base our decisions on that.

It is a highly effective platform, but they have room for improvement. I would rate Field Effect MDR a nine out of ten because they have room to grow, but where they are right now is amazing. It is so much ahead of what a lot of other Magic Quadrant providers are offering, particularly in terms of the price point, the simplicity of consumption and billing, the robustness of the partnership, the effectiveness of the partnership, and the scalability that it allows our internal team to have.

It is a part of our security stack to help identify any vulnerabilities for our clients.

It is very important that Field Effect MDR is backed by experts who are constantly monitoring for attacks and risks. The main reason we went with Field Effect was the experience that the CEO brings and the experience we had with the team. Their process for educating us was another reason.

I do not have direct access to its user interface, but I have heard from the team that it is very easy for them to access and see alerts come in. They found it very easy.

We could see its benefits pretty much right away. We started getting the alerts as soon as we started using it. We started to receive alerts on areas that we needed to address right away.

It definitely adds a specific layer of protection. I would not want to be without it, but it is not the only piece that we would use to proactively protect all our threat surfaces. It creates a very good layer, and for myself, the team has been a good access point to be able to get information and share that with clients too. That has been a big help for me. Compared to other software that we use, whenever we need assistance, they are the easiest ones to work with. We can get immediate assistance through chat.

Field Effect MDR helps our security team save time. We do not have to monitor a lot of things and go digging behind the scenes. They are doing that monitoring for us. It has almost added an employee who would have been doing that work for us. It has probably cut down on a third of our workload.

It informs us of the threats that matter and how to address them. We get alerts on even small issues that we do not need to address immediately. It helps to keep such things in the front of mind so that we can plan and schedule. It feels like it has made our operations run smoother because it is alerting us. Instead of just leaving it, we can schedule an update right away. We are addressing things right away. If an immediate problem comes up, we can deal with it as soon as possible because we have already scheduled something smaller, like an update.

Field Effect MDR gives us recommendations on how to reduce our risk. If there is something like a shared folder and they are seeing multiple accesses or credentials, they send us recommendations. We can let the client know as well about those recommendations. These recommendations are very important because our staff does not have to spend time thinking of a solution. The solution is already presented to us. We may add to the solution, but we do not have to spend time looking for a solution.

The alerts that we get are valuable. It notifies us if there is any attempted access and if there are any areas where we need to create more security for clients. It is stopping anything from happening before there is even an issue.

It does not replace everything we need. If they can include an email filter system, that would be great.

We have been using Field Effect MDR since January. We signed up in January. It has been about seven months now.

I have not had any issues with stability. We found the system very quick to reload and send us updates. We found it very quick.

It has been good. We are a growing company. As we are growing, we found it easy to grow with us.

When we see an alert come in and we are trying to find a solution for the client, we sometimes ask for help from the Field Effect team. If we already have the solution, but we are running into any technical difficulty deploying it on the client side, typically, they walk us through that.

I would rate them a ten out of ten.

Positive

This is the first time we are using a product like this. 

Field Effect MDR did not replace any cybersecurity solutions. It added to our cybersecurity solutions. It was something we had to put in place, and we feel that we went with the right company.

It is deployed on the cloud. Its deployment was easy. It was done within the first day. It was very quick.

You can use a team, but we had one person on our team deploying it.

We worked with one consultant through the day as we were deploying it, and he was pretty much available to us although we only needed him for an hour. It was very easy to deploy the rest.

We have not found any maintenance after deploying it.

It is on the high end, but it is worth it for the service that you get from them.

ThreatLocker was a solution we looked at. The reason we did not go with them was that first of all, we did not find their onboarding process as thorough as with Field Effect. The price was a bit of a factor as well. I feel that Field Effect negotiated better with us.

The team is awesome. From a personal perspective, I have done a lot of webinars and different events with the team itself. They have been great at communicating about the product. I would suggest going and signing up for a webinar because they really explain the product well through that. The team will reach out to you after the webinar and follow up and get to know you as well.

To those considering Field Effect MDR, I would advise making sure that your client knows that you are very likely going to uncover some things that you may need to remediate right away. You just need to prepare them. Typically, they are not monetary changes. There may be some policy changes that you have to make within the company. Have that conversation with them so that they are prepared and flexible with those changes when they come.

I would rate Field Effect MDR a ten out of ten.

I use Field Effect Covalence primarily for EDR across various clients. It serves as a crucial layer of backup protection, enhancing overall security measures. The valance feature is particularly appreciated for its effectiveness in safeguarding our systems.

In the beginning, our main goal was to provide our clients with the best possible cybersecurity solution, and that's when we implemented Covalence. The primary objective was to ensure top-notch security, and so far, it has proven effective – we haven't experienced any breaches since its implementation.

The main benefit I have experienced with Covalence over the years is the peace of mind it provides. I don't have to worry about anything – it is a reliable product that has never been hacked.

The most valuable aspects of Covalence for me are the exceptional customer service and the support from the dedicated team.

In terms of improvement, I have discussed with Covalence about improving reporting for vendors like us. While the reporting is good, I would like more of a white-label option with my company's name at the top and a clean look for the report, perhaps with "Field Effect" or "Covalence" at the bottom. They are already working on it, which is great.

I have been using Field Effect Covalence for about a year.

We have not experienced any issues with the stability of Covalence.

The customer support is excellent. They are very fast and helpful. I would rate the support as a ten out of ten.

Positive

The initial deployment of the solution is straightforward.

The pricing for Covalence is great.

It is extremely important to me that Covalence is backed by experts for constant monitoring of attacks and risks.

Managing surveillance with Covalence is super easy. It is user-friendly to the point that even someone without extensive technical knowledge finds it straightforward to handle.

It significantly helps our security team save time in various ways. We are spared from manual monitoring, and we no longer need to rely on other products that may not be as trustworthy.

Covalence is replacing multiple cybersecurity solutions for us. We are in the process of phasing out some, including Arctic Wolf, as we find that Covalence meets our needs more effectively.

Covalence informs me of threats and provides clear recommendations on how to address them. I find the recommendations to be wonderful, making it easy to address and hunt for the rest of the potential threats.

My advice to new users is that Covalence is like our secret weapon in cybersecurity. It might be newer and not widely known yet, but I would strongly advise them not to overlook it – implementing it is a smart move. Overall, I would rate the solution as a nine out of ten.

The main reason we wanted to have an MDR system was to monitor our network both internally and externally for any potential threats or risks that we might have that could create a problem for the business. That's the main reason for it. 

I like the solution in part due to the fact that it is Canadian-based, so being from Canada, I like to work with Canadian vendors if possible. It is very comprehensive, and the price point is better than some of the others that I looked at, which were more expensive, for example, Arctic Wolf and eSentire, and some of the other sick security solutions on the market.

We get regular AROs that alert us of anything that we need to be aware of that's happening. The ARO features are really important since they're also ranked by risk. Something that's high or critical would get our immediate attention. And then medium and low, these are things that we know that we need to address. However, we've got a little bit more time to take a look at them. We've got a really small IT team, and I can't afford to have a full-time security person working for me. Having this as a service where their analysts are reviewing the incidents as they come up is helpful. They can help us troubleshoot or understand the source of the issue. That is really, really important for us as we have no way of doing this otherwise with a team of three people.

I like that surveillance is backed by experts who are constantly monitoring for attacks and risks. That's really the key selling point for me. I want my system to be constantly monitored. You want to know what's happening at all times within the network or even on some of our cloud services. For example, we use Microsoft 365. If someone's trying to hack one of our user's accounts, I want to know that that's happening. With this product, I would get an alert for that.

The ease of managing the product is great. I don't do it myself on a day-to-day basis. The team does it. However, the team likes the software. They understand how it works. When they need assistance, they can ask one of the security experts who will help them do the analysis and understand exactly what's happening, why it's happening, and help them resolve the issue. We've activated the active response, so when there's a risk where they see a particular user account that looks like it may have been infiltrated, it will automatically shut that down. That way, if something is happening, they shut the door right away so that if it's a hack or trying to get in, no one is going to get access.

We make use of the tagging of security threats such as actions, recommendations, and observations. We also have the add-ins for Outlook, as phishing has become prolific now. We're getting a lot of phishing emails. We've trained our employees to be alert when they see a phishing email. They know that they can go and click on the Covalence button in Outlook to report that message. The team is alerted that there was a phishing email that came in that way. In addition to that, when they click that button, it asks them a few simple questions about what actions they've taken. For example, did they click on a link? Did they open a document? Did they actually do anything that might be triggering some kind of a virus or something like that in our network? Covalence gets that information, and they can assess if there's a risk there. 

We now have a single cybersecurity product that protects all of our threat services, and all the endpoints. East, West, North, South - it covers everything on all of our entry points. That's one of the big selling points is that every endpoint and every access point is covered.

Covalence helps our security team save some time. Since I don't actually have a full-time security team, it's really great. The IT team doesn't really have a lot of time to dedicate to security. And they aren't experts. They're more generalists. Therefore, just having access to true expertise in security is really, really important to me. And they're monitoring 24/7. My guys go home at night; they're not necessarily looking at any of the systems to see if something's going on. Having the alerts that come into all of our phones allows us to see right away if there's a high or critical alert, and we can immediately address it whatever time of day it is.

Besides the AROs that are really specific to my network, I get regular monthly reports. They include, for example, when there's a major threat that's out there that's been identified. They'll send out an email, and I can read up on that and determine if there's any risk to my organization.

Cylance gives recommendations on how to reduce risk. We meet regularly with the Covalence team, and we go over the status of our AROs, some of the situations that happened, any concerns, and things like that. They definitely provide recommendations as well on alert observations. Some of the recommendations are less of a priority for us. However, we definitely want to follow through on those so that we're closing the door on any possible threats.

I'd love the price to be a little bit less. I've been in IT for 25 years and security is obviously causing my budget to really balloon from what it used to be. I'm always looking to make things more cost-effective. 

While the interface is pretty good, they could always improve on it and make it more user-friendly. Darktrace, for example, has a really nice interface, however, its functionality wasn't necessarily what we needed. 

We originally started using the solution in February or March of 2022. However, I worked with it at a different company as well and used it there since 2019.

We've had no issues with stability at all. 

The solution is completely scalable. We went through a growth phase last year, and they were able to keep up with that. 

My team has contacted technical support, typically about pretty minor stuff. In the tear we've been on it, we've reached out maybe one to two times. They offer prompt responses. I've never heard anyone complain about them. 

Positive

It did not replace any cybersecurity solutions. However, we did not have anything like this in place. We did look at alternative solutions before we made the decision to go with Covalence. However, we did not really have much of anything other than your basic antivirus software. We needed proactive instead of reactive security, which is why we chose this product.

While I authorized its use, I was not involved in the initial deployment. My staff was. There were two people who handled the implementation. It was mostly handled by one individual, however.

It's maintained by the vendor, and they do that remotely.

I've never sat down and calculated the ROI.

While they were very competitive compared to some of the other ones we looked at, I'm always looking to reduce my costs.

I'm a customer and end-user.

If someone was interested in an MDR system, I would definitely tell them to look at this product and include them in any vendor comparison that they were doing. They're very comparable to the other bigger, more well-known MDR solution providers out there. They bring a lot to the table. The company was founded with members from the Canadian National Defense. They really know what needs to be done at the highest levels of security, and they were able to take that knowledge and experience and build a solution that is comparable to all of the others out there. 

They're a good team to work with. It's really important to me to have a team who are responsive and good to work with. 

I'd rate the solution ten out of ten.

My workplace experienced a service security incident, and we engaged the Field Effect team to assist us with investigation and recovery. As part of their services, they implemented the Covalence monitoring solution. After the initial three-month engagement, we opted to retain the solution and continue using it.

It is of paramount importance that the surveillance system is continuously monitored for attacks and risks by a team of qualified experts. This is one of the primary reasons why we chose Field Effect.

Device management is straightforward. The solution is practically ready to use. It took less than an hour to install their appliance and agents, and it is straightforward to configure and monitor.

Tagging security threats enhances the system's learning capabilities. However, in our environment, if an event is tagged as non-threatening, the system will disregard it in the future and learn from the process.

Covalence offers a unified solution that proactively safeguards against various threats.

Covalence helps identify issues even when we're not actively looking for them. This helps our security team save around ten percent of their time.

Covalence keeps us informed of potential threats and guides how to address them if they materialize. Since its implementation, we have not encountered an actual threat, but it does alert us to potential issues.

Covalence bolstered our confidence in our security posture. As a result, we now sleep better at night knowing that Covalence safeguards our data.

It recommends actions to take to mitigate risk. This is crucial because it identifies the nature of the risk and provides solutions to address it. Therefore, it is of substantial importance, and it is our responsibility to either heed these recommendations or disregard them if we deem the risk insignificant or unrealistic.

The most valuable aspect of Field Effect Covalence is its ability to continuously monitor for and identify potential threats.

Currently, Covalence responds to threats by deleting the entire machine. However, it would be more effective if it could surgically isolate the specific malicious process instead of deleting the entire machine. This would minimize disruption and allow for a more targeted response to the threat.

I have been using Field Effect Covalence for six months.

I have noticed a slight slowdown when using the better agent on my machine, but I have never experienced a crash, to my knowledge. The slowdown is also not that significant, as it only occurs during startup.

Covalence is quite scalable. As a small organization, we believe we have ample room to grow with our current implementation. If we were to expand, we believe Covalence could scale with us by adding additional appliances.

The initial deployment was straightforward and took only one hour to complete. We were up and running quickly. We coordinated with the Field Effect's personnel and one individual from our team for the deployment.

The implementation was completed in-house.

Covalence is a threat solution that provides a high return on investment when a real threat is encountered. Fortunately, we have not yet faced such a situation. However, if we were to encounter a significant threat, I would estimate that the return on investment could be in the range of hundreds of times the cost of the solution, even with just a single incident.

The pricing was very reasonable. We were particularly impressed with their pricing model, which charges per user rather than per system. This is especially beneficial for companies like ours that have a large number of systems and therefore require multiple systems for each user. This pricing model will be much more cost-effective for us than the competition's models.

I would rate Field Effect Covalence eight out of ten.

In addition to Field Effect Covalence, we also use an antivirus, a perimeter firewall, various password protection tools, and phishing tools.

Covalence requires minimal maintenance, just the monitoring essentially. Monitoring and looking at the action alerts.

I highly recommend Field Effect for several reasons. Firstly, they cater to businesses of all sizes, from small and medium-sized enterprises to large corporations. Their pricing is competitive, and their solutions provide peace of mind by enhancing overall cybersecurity posture. I wholeheartedly endorse their services.

When comparing Field Effect's pricing model to that of its competitors, businesses should consider the importance of the granularity of threat isolation.

We use Field Effect Covalence at three automotive car dealerships to monitor all of our endpoints and make sure that they comply with updates and security and to notify us of any threats or vulnerabilities that they may have.

Covalence being backed by experts who are constantly monitoring for attacks and risks is important to us.

Managing Covalence is easy.

The actions, recommendations, and observations work well and are timely. The only frustration we've had is when there is certain software that's out of date and it keeps finding traces of the software that did not get updated or uninstalled. Overall, they work very well.

Covalence's benefits were clear from the start. It revealed the significant outdatedness and deficiencies in our existing systems, and within just a few months, it identified a security vulnerability we would have completely missed otherwise.

Covalence informs us of threats with minimal false positives.

Covalence helps us mitigate security risks by recommending actions like keeping software current, removing unnecessary or unknown programs, and eliminating applications that could potentially compromise our organization.

The most valuable features are AROs, which provide timely notifications for out-of-compliance or out-of-specification detections. Additionally, the recently introduced endpoint view, which displays the health status of our network endpoints, has become an essential daily tool.

While Covalence addresses our notification and visibility needs, it falls short in keeping information up-to-date, which is where our MSP comes in to supplement its functionality.

I'd love to see a feature in Covalence that allows manually removing endpoints from the view and receiving notifications if they come back online. Currently, I use the Endpoint View daily, but some systems stay online for up to 30 days even when no longer in service. The ability to manually remove these would be very helpful. Additionally, since Covalence is a key tool for software updates and patch management notifications, it would be fantastic if it could automate some of this process or provide links to the latest software versions. While Covalence highlights the need for updates and what needs to be done, it doesn't necessarily point users to where they can find the software itself.

I have been using Field Effect Covalence for four years.

Field Effect Covalence has shown minimal stability issues, with only one incident attributable to a five-year-old hardware appliance.

Field Effect Covalence is highly scalable. It happens naturally as we add and remove devices.

The technical support team is professional, helpful, and responsive. I can't recall ever encountering an issue that they couldn't resolve.

Positive

The initial deployment of Covalence proved challenging due to my lack of experience, but subsequent deployments were much smoother as I gained familiarity with the process.

Our last two deployments took a couple of hours to complete.

I typically deploy the hardware and maybe help with the group policy. But then, for the most part, our managed service provider IT company, sets up the group policy, and it pushes it out that way the first time, and then it's just an ongoing automated process after that.

While I have not seen a quantifiable return on investment from Covalence, a major cybersecurity incident could have been incredibly expensive, highlighting its potential importance.

Field Effect Covalence's pricing is just right.

I would rate Field Effect Covalence nine out of ten.

The only maintenance Covalence requires is updating the endpoint agent twice a year, at most. These updates are released by Field Effect and necessitate modifying the group policy to reflect the new version. This is because the old group policy won't work with the updated agent.

Completely unfamiliar with Field Effect before consulting for an end user, I've come to appreciate it immensely. Now, it brings me real peace of mind.

My advice to almost everyone I've talked to about Covalence is that in the first few months, there's gonna be a lot of leg work, bringing your systems up to date and in compliance with what the AROs are recommending. But once you have them up to date and know what to look for, it's pretty easy maintenance going forward of your network.

We're a managed service provider. So we resel Field Effect Covalence services to our customers for cybersecurity.

Field Effect Covalence can be deployed on-premises, in the cloud, or as a hybrid depending on each customer's requirements.

It is imperative that Covalence is backed by experts who are constantly monitoring for attacks and risks.

Managing Covalence is straightforward.

With Covalence, we have seen increased security, increased revenue, and a fuller product line, which helps us move into the security market.

Covalence provides a single cybersecurity product that proactively protects all of our threat surfaces.

It is nice that Covalence reduces the number of cybersecurity products needed by providing three threat services.

Covalence's 24/7 monitoring significantly reduces our security team's workload.

Covalence informs us of threats and provides recommendations on how to remediate them.

What I like the most about Field Effect Covalence is the ease of deployment, the fact that it's cost-effective to roll out, and it is reasonable. It's at a really good price point, and it provides great protection.

Field Effect Covalence could benefit from enhancing its packing slip process. When receiving multiple devices simultaneously, it can be challenging to initiate setup due to inadequate labeling on the packing slips, which often fails to clarify device-to-customer associations.

I have been using Field Effect Covalence for two years.

Field Effect Covalence is stable. We have not experienced any issues.

Field Effect Covalence is scalable.

The technical support responds quickly.

Positive

We have seen a return on investment with Field Effect Covalence.

The pricing is comparable to what else is out there.

I would rate Field Effect Covalence a nine out of ten.

Someone interested in a cybersecurity solution but has never heard of Field Effect Covalence, should check it out.

To anyone looking at Field Effect Covalence, I recommend doing their homework, doing a demo, comparing pricing, and ensuring it fits their environment.

Field Effect MDR forms part of our robust security solution bundle for our clients as well as internally. It has helped us consolidate IDS/IPS functionality. 

We primarily manage IT services for clients, including infrastructure (servers, networks, storage), software (applications, security tools), user support (helpdesk, remote support), security (threat detection, compliance), and cloud services (hosting, SaaS). 

Our offerings include proactive monitoring, SLAs, scalability, and cost efficiency, providing businesses with expert support, allowing them to focus on core activities, and ensuring reliable, up-to-date systems.

The solution has helped us consolidate our security tools stack. The rich feature set has enabled us to retire a couple of individual solutions that performed only a single function. This has reduced our overall spending with a healthy ROI. 

By integrating various security functionalities into a single platform, we have streamlined our operations and improved efficiency. This consolidation has simplified our security management. It also enhanced our ability to respond to threats more effectively. 

In the past, managing multiple security tools was a complex and time-consuming task. Each tool required its own updates, maintenance, and monitoring, which often led to inefficiencies and gaps in our security posture. With the new consolidated security stack, we have a unified approach that ensures all aspects of our security infrastructure work seamlessly together.

One of the most useful and impressive features of the system is its detailed notification mechanism. Rather than merely identifying a threat or potential threat, the system goes a step further by providing actionable recommendations along with clear steps to take in response. This proactive approach ensures that technicians are not left guessing about the next steps, thereby enhancing their ability to respond swiftly and effectively. 

Moreover, the notification includes detailed information on compliance and aligns its recommendations with best practices and industry standards. This comprehensive and integrated notification system has significantly increased our efficiency in addressing security incidents, allowing us to provide prompt and well-informed resolutions. By offering a combination of threat identification, actionable guidance, and compliance information, the system has become an indispensable tool in our security infrastructure.

It would be greatly beneficial to integrate compliance-related reporting directly into the portal. By doing so, users could easily monitor and evaluate compliance levels in relation to popular security standards and frameworks such as ISO 27001, NIST, CIS, and AICPA TSC. This feature would provide a comprehensive overview of adherence to common controls, enabling more efficient identification of areas needing improvement and ensuring that the organization remains aligned with critical regulatory requirements. 

Furthermore, it would streamline the auditing process by offering detailed insights and facilitating proactive compliance management, ultimately enhancing the organization's overall security posture.

I've used the solution for four months.

The solution has been quite stable so far.

The solution is highly scalable, catering to for multiple network endpoints.

We switched solutions to consolidate our security toolset.

The initial setup was straightforward for the most part, and the management portal is very user-friendly.

We implemented the solution with our in-house team.

It is quite reasonable for the rich feature set we receive.