Buyer's Guide
EDR (Endpoint Detection and Response)
November 2022
Get our free report covering McAfee, CrowdStrike, Microsoft, and other competitors of McAfee MVISION Endpoint Detection and Response. Updated: November 2022.
656,862 professionals have used our research since 2012.

Read reviews of McAfee MVISION Endpoint Detection and Response alternatives and competitors

Joerg Aulenbach - PeerSpot reviewer
IT Administrator at DM-Drogerie Markt
Real User
Top 10
A seamless solution for Windows with good reporting and performance
Pros and Cons
  • "The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff."
  • "We encountered some misbehavior between Microsoft Office Suite and Defender. We had issues of old macros being blocked and some stuff going around the usage of Win32 APIs. There is some improvement between the Office products and Defender, and there is a bunch of stuff that you can configure in your antivirus solutions, but you have several baselines, such as security baselines for Edge, security baselines for Defender, and security baselines for MDM. You have configuration profiles as well. So, there a lot of parts where we can configure our antivirus solution, and we're getting conflicting configurations. This is the major part with which we're struggling in this solution. We are having calls and calls with Microsoft for getting rid of all configuration conflicts that we have. That's really the part that needs to be improved."

What is our primary use case?

We are one of the major drug stores in Germany. We are located in 13 European countries such as Austria, Bulgaria, Czech Republic, and Poland. I'm working here as an IT Administrator, and I'm focusing on software deployment and antivirus solutions.

Our use case is that we got to have antivirus. Cyber insurance forces us to have an antivirus solution that meets the requirements the insurance has. 

In terms of deployment, we're using Defender without ATP in the old world. For domain-joined clients and on the Intune-managed clients, we use Defender in combination with ATP. The on-prem clients are usually old-school domain-joined clients.

We have its latest version. We always try to be at the newest version.

How has it helped my organization?

In the old world, we have Defender in combination with SCCM. It's not as good as Security Center, but you have all the reporting stuff that tells you whether your clients are up-to-date or not. The ATP Security Center is the mercy dispense of antivirus solutions because it is so much more than just antivirus. Microsoft Security Center comes with the ATP license, and it provides a really compact but whole view of your tenant and the vulnerabilities in your tenant. I feel that my administration got more proactive than just reacting. I can see that my Office is not up-to-date, or a client is using the old version of Firefox or Adobe Reader. So, Security Center tells me all this, and I can proactively update these clients and have a look at the bad guys in my environment. That was the part that McAfee never showed. I could see my clients with old signature files or engines, but McAfee Orchestrator didn't show the actual vulnerability of the client, which is the great benefit of Microsoft Security Center.

What is most valuable?

The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff.

What needs improvement?

We encountered some misbehavior between Microsoft Office Suite and Defender. We had issues of old macros being blocked and some stuff going around the usage of Win32 APIs. There is some improvement between the Office products and Defender, and there is a bunch of stuff that you can configure in your antivirus solutions, but you have several baselines, such as security baselines for Edge, security baselines for Defender, and security baselines for MDM. You have configuration profiles as well. So, there a lot of parts where we can configure our antivirus solution, and we're getting conflicting configurations. This is the major part with which we're struggling in this solution. We are having calls and calls with Microsoft for getting rid of all configuration conflicts that we have. That's really the part that needs to be improved. 

It would be cool to have just one interface or only one or two locations where you configure the stuff. Currently, they have three locations where you can configure your antivirus. Three locations are too much, and there is too much conflict. It is not a one-to-one configuration. There are some configuration settings that you can only do in SCCM. You don't find them in MDM. So, it's not always one-to-one. 

The last point of improvement is related to the quality of service that Microsoft provides. The quality of service that Microsoft provides should be improved.

For how long have I used the solution?

We have been using Defender for two years. Two years ago, we migrated from McAfee Endpoint Protection to Defender Antivirus. This migration process took us one year to migrate all systems. So, we're now totally on Microsoft Defender on all workstations and servers.

What do I think about the scalability of the solution?

Scalability and deployment always depend on how many of your clients are online. There is no problem with the scalability and deployments of servers because they are online 24/7, but client management is different than server management. We are located in 13 countries, and we have about 9,000 clients. Of course, they are not always online because of which you're always struggling with your client management. 

How are customer service and technical support?

If you open a call with Microsoft, you're in God's hands. Some of their engineers are top-notch and some are not. We have some strange calls going on for weeks and months, and nothing is happening. There are always the same questions. The quality of service that Microsoft provides should be improved.

Which solution did I use previously and why did I switch?

We migrated from McAfee Endpoint Protection to Defender Antivirus. I worked with ePolicy Orchestrator from McAfee for almost 20 years. The user interface of McAfee was fine, but the hassle began with Windows 10. Updating McAfee and the endpoint security stuff was always a hassle. We had to update all the McAfee stuff before having a feature update, so we were always in this hassle of the update process of either McAfee or Windows. Defender is a seamless solution for Windows. 

Microsoft has done a lot to improve Defender. There are not so many differences between basic scanners. If you look at the Gartner studies, Defender has really improved a lot. It came out one or one and a half years before we started to migrate our clients to Intune MDM solution, and within this migration to MDM managed clients, we also established advanced threat protection (ATP) with Defender. It met our requirements perfectly, and we did penetration testing for the solution, and it turned out to be perfect. 

How was the initial setup?

The deployment process is okay. Of course, you always struggle at several points, but overall, the deployment is fine for Defender.

Which other solutions did I evaluate?

We evaluated a lot of different scanners, such as Passkey. McAfee ePolicy Orchestrator now comes with the option to integrate within Microsoft Security Center, but McAfee came up with its solution a little bit too late. 

In the on-prem world, we are using Microsoft Defender in combination with the endpoint manager to SCCM, and it is fine. I really prefer the interface of McAfee ePolicy Orchestrator, but it doesn't have as many benefits as Microsoft Defender in combination with SCCM.

What other advice do I have?

In terms of the end-user experience, end-users don't like to be bothered with the virus scan. A virus scan is always annoying for the end-user. An end-user cannot actually configure the antivirus and only gets a notification if something is wrong or some malware is found. That's it. There is not really an end-user experience.

The performance of the client is fine with Defender. We are not encountering many performance issues or any serious issues with Defender. When we turned over to Defender, some of the applications that were functioning absolutely flawlessly with McAfee started to have serious performance issues. So, we had to define an exclusion list for some of the processes or applications, but there are always some applications that needed exclusions for McAfee or Defender.

I would rate Microsoft Defender for Endpoint an eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director of IT at a tech services company with 51-200 employees
Real User
Top 20
Responsive and fast support, easy to deploy, well-tuned to ignore false positives
Pros and Cons
  • "We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur."
  • "It would be nice if the dashboard had some more information upfront, and looked a little better."

What is our primary use case?

We use this product for endpoint security and threat remediation.

How has it helped my organization?

The fact that this is a cloud-native solution that provides us with flexibility and always-on protection is absolutely important, especially with a good majority of our staff working remotely, now.

We've had security incidents that occurred and within a matter of just a couple of minutes, they were completely remediated and fixed and we didn't even have to think about it. We just got the report after the fact.

Falcon's ability to prevent breaches is excellent. It's affected us in that we haven't had any downtime as a result of breaches or any malware or anything like that. Ultimately, it's given us a lot of our time back. On the IT side, this is at least five to ten hours per week. On the user side, it is probably more.

What is most valuable?

The most valuable feature is threat remediation. We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur.

CrowdStrike takes care of all of the updates, so we don't even think about it or see it. This is great because we definitely spent a lot of time doing that kind of thing with our previous solution. Now that we haven't had to do it in four months, it's not even something we consider anymore.

We use both the endpoint and cloud workload protection and the detection and prevention it provides are excellent. It's tuned well to the fact that there can be a lot of false positives, so there's not a lot of potential issues that we're getting alerted about that aren't real. This means that when we do get alerts, we know that they're real and they're already being remediated for us.

What needs improvement?

It would be nice if the dashboard had some more information upfront, and looked a little better. Having a cooler dashboard is nice to have, although it is not as important as the functionality, which is very good.

For how long have I used the solution?

I have been using CrowdStrike Falcon for approximately four months.

What do I think about the stability of the solution?

The stability is great and we haven't had a single issue.

What do I think about the scalability of the solution?

It was originally deployed to 200 users and we haven't really grown since we started, so I can't speak to scalability. This represents 100% adoption in our organization, and there are no current plans to grow. As we hire more people, our usage will increase.

There are two people who work with it on a daily basis. There is the director of IT and a network administrator.

How are customer service and technical support?

The technical support is excellent. I've only used it a couple of times and they were extremely responsive and very fast.

Which solution did I use previously and why did I switch?

Prior to implementing CrowdStrike, we used BlackBerry Cylance. We switched for the ability to have full remediation so that we didn't have to do it ourselves. Also, this product is pretty much best-in-class for endpoint protection.

The only real difference that we have found with CrowdStrike, compared to Cylance, is that we no longer have to spend time remediating our issues. The detection and prevention capabilities are similar, although, with CrowdStrike, we have fewer false positives.

How was the initial setup?

The initial setup is extremely easy. It took me about five minutes to deploy it to my entire organization of about 200 users. The single-center process is extremely important because it's something that we were worried about, but it turned out to be a non-issue because it only took five minutes and we haven't had to think about it again.

We initially had a plan for deployment but once we found out how easy it really turned out to be, it was basically a one-step plan.

What was our ROI?

Our return on investment comes from the fact that there is less downtime for people that do get malware and other such problems. That is something that can be quantified.

What's my experience with pricing, setup cost, and licensing?

We made use of the free trial and the process for getting set up was extremely easy. We spoke to our sales rep and in our discussions and demos, they offered the free trial. We accepted, they sent me a link and I downloaded the agent. I was then able to install it and login in less than five minutes.

Having the free trial was very important in making our decision to implement CrowdStrike because without being able to test it, it's not something that we would have chosen.

The pricing is definitely high but you get what you pay for, and it's not so high that it prices itself out of the market. That said, it's definitely one of the highest. There are no costs in addition to the standard licensing fees and the fact that it's keeping us safe, and it's proven that it works, is worth it.

Which other solutions did I evaluate?

We evaluated solutions from several vendors including Sophos, Trend Micro, McAfee, Kaspersky, and perhaps another one. A lot of these other endpoint solutions don't offer a full remediation option, and that was a big deal for us.

Also, reputation was important. We had used a couple of others in the past and there were issues where they would make an update that would negatively affect all of our computers. For example, our users could no longer access certain important websites. We haven't had that problem with CrowdStrike.

In terms of ease of use, CrowdStrike is extremely easy. Comparatively, we've had less time in the administration console than we have previously.

What other advice do I have?

My advice for anybody who is looking into implementing CrowdStrike is to go ahead and do it. There is nothing to worry about and they deliver as promised.

I would rate this solution a nine out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SimonClark - PeerSpot reviewer
Cyber Security Advisor - Director at Fort Net UK
MSP/MSSP
Top 5Leaderboard
High-quality threat intelligence, including encryption and mobile device protection
Pros and Cons
  • "The nice thing about Bitdefender is that it has modules and layers that you can add as the requirement becomes more sophisticated and dangerous or threatening."
  • "The one thing I'd say about their complete MDR product is that it's too expensive, which is why I prefer to use an alternative SOC and integrate Bitdefender to a different SOC on their own."

What is our primary use case?

We offer Bitdefender GravityZone Ultra to our clients. GravityZone Ultra has features such as encryption. I can do anything from their simple core, which is just antivirus, to their complete MDR product if necessary. However, what I usually do is install core plus ATS with encryption and then integrate that with the SOC service so that you only have to look at the SOC interface to monitor the Bitdefender logs. Essentially, it streamlines the SOC.

It's a product from EDR. We are monitoring endpoints for malicious code. It's a basic antivirus. We are also looking for day-zero attacks and for anomalous behavior as well. That's it, ostensibly.

What is most valuable?

It's a very comprehensive product. I like the fact that Bitdefender is used by about 38% or more, of other security vendors is another type of tick box that lends credibility.

What needs improvement?

If we're simply looking at endpoint monitoring, I think the problem is that your basic antivirus, your standard anti-virus, is woefully inadequate.

If you think about small to medium-sized enterprises, my concern is that if they ask for guidance, they'll be told to turn on antivirus. They'd presumably get McAfee or Norton or something similar as an antivirus program. Then they'll probably be told to turn on their Microsoft Defender firewall and not do much else. That is a very dangerous position to be in, because, as we all know, phishing attacks are becoming increasingly sophisticated. They get past people's perimeter defenses, and the staff is deceived into clicking on them, putting them in danger. There are numerous techniques to consider.

Small businesses can get a complete security package from me. It has six layers of security, including Bitdefender's antivirus and encryption, as well as interaction with a security operations center. There are more levels to it, but those three are critical since most antivirus programs, even those from businesses like Sophos and McAfee, and less so from Symantec, appear to have changed who they want to market to at the present.

All of those firms are dreadfully short, whereas Bitdefender if you look at the marketing and blogs and technical stuff that Bitdefender releases on a daily basis, is far superior. Bitdefender is producing extremely high-quality threat intelligence. And if you look at Gartner's right-hand side of the Quadrant, Bitdefender is currently rated as their best endpoint security product, according to Gartner.

The one thing I'd say about their complete MDR product is that it's too expensive, which is why I prefer to use an alternative SOC and integrate Bitdefender to a different SOC on their own.

More integrations are always beneficial.

For how long have I used the solution?

I have been dealing with Bitdefender GravityZone Ultra for two years.

It could be either cloud or on-premises. In fact, I just sold a Bitdefender solution that includes protection for their mobile devices. As a result, Bitdefender for their workstation is cloud-based. Bitdefender for their mobile must be an on-premise device appliance.

What do I think about the stability of the solution?

Bitdefender's stability has never been an issue for me. That's not to suggest other companies haven't had issues, but I haven't had any.

What do I think about the scalability of the solution?

In terms of scalability, I've installed it on companies as small as two people and as large as hundreds of people. In my opinion, it scales perfectly well. The nice thing about Bitdefender is that it has modules and layers that you can add as the requirement becomes more sophisticated and dangerous or threatening.

How are customer service and support?

We handle the majority of tech support. I have firsthand knowledge of it. They're responsive, intelligent, and generally good.

Which solution did I use previously and why did I switch?

I have prior experience with the Cisco Secure Endpoint product, that's true, but it's a little rusty. I previously worked for Cisco. I'm familiar with AMP and AnyConnect, as well as their various solutions. However, it is most likely out of date.

I deal with numerous other vendors, Bitdefender in particular, but also with certain other managed service providers that offer entire solutions. In addition, I offer a managed secured operation center service to my clients. Within my experience, I have my own service as well as merchandise from other suppliers.

How was the initial setup?

Its implementation is straightforward. It's very simple. I'm going through a setup at the moment, although, I am not the technical guy who does it, I know the feedback is that it's very simple.

I'm installing it on about 250 endpoints for a company, and I expect it to be available in two days.

What's my experience with pricing, setup cost, and licensing?

The pricing is competitive.

I offer it in two forms. I either sell it as an annual license, which is fine if consumers want it that way, or as a managed service.

I can purchase a Bitdefender license as a managed service, which allows me to take responsibility for monitoring and maintaining it on behalf of my clients. They have both models at their disposal. 

They have a choice in terms of licensing fees. They can purchase it as a managed service on a monthly subscription basis, or they can purchase an annual or three-year contract, as I do. It makes sense. When you sign a three-year contract, the price drops, and it doesn't make sense to replace an end-point solution every 12 months. It's a great deal if you buy it through me.

What other advice do I have?

Yes, I would recommend this solution to others who are interested in using it.

I would rate Bitdefender GravityZone Ultra a ten out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Head of Security and Operational Risk at Medianet
User
Great real-time click protection, web filtering, and compatability
Pros and Cons
  • "We are able to manage all our endpoints from a single cloud console."
  • "It would also be great to include DLP capabilities for the endpoint so that we do not have to deploy additional agents on servers or PCs or use additional products."

What is our primary use case?

As a financial company, we use the solution to provide security to our CDE environment and compliance with all PCI requirements. This tool enables us to provide security to the endpoints and also, to comply with local and foreign regulations regarding platform security.

We use this solution to protect all our endpoints, including personal computers and mobile phones. 

We have deployed the solution in Windows, Linux servers, workstations, and mobile phones. 

We also use the web filter capabilities both on mobile phones and on corporate computers.  

How has it helped my organization?

We now have so many capabilities we did not have before, as follows:

  • We are able to manage all our endpoints from a single cloud console
  • We don't need adicional on-premise servers to run this solution
  • The time that the endpoint refresh and identify new policies is very short. It takes seconds and this is a great value for us to fight emerging threats
  • We are now able to protect web browsing in all web browsers and also we don't need additional policies to block browsers in private browsing
  • The integratión with our SIEM solution was very smooth and the solution provides valuable information for security analysis

What is most valuable?

The most valuable aspects include:

  • Web Filtering. This feature is easy to manage, and it applies new policies in seconds. 
  • Real-time Click Protection. It protects the user from phishing attacks in real time. 
  • Compatibility with Windows, Linux, Android, and Mac. We don't need additional solution to protect all our endpoint. 
  • Cloud Management. This feature allows us to reduce our operating burden and also improve our TCO.

We now have the ability to block a compromised machine from the network.

We now have the ability to block in near real-time IOC.

What needs improvement?

It would also be great to include DLP capabilities for the endpoint so that we do not have to deploy additional agents on servers or PCs or use additional products. 

It would also be great to include FIM capabilities for the Endpoint so that we do not have to deploy additional agents on servers or PCs or use additional products.

It would be great if we could have additional DLP capabilities to identify personal information or any kind of information to comply with regulations that require information protection. 

For how long have I used the solution?

I have been using the solution for about three months.

What do I think about the stability of the solution?

We haven't had any problems or downtime since we acquired the solution. It is stable.

What do I think about the scalability of the solution?

The solution is scalable. It is quite simple to add new endpoints to the solution or add additional features, all with zero downtime. 

How are customer service and support?

Customer support and channel support are also always willing to help. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have been using McAfee Endpoint protection for about ten years. We were missing so many features and needed additional tools and effort to protect our endpoint. 

How was the initial setup?

It took a few minutes to deploy the whole solution.

What about the implementation team?

It was through a vendor. They were experts on the product.

What's my experience with pricing, setup cost, and licensing?

The costs depend on the company size. In my case, I was able to have all the features, including email protection, remote access, mobile protection, and endpoint protection, for a great price. 

Which other solutions did I evaluate?

I evaluated Trend Micro and McAfee.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Cyber Defense Advisor | Founder Executive at a tech services company with 1-10 employees
Real User
Top 20
Good support, straightforward deployment, and helpful for instant response to threats and incidents
Pros and Cons
  • "The response part of EDR was most valuable. We used that to separate the endpoint from the network. We utilized the solution during the instant response. We were also utilizing advanced malware detection capabilities, but we benefited the most from its help with the response."
  • "In some cases, the detection part was not accurate enough. We opened a few cases for the vendor to help us with some miscategorized findings on the endpoints. There were some false positive detections, and we had to work with the vendor to get them tested. We even had some incidents that were not detected. It was a black box type of solution for us."

What is our primary use case?

I used it in my previous company. From an end-user perspective, I was the manager of the Cyber Defense Center that was in charge of the whole deployment and daily operations. I was using it as a Site Media Operations Manager.

What is most valuable?

The response part of EDR was most valuable. We used that to separate the endpoint from the network. We utilized the solution during the instant response. We were also utilizing advanced malware detection capabilities, but we benefited the most from its help with the response.

What needs improvement?

In some cases, the detection part was not accurate enough. We opened a few cases for the vendor to help us with some miscategorized findings on the endpoints. There were some false positive detections, and we had to work with the vendor to get them tested. We even had some incidents that were not detected. It was a black box type of solution for us.

For how long have I used the solution?

I used it for one year. 

How are customer service and support?

I have no complaints. I would rate them a five out of five.

Which solution did I use previously and why did I switch?

It was a new deployment. We previously didn't have any similar solution in that company.

How was the initial setup?

It was pretty straightforward. Its deployment took half a month. It was quite a big deployment. We had quite a lot of end-user devices. We deployed it for 10,000 devices. We had around 20 security operations staff members at that time.

What about the implementation team?

It was driven by an in-house engineering team, but we leveraged some integrator companies as well. We had three members in the engineering team who took care of the deployment and everyday operations. During the deployment phase, we got help from integrators. So, we had two additional FTEs during the six-month implementation period.

What was our ROI?

In terms of ROI, if one is the best, I would rate it a two out of five. We had some false positive detections. We even had some incidents that were not detected. We did not get the expected level of visibility through FireEye.

What's my experience with pricing, setup cost, and licensing?

It was an annual fee. There was just one overall fee.

Which other solutions did I evaluate?

It was a very hard decision to make. We did a comparison with some other competitor products. One of them was Palo Alto Networks Cortex XDR, which was the biggest competitor at that time. We even checked Microsoft ATP and McAfee. So, we compared a couple of products before selecting FireEye.

What other advice do I have?

Organizations trying to or going for the FireEye solution should understand that they won't be able to see under the hood or what is happening within the product. FireEye is quite a black box solution. Understanding why certain findings got a particular verdict is not easy. If you want well-automated operations and you don't have an advanced operations team that wants to check the verdicts and understand how the product is working and making decisions, then it is good for you. If you have proper engineering skills on board and your operations teams want to understand the basic logic within the product that they are using on a daily basis, this might not be the best product for you.

I would rate it an eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
EDR (Endpoint Detection and Response)
November 2022
Get our free report covering McAfee, CrowdStrike, Microsoft, and other competitors of McAfee MVISION Endpoint Detection and Response. Updated: November 2022.
656,862 professionals have used our research since 2012.