Buyer's Guide
Managed Detection and Response (MDR)
November 2022
Get our free report covering CrowdStrike, Bitdefender, SentinelOne, and other competitors of Sophos Managed Threat Response. Updated: November 2022.
653,522 professionals have used our research since 2012.

Read reviews of Sophos Managed Threat Response alternatives and competitors

Team Lead for Global Security at a non-tech company with 201-500 employees
Real User
Top 5
Great threat intelligence with a healthy MDR response time and excellent SLAs
Pros and Cons
  • "As an end-point solution, nothing beats it, to be honest."
  • "Their UI is a bit noisy."

What is our primary use case?

This is their XDR/MDR service offering. Basically, we used it as our endpoint EDR software. We also leveraged their MDR services to outsource any SOC duties for threat detection and containment. 

We used it in conjunction with LogicHub to have some SOAR capabilities for specific use cases in our environment, which was very useful. It really reduced time for our analysts to do simple detections or things that are triggered for basic automation rules based on a threat instance. 

We used it as a vulnerability dashboard for endpoint management. We deployed the agent in 95% of our endpoints.

It worked much better as an endpoint management tool, like for vulnerability management to track vulnerabilities. It's more about trust and verification rather than relying on the IT Ops team to give us regular reports on the vulnerabilities on the endpoints. 

We relied on the CrowdStrike system to provide evidence to the IT Ops team for patching things that were not really patched. It really worked well for third-party patch management. It's not labeled for that use. However, it worked really well and really helped our patch management initiative with 24/7 coverage for all our endpoints.

We used the quarantine feature as well a few times. We did a trial for it. 

As an end-point solution, nothing beats it, to be honest.

What is most valuable?

Their threat intelligence is very good. Their MDR response time and the SLAs they have with their MDR SOC team are very good and responsive. Those two have saved us from breaches a few times in my previous role, so it's proven pretty valuable.

What needs improvement?

The only thing is you have to pay for it, and it's on the expensive side. That's the one thing with any of these services. It also rates highly on the Gartner scale, so obviously, pricing is a bit high.

Their agent is a bit finicky for Mac devices. It works great once you get it working, however, it is a bit finicky to get it deployed across the board. It's not CrowdStrike's fault for the Mac thing, it's just the way Mac is, even though it's not a big concern. 

Their UI is a bit noisy. They have too many sections and they have too many components. It's hard to get all that data into one dashboard, and Falcon Complete has multiple dashboards. It gets a bit cumbersome, that's the only area I would focus maybe a little bit.

Other than that, we didn't really hit any roadblocks, to be honest.

For how long have I used the solution?

I used it in my previous role for about three and a half years.

What do I think about the stability of the solution?

The stability is very good. 

What do I think about the scalability of the solution?

Scaling is very easy. We had over 4,000 systems, and we had them installed in AWS servers. Scalability and installation-wise, it is super easy.

How are customer service and support?

Support has been very good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I've also used Sophos, those guys are very similar.

How was the initial setup?

Installation is very easy.

Once it's installed, we have a team of four that can handle maintenance duties. SOC operations and IT operations can handle deployment and maintenance tasks. 

What about the implementation team?

IT Ops helps with the installs and they do some of the installs themselves.

What's my experience with pricing, setup cost, and licensing?

I cannot recall the exact pricing of the solution. 

The pricing is fair for what it is. They do provide good service, and the threat intelligence engine is really awesome. I would rate them 4.5 out of five in terms of affordability.

What other advice do I have?

We are just customers and end-users.

What you have to do with any type of endpoint management solution is look at the effort that's required to deploy any solution. I'd recommend new users do a POC for sure in the beginning. And then, based on the POC, always try to negotiate pricing. Definitely do as long as a POC as you can, proof of concept, and see if the solution meets your environment's needs.

I'd rate the solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Managed Detection and Response (MDR)
November 2022
Get our free report covering CrowdStrike, Bitdefender, SentinelOne, and other competitors of Sophos Managed Threat Response. Updated: November 2022.
653,522 professionals have used our research since 2012.