IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Managed Detection and Response (MDR)
July 2022
Get our free report covering Dell Technologies, CrowdStrike, Arctic Wolf Networks, and other competitors of SentinelOne Vigilance. Updated: July 2022.
622,645 professionals have used our research since 2012.

Read reviews of SentinelOne Vigilance alternatives and competitors

Senior Security Consultant at a tech services company with 501-1,000 employees
Reseller
Top 10
Easy, lightweight, 100% reliable, and able to stop zero-day and ransomware attacks
Pros and Cons
  • "It is a major anti-malware solution. It can stop zero-day attacks and ransomware attacks. There are so many features in CrowdStrike. Falcon Overwatch is a valuable module. It is lightweight on the endpoints. It doesn't have any scanning mechanism. It works on artificial intelligence, static analysis, and dynamic analysis. There is no signature available on this. It is a pretty easy solution. It is cloud-based, so there is no driver maintenance or anything like that. You can go anywhere in the world. If you have internet, you'll get connected to the cloud and the policies that it contains. It is pretty simple."
  • "Its support should be improved. The product is amazing, but the problem is that their support team is overconfident about the product. If something happens, they don't listen. They keep arguing with the customer. It should have more reporting. Reports are not that customizable. We need customizable reports for our customers, but they not there in CrowdStrike as well as SentinelOne."

What is our primary use case?

It is an advanced anti-malware solution. Our clients replace the existing traditional antivirus with this solution. We are an implementer. We sell this solution, and then I go and understand the existing environment to deploy it.

What is most valuable?

It is a major anti-malware solution. It can stop zero-day attacks and ransomware attacks. There are so many features in CrowdStrike. 

It is lightweight on the endpoints. It doesn't have any scanning mechanism. It works on artificial intelligence, static analysis, and dynamic analysis. There is no signature available on this.

It is a pretty easy solution. It is cloud-based, so there is no driver maintenance or anything like that. You can go anywhere in the world. If you have internet, you'll get connected to the cloud and the policies that it contains. It is pretty simple.

What needs improvement?

Its support should be improved. The product is amazing, but the problem is that their support team is overconfident about the product. If something happens, they don't listen. They keep arguing with the customer.

It should have more reporting. Reports are not that customizable. We need customizable reports for our customers, but they not there in CrowdStrike as well as SentinelOne.

For how long have I used the solution?

I have been providing this solution for three years.

What do I think about the stability of the solution?

It is a 100% reliable solution. We had some small glitches with it, but we were able to rectify those issues by tuning it.

What do I think about the scalability of the solution?

It is pretty good. We have four customers, and there are a total of 15,000 to 20,000 users.

One of our clients has been using this for over a year now, and they have acquired more companies. They will possibly buy more. They really like the product and are happy with the product.

How are customer service and technical support?

The first level of support is with us. If I'm not able to solve an issue, then I'll raise a case to Falcon with the help of the customer. I get guidance from the customer to raise the ticket about the issue and everything. As a partner or a vendor, we cannot raise a case for another customer. 

Their support team is overconfident about the product. If something happens, they don't listen. They keep arguing with the customer.

Which solution did I use previously and why did I switch?

I have got experience with SentinelOne Vigilance. The major difference between SentinelOne Vigilance and CrowdStrike Falcon is the pricing. CrowdStrike is more expensive. Otherwise, both work in almost the same manner. They are cloud-based, and they are next-generation endpoints. They block cyber attacks. 

How was the initial setup?

Its initial setup is straightforward. It is pretty simple. It is a very powerful product that doesn't take much time to be set up. Unlike traditional antivirus, you don't need to create a lot of policies and build up the server. I have a link, and I enable the license and download the agent. That's it. It is pretty fast. 

The deployment duration depends on the environment and the number of clients. It could take from three days to one week depending upon the number of agents. In most cases, the customer will opt to deploy for 50 machines. A customer has around 6,000 endpoints, and I have also deployed for only 50. It depends upon the customer. 

What about the implementation team?

We are a team of two. I and my colleague do the deployment. 

It definitely needs upgrade, fine-tuning, and exclusions. No security product is 100% accurate, so we need fine-tuning. I am responsible for the maintenance for our clients. They have something called an Annual Maintenance Contract (AMC). Every quarter, I need to do a health check of their endpoints. After that, I send a report to them about the fine-tuning findings and the fine-tuning steps that need to be performed.

What was our ROI?

Our clients have definitely seen ROI. They were attacked with ransomware, but CrowdStrike blocked it. They reported to us, and we reported to CrowdStrike.

What's my experience with pricing, setup cost, and licensing?

CrowdStrike is more expensive than SentinelOne. Licensing works on the number of agents and the modules you buy. CrowdStrike has different modules, such as Falcon, Falcon Overwatch, Falcon Complete, etc. The pricing depends upon the module that the customer wants. They have different Incident Response (IR) teams, which are very expensive.

What other advice do I have?

We definitely need to move to the next-generation solutions because these days attacks are pretty intense, and the traditional antivirus solutions are not going to stop them. CrowdStrike gives a proper security block. It is a 100% protector. 

There was a customer who was impacted by ransomware. We put SentinelOne over there, and we were able to catch the file that their antivirus couldn't. These solutions are 100% reliable and definitely good for any company that wants their enterprise to be protected on the endpoints. 

I would rate CrowdStrike Falcon Complete an eight out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Sr. Consultant/Partner/Co-Founder at a tech services company with 1-10 employees
Reseller
Stops threats as they happen
Pros and Cons
  • "Sophos MTR will stop the threat as it is happening. Intercept X, which is a part of it, has the ability to roll back, so the attack is undone. And then the advanced edition of MTR lets me handle the threat by talking on the phone. I don't have to deal with it. I don't have to just go through emails back and forth. We don't have to pay extra for Rapid Response services. If something is happening, they're right on top of it."
  • "Once in a great while, an update fails."

What is our primary use case?

We use Sophos MTR for three of our customers, and we're proposing it for a fourth. We sell Sophos Intercept X Advanced with EDR and MTR Advanced. All of this is managed through Sophos Central and just integrated into the endpoint for both workstations and servers, so we see alerts, problems, and cases opened. 

What is most valuable?

Sophos MTR will stop the threat as it is happening. Intercept X, which is a part of it, has the ability to roll back, so the attack is undone. And then the advanced edition of MTR lets me handle the threat by talking on the phone. I don't have to deal with it. I don't have to just go through emails back and forth. We don't have to pay extra for Rapid Response services. If something is happening, they're right on top of it. And there are all the automatic features of the firewall that are interconnected with the endpoints. The firewall has the ability to isolate a compromised workstation and stop it from communicating anywhere on the network. It's called Synchronized Security and we implemented that everywhere we can. The firewall management and the endpoint management are all in the Sophos Central

What needs improvement?

I don't have really anything to offer as far as improvements. With every customer I can, I deploy Intercept X. It works. It protects the workstation. It protects the server. The client doesn't take a big hit in terms of performance on a workstation or server. The deployment is simple.

For how long have I used the solution?

I've been using Sophos MTR since it first became a product, so two or three years now.

What do I think about the stability of the solution?

It's cloud-based, it's a monitoring solution. Nothing MTR does affect the workstation. It's the antivirus scanning agent that is called Sophos Central Intercept X. That's what's on the workstation. Once in a great while, an update fails, but by and large, it's rock solid. We've had no problems with it compared to some of the other products that we're trying to get customers to move away from as renewals fall off. Again, I won't mention the product, but I've got a customer with 900 plus workstations, and I can say for quite a bit of money, she'll just consider changing. But so far she hasn't been able to find the bandwidth to change.

What do I think about the scalability of the solution?

As far as we know, it has unlimited scalability.

How are customer service and technical support?

The MTR tech support has been phenomenal.

How was the initial setup?

The setup is literally nothing as long as you're using Intercept X on the endpoint as well as the Intercept access to Sophos Central Intercept X that is installed and running on each of your workstations servers and workstations. And those are managed from within the Sophos Central Cloud. If you don't have that, then there would be a lot of setup. But if you're already a Sophos Central customer, engaging with MTR is basically just accepting the contract. It's really nothing more than that.

What's my experience with pricing, setup cost, and licensing?

It competes very well with other similar products. One of the Sophos products I put in for a customer was two and a half times less expensive than the competing product. 

What other advice do I have?

I would rate Sophos MTR as a 10 out of 10 based on my experience with customers.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Managed Detection and Response (MDR)
July 2022
Get our free report covering Dell Technologies, CrowdStrike, Arctic Wolf Networks, and other competitors of SentinelOne Vigilance. Updated: July 2022.
622,645 professionals have used our research since 2012.