Coming October 25: PeerSpot Awards will be announced! Learn more
Buyer's Guide
EDR (Endpoint Detection and Response)
September 2022
Get our free report covering Microsoft, Trend Micro, Trellix, and other competitors of Symantec Endpoint Detection and Response. Updated: September 2022.
635,162 professionals have used our research since 2012.

Read reviews of Symantec Endpoint Detection and Response alternatives and competitors

Mohammad Ali Khan - PeerSpot reviewer
Director at Pacific Infotech UK ltd
Real User
Top 20
Automatic remediation and rollback help us minimize the number of technicians needed to support customers
Pros and Cons
  • "It has a one-click button that we can use to reverse all those dodgy changes made by the virus program and bring the system quickly back to what it was. That's one of the most important features."
  • "Another valuable feature is that if a machine is infected, one that may infect other computers within the network, we have the capability of segregating that machine in the network so that it remains connected to the internet but is cut off from the other machines in the network. That helps prevent spreading of the infection. That's a very unique feature, one I have not seen in the last 10 to 15 years from any other antivirus program. That's amazing."
  • "One of the areas which would benefit from being improved is the policies. There are still software programs where we need to manually program in the policies to tell the system, "This program is legitimate." Some level of AI-based automation in creating those policies would go a long way in improving the amount of time it takes to deploy the system."

What is our primary use case?

We are a managed services provider. We are not just using it for ourselves, but we are also supporting it and deploying it for a number of our customers.

The primary use case is that it's endpoint protection software and we use it to protect our end customers' endpoints, whether they are Apple or computers, laptops or servers.

SentinelOne is software as a service, but it has an agent that has to be installed on a computer or a server onsite.

How has it helped my organization?

Its Behavioral AI recognizes novel and fileless attacks and responds in real-time. What that means is that we have better confidence. For example, a number of users use USB drives which they bring from home. While we have a lot of customers where we have actually restricted the use of external USB drives, there are certain customers where we cannot restrict that use because of the way they run their businesses. The result, for them, is that there is a constant fear that at any given point in time, an infected USB from someone's home computer can actually infect the whole lot of computers within the corporate environment. But having SentinelOne means we have a certain level of peace of mind, so that even if something completely new tries to enter the network or the system via a USB drive, for example, it doesn't matter. The system will detect it and kill it. There is a level of protection which we never felt before using SentinelOne.

As a managed service provider, the most important thing is that the more secure a customer's network is, the less time our team will spend trying to fix issues. One of our customers is a prestigious hotel in London, and they were struggling, literally battling, with a virus that had infected their network of about 90 computers. Whatever we could have done, and all their previous IT company could have done, could not have eliminated that virus. Even if you completely formatted a computer, it kept coming back. The only way we were able to clean that whole network up and stabilize the environment was when we brought in SentinelOne. Before that it was Symantec, and Symantec couldn't do anything to control that infection. But SentinelOne brought in such stability, that since we introduced it into that network about one-and-a-half years back, not a single report has come in of any infection there.

Also, when we have to report on attacks to a customer, the customer always asks us for the root cause analysis. It is very important for us to understand the behavior and to find out where that infection came from and what it initially did so that we can look at that behavior and try to prevent it from happening again elsewhere. SentinelOne helps us in doing the root cause analysis and reporting back to our customers. It gives us insight into where a problem started and how it propagated into the system. Tracking the history of the virus' actions gives that insight, which is very important. Otherwise, there is no way to create a root cause analysis report for a security breach.

The automatic remediation and rollback in Protect mode, without human intervention, is already enabled on almost all of our computers. That helps us minimize the number of technicians we need to work on things. Automatic remediation is a policy which we enable when we deploy the system, which means that a lot of things happen automatically. And from our side, we only keep an eye on the dashboard. That means that we need fewer technicians to support the system. It provides support itself through that functionality.

Overall, SentinelOne has reduced our incident response time, absolutely. In our case, it's particularly true because we have remote teams working from remote offices. With SentinelOne, we don't need to send someone onsite because we can see a lot of things from a single pane of glass on the dashboard. And if there is a problem, we can do all the troubleshooting, and working on that incident, remotely. So it has definitely improved the way we have provided cybersecurity to our customers.

And it has reduced our mean time to repair by more than 60 percent. Previously, when we were using other solutions, we had to do a lot more work.

The solution's automation has also increased analyst productivity. The effect is significant in the sense that the amount of time our analysts used to spend on security has been reduced. These days, they only have a look at the dashboard which is open on one of the screens in our office. They just keep an eye on that and as long as it shows everything is green, they don't even bother drilling down and looking at other stuff. It's only when they see an alarm coming up that they jump in and look at it. That was never the case before. Before, they were remotely accessing computers and working on them and trying to fix issues. That has become a thing of the past since we started using SentinelOne.

What is most valuable?

It's artificial intelligence-based software. The best part is the fact that it doesn't necessarily rely on definitions, like other software. For example, Symantec, AVG, Avast, and Kaspersky, traditional antivirus software, rely on virus definitions. So every now and then, if there is a virus infection, they will compile a new set of virus definitions and push it to the local agent so it will know that this virus exists and that it should keep an eye out for it. 

These traditional software solutions have small levels of functionality that may help them to identify if there are any dodgy activities within the computer. They would then try to mitigate those, but only to a very limited extent. With SentinelOne, that's not the case because it basically has its own intelligence to identify any dodgy behavior within the system. As soon as SentinelOne detects anything which is not right, it will start tracing the changes being made. And because it's centrally controlled, it will give the controller team an early indication that there is something wrong and that we need to fix it. Not only that, but it will block it and keep track of it for mitigation.

We also use the solution’s ActiveEDR technology. Because it's an agent-based system, it is monitoring internally. It's not that the central system is doing it. It's keeping an eye on the functioning of the endpoint itself. If the endpoint is functioning properly, it will sit behind the scenes and not do anything at all. As soon as it sees any malicious activity within the system, that's where it's triggered. The artificial intelligence part of the agent is able to differentiate what activity can be considered malicious and what activity can be considered normal. And that's big. It's something that cannot happen without that kind of intelligence in place.

It has a one-click button that we can use to reverse all those dodgy changes made by a virus program and bring the system quickly back to what it was. That's one of the most important features.

Another valuable feature is that if a machine is infected, one that may infect other computers within the network, we have the capability of segregating that machine so that it remains connected to the internet but is cut off from the other machines in the network. That helps prevent spreading of the infection. That's a very unique feature, one I have not seen in the last 10 to 15 years from any other antivirus program. That's amazing.

We have used it on Mac and we have used it on Windows. We have seen a good level of protection, because since installing it for those of our customers who have taken it, not a single report of a breach has come out. I feel very strongly that the system is quite capable.

What needs improvement?

One of the areas which would benefit from being improved is the policies. There are still software programs where we need to manually program in the policies to tell the system, "This program is legitimate." Some level of AI-based automation in creating those policies would go a long way in improving the amount of time it takes to deploy the system. 

There is also a bit of room for improvement in the way SentinelOne is deployed. Right now we push it, but a lot of the time the pushing doesn't work. So we have to log in to each computer and do a manual install. That area would help in making the product stronger.

For how long have I used the solution?

We have been using SentinelOne for about two-and-a-half years.

What do I think about the stability of the solution?

It's very stable. I have not seen it crash, nor have I seen any other problems.

How are customer service and technical support?

I have not used their technical support. My engineers have used it, and their feedback about the support has been good so far. I don't think they have had complaints.

How was the initial setup?

The initial setup is straightforward. But when deploying it to 100 or 200 or 300 machines, pushing it is easier than logging on to each machine and doing it manually. But sometimes, pushing doesn't work and doing it manually takes a little bit more time. But that's a one-off exercise.

We don't have much of an implementation strategy for the solution. As an MSP, there are a lot more things going on, day-to-day, than just dealing with SentinelOne. But for deployment, I get my boys to log on to a customer's systems, do the push, and then whatever does not work through push deployment, they install manually.

For maintenance of SentinelOne, we only have two engineers who look at it on a day-to-day basis. We don't need any more than that. In terms of deployment, it depends on the size of the deployment. If it's a 100-user deployment, we would have a team of three or four who would do it over a few days' time.

What was our ROI?

The return for us is that it has reduced the manpower we require.

What's my experience with pricing, setup cost, and licensing?

Pricing is a bit of a pain point. That's where we have not been able to convince all of our customers to use SentinelOne. The pricing is still on the higher side. It's almost double the price, if not more, of a normal antivirus, such as NOD32, Kaspersky, or Symantec.

I understand that these are not similar products, but for a customer who has a certain amount of money to pay for an antivirus, they can only spend so much. That's where it becomes hard to convince them to pay double the price for endpoint security.

That is the only feature of this product which causes us to step back and not be able to deploy it for absolutely every customer we have. We would love to, but obviously if the customer doesn't have the budget to pay for it, there is not much we can do.

If they can somehow bring the prices down, that would massively help in bringing this to a lot more customers.

Which other solutions did I evaluate?

We looked into other solutions, but not as deeply as we went into SentinelOne. Because we liked SentinelOne so much, we just stopped there. And we already had experience with the likes of Malwarebytes, Symantec, and AVG. This was a far superior product.

I haven't had a chance to take a deeper dive into Carbon Black, but that is something I have been told is comparable to SentinelOne.

One of the things which attracted me to SentinelOne was the fact that it is the only product which is tied to the SonicWall platform, and we use the SonicWall platform a lot. A lot of our customers have SonicWall firewalls. Having a combination of SonicWall and SentinelOne provides an end-to-end security arrangement with products that are integrated with each other.

What other advice do I have?

Go for it. It's an absolutely brilliant product. But understand what it is before starting to deploy. Unless you understand the product, you will not know how to use it to the best of its best capabilities.

The solution's Behavioral AI works with and without a network connection, providing the internal protection. But having that network connection is important because it will then be able to report it to the central dashboard. While it will do what it has to do locally, it's helpful when the agent reports back to the central dashboard so that the IT Admin can take action. It is important that the systems remain connected to the internet.

But overall, the Behavioral AI is amazing. It's something very new in the market. The way SentinelOne works and the way it is set up, I haven't been more impressed by any other product. It is a step forward in security.

We have 400 to 500 endpoints using SentinelOne at the moment, and all those customers are happy. We are happy that they're using it, because it helps us secure their network better than what they had before. We have it on laptops which have been given to home users, on computers in offices, on servers in computer rooms. They all have SentinelOne and we are happy with the level of protection that it offers.

Moving forward, with every customer whose antivirus is coming up for renewal in our portfolio, we are recommending getting rid of Symantec and other products and taking on SentinelOne.

It's very effective and it's improving by the day. In the last two-and-a half years I have seen that the way it detects and the way it mitigates threats are constantly improving. It's a very effective solution.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
President at a tech vendor with 1-10 employees
Reseller
Top 5
Great reporting and good training with a pretty straightforward setup
Pros and Cons
  • "The updates and a lot of the day-to-day fiddling that you would have to do with it, can all be done from the cloud so it's easy to manage, and very easy to administer."
  • "The number one thing I would like is if their support could be a little faster and it would be a little easier to get a hold of support when you need them."

What is our primary use case?

We primarily use the solution for malware protection.

How has it helped my organization?

Without a doubt, this product has helped our organization. We've been deploying Sophos Firewall for probably 15 years now. We haven't had a lot of trouble, and prior to using the Sophos product, we were using a lot of Symantec products and occasionally some others. We have not had a lot of problems with infections. By that I mean, if we had three attacks over the 15 years I'd be kind of surprised, That's usually due to the fact that somebody was doing something stupid. Otherwise, we've been very well protected. Basically, if a lot of people are looking maliciously at any of our clients, they aren't getting very far.

What is most valuable?

The reporting is pretty good up on the Sophos side. We can see if anything's going on, at least from Sophos' perspective. 

The updates and a lot of the day-to-day fiddling that you would have to do with it, can all be done from the cloud so it's easy to manage, and very easy to administer. 

Occasionally, we do get noticed, however, we don't always get noticed, and I sometimes wonder is that just due to the fact that our client computers are tough to get at? We also deploy the Sophos Firewall on client sites, and it's relatively difficult for a bad guy to get in there.

We've been happy with it and we've been happy with the training that Sophos has. They keep us up to date on any changes that the solution has.

What needs improvement?

I don't know how many infections this protected us from. It might be nice to have a view of what has come at us. You're blocking certain types of traffic. It's not malware per se. You would get a message for this, however, you never really know if this was really a bad guy or just some 16-year-old who knows computers.

There's always room for improvement in pricing. 

From a corporate perspective and from a customer perspective, switching is very difficult to do. It's not an easy task. 

The number one thing I would like is if their support could be a little faster and it would be a little easier to get a hold of support when you need them.

I would like to see a templated selection of items that ought to be implemented, that right out of the gate, you can just turn on. This is what we recommend for standard workstations that are running under normal circumstances. It's not that you can't have a template in there. You can create your own template and stuff like that, however, they haven't yet spent a whole lot of time figuring out if you're in the, I don't know, medical business and you need HIPAA and you need this and that, these are all the standard things you ought to deploy. It would be ideal if you could just flip the switch, and it turns them all on.

Also, after you've turned this stuff on in mass like that, you sometimes don't immediately know what the problem is if they all of a sudden can't talk to vendor X. Like in banking, they get a lot of offsite services. You should be able to say "Okay, so I blocked them somehow with one of these things. I don't know which one it is, Help me find it so I don't have to turn everything off." Otherwise, I've got to turn off the whole thing and switch them on one by one, which is time-consuming.

For how long have I used the solution?

I've been dealing with the solution for a year and a half. The company has been deploying Sophos for 15 years or so.

What do I think about the stability of the solution?

Thinking back on it, we only ran into maybe one bug in the whole time we've used the product. One time, when we upgraded Windows, it wasn't compliant and I remembered that my business partner told me that he had to go to Sophos for help. They quickly resolved the problem.

We've had very few issues. A company should not fear installing it. It's pretty reliable.

What do I think about the scalability of the solution?

Our clients are all small businesses generally. The solution seems to be quite easy to scale in the market that we serve, which would be up to a hundred or so users. We haven't had any problems, however, I haven't deployed it for 10,000 users -which would be a totally different thing. Therefore, while it scales well for small businesses, I can't speak to how it would scale at an enterprise-level.

We do work with a university, and we do some work with a couple of different school districts in the San Diego area. We do some consulting for all three of those. If they asked us to recommend a product, we do recommend a product like this and we help people out with that sort of thing.

How are customer service and technical support?

Technical support could be faster. We can't really get a hold of them when we need to. They really need to improve their services.

Issues get resolved quick enough. However, there are just issues that cause a lot of unnecessary back and forth. For example, we had a client for who we had installed a temporary license for Intercept X, and then subsequent to that, when we tried to put on the real license, bought it, paid for it, got the key, tried to plug it in, that worked fine. However, all of a sudden it started telling us it was having problems with the temporary license, which was supposed to have been replaced. That was a back and forth. It really took us about two weeks to get that resolved with them. Not a huge problem, not causing alarms that people were getting in, that shouldn't get in, however, I kind of thought somebody would get back to me in a day or two. It didn't take them two weeks to get back to me, but there was a fair amount of back and forth about how to resolve this.

I would say that the quality of the support when you talk to them is very good. I would rate that a nine out of ten. That said, the lack of availability at times of support is concerning, particularly if we were to have an ongoing hack. Sophos now offers a service where they will jump in there for quite a large fee and mitigate everything quickly. However, when you already have bought a product that's supposed to be doing that same job, it seems strange they would charge you again to actually do the job.

Having talked to some of those guys on the tech side, they are extreme. Those guys on that side are super knowledgeable and they can jump in there quickly and check a lot of things way faster than I could ever do it, simply due to the fact that they're so much more familiar with the product and with the way that attacks run.

I don't see them every day so, even though I go to training and I watch it on the training and so forth, it's not something that I fiddle with all the time. I simply don't need to, which is great. It keeps me a step removed from it.

Which solution did I use previously and why did I switch?

We previously used Symantec among other products.

Symantec has changed a lot over the last 10 years. They used to be a totally different company. We were not only concerned about the product and the quality of the product and the availability of support and all of these sorts of things at first. However, they were also beginning to fall behind in terms of their technical capabilities on their product, and then we also already had a relationship with Sophos because of the firewalls, so it was a natural transition away from Symantec.

We were deploying the UTMs or what they call the SG line, and they've subsequently come out with the XG line, and if you have their cloud-based management solution, you can manage the XG line of firewalls with Intercept X, and they can look at each other's data and make decisions, AI kinds of decisions, or just scripted decisions, based on what the other is finding. It's much more advanced.

How was the initial setup?

The initial setup isn't too difficult. Once you learn it, it's pretty straightforward.

There is a learning curve, and if you haven't learned it, and I would assume this is the same with anybody's product, then you're not really sure what options you want to enable and not enable and so forth. If you turn on too much stuff, let's put it that way, your end user's computer ends up running slowly. You have to be smart about what you're doing.

What's my experience with pricing, setup cost, and licensing?

It doesn't have every function that's out there in the universe. However, it's really quite good and it's a reasonable value for the money compared to some of the alternatives that I've seen. However, I'm not super familiar with the alternatives. I know their names, I kind of know what they do, I read the reviews on your site and others, and we're always looking at it, however, I haven't really studied them.

What other advice do I have?

We're Sophos partners and resellers.

We always deploy the latest version of the solution. We deploy the Intercept X Advanced with EDR.

All the management is done through the cloud. Then there's a client piece you put on, on-premises. We do the management through the cloud and we put the client piece on the premises.

I like a lot of the things that Sophos is doing. They didn't have one this year, however, they have an annual conference, and one of the things they had done, this was right before they got bought by this other company, is they had hired a lot of really top talent. These guys, when I was at the conference for a few days, just listening to them talk, you're mesmerized with how sharp and bright these guys are and what they're adding into the program. Not to say that others aren't getting some of this stuff too, however, it was really impressive. You felt like they had it together. You trust that by sticking with these guys, you're absolutely going to have minimal, to no issues at all.

I'd recommend the solution. It's a really good product. I realized that there are other good products out there and it's not that other companies shouldn't take a look at other products. However, it works, it does what it's supposed to do, and, once you learn it, it's easy to manage and the link to the firewall is really good and a great idea. It's smart to implement a single plan across people's networks. It just makes a lot of sense.

Overall, I would rate the solution nine out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Adam Shusterman - PeerSpot reviewer
Cyber Security Engineer at a legal firm with 501-1,000 employees
Real User
The cloud-based management console is easy to maintain and takes a load off our hands
Pros and Cons
  • "It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably."
  • "There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it."

What is our primary use case?

We are using it primarily for NGAV, but we also use their EDR product and Falcon OverWatch.

Most of our internal stuff is still on-prem. We do use SaaS for vendor products, but our internal environment is still mostly on-prem.

How has it helped my organization?

I think everyone is trying to move away from on-prem solutions. Having the cloud-based management console makes it a lot easier to maintain. It takes a load off our hands as engineers and analysts. It helps with upgrades and patching, I don't have to worry about on-prem servers for maintenance, but also as another thing to defend against, so getting rid of that is definitely beneficial.

As a cloud-native solution, it provides us with flexibility and always-on protection. I don't have to worry about data center failures on my end. I don't have to worry about any issues in our server rooms affecting the protection of the environment as a whole. Having CrowdStrike take that responsibility is a load off our backs.

Falcon has been very successful in preventing breaches. In the beginning, there were a lot of false positives as Falcon learned our environment, but I would definitely give it a positive rating overall for protecting our environment.

What is most valuable?

The NGAV portion is the most valuable feature. The primary reason that we went with the product was their reputation. In practice, it has been a definite step up from where we were previously.

We are using Falcon Investigate, which is their EDR tool. The EDR has made it infinitely easier to investigate into more detail on end user workstations and servers. Any sort of detection where I can go back into the EDR tool and dig down deeper into the endpoint is great. This was a function that we did not have previously.

What needs improvement?

There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it.

For how long have I used the solution?

I have been using it less than a year. We are relatively new customers.

What do I think about the stability of the solution?

My impressions of the stability are positive. I haven't had any problems since implementation with stability or availability.

Minimal maintenance is required on our side post-deployment, but it still does require maintenance. If I have to build out new groups or a troubleshooting group, e.g., tweaking policies if machines change subnets, then there is still maintenance required.

All post-implementation maintenance and administration is handled by a single security engineer.

What do I think about the scalability of the solution?

We are a relatively small firm, but I have had no problems in my deployment plans. I could easily see this scaling upwards.

In total, we are protecting roughly 1500 endpoints.

How are customer service and technical support?

They have been very on point and helpful. I have never had to ask them where they are. They are always following up with me trying to keep the tickets live, so that is great. I have been very impressed.

Which solution did I use previously and why did I switch?

We replaced Symantec Endpoint Protection. On the one hand, we wanted a fully NGAV. Symantec was still using a hybrid model, a mix of signature-based and behavioral-based detections, so moving over into a full NGAV product was important to us. We wanted to stay up to date on the ever changing nature of malware, especially since we have been seeing more malware nowadays that can evade strictly detection-based systems. Also, Symantec support was very hard to track down or talk to. All in all, CrowdStrike has been more responsive to any questions or concerns, which is big when you are dealing with vendor solutions.

Fortunately, we have not experienced any major detections. However, testing-wise, CrowdStrike has been more effective overall.

How was the initial setup?

Deployment was pretty easy. We scripted out a process in GPO, then we were able to deploy it fairly seamlessly.

We managed to deploy it to all our servers within a week or two. That was mostly due to getting clearance from server owners, not due to the CrowdStrike installation. Then, for the workstations, it was a bit longer just because of office locations and when people had their computers on. The CrowdStrike process was very smooth. It was really just the bureaucracy part that took a while.

We had to change management protocols. We put it out to dev servers and workstations in detect-only mode as we deployed CrowdStrike to endpoints that had a preexisting AV system still on them, in order to avoid any time where a system would not be protected by an antivirus system. So, we deployed CrowdStrike, then disabled the previous antivirus system and activated CrowdStrike's prevention policies, then uninstalled the previous antivirus system.

What about the implementation team?

Four or five people were involved in the deployment: a security engineer, two workstation engineers, and various server owners.

What was our ROI?

It is protecting our environment, so it is worth the cost.

It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably.

What's my experience with pricing, setup cost, and licensing?

The pricing was very fair for what we got.

Different components are additional price points. We got the components that were right for us, but other organizations may require more (or less) components to suit their needs.

Which other solutions did I evaluate?

CrowdStrike is an industry leader. When we were looking for a replacement technology for NGAV, their name was on the top of a Google search.

We did a PoC with CrowdStrike. We deployed the PoC only to a select group of test machines, so we were able to deploy rather quickly. The PoC helped immensely in the decision-making process.

We did evaluate Cylance and Carbon Black. All the products that we investigated looked good. In the end, we went with CrowdStrike because of: 

  1. The reputation of the organization in the AV community.
  2. Its out-of-the-box readiness. 
  3. Ease of maintenance and administration.

What other advice do I have?

Take the time you need in the beginning to fully build out all the groups and prevention policies that you will need. It may take a bit longer during the initial setup, but it is worth it in the long run because it makes maintenance down the line much easier than having to build new groups or prevention policies as they come up. Definitely take the time needed in the beginning. Then, later down the road all you have to do is check some boxes, as opposed to building out brand new groups and prevention policies, which can take awhile.

In the beginning, there will be a bunch of false positives as it learns your environment. However, those are very easily handled within the UI, creating IOA or machine learning exceptions. With our previous solution, we had a couple hundred exceptions, and with CrowdStrike, we have six or so.

CrowdStrike has fulfilled its function very well. We got it specifically to serve the purpose that it is serving.

It is a solid nine out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SimonClark - PeerSpot reviewer
Cyber Security Advisor - Director at Fort Net UK
MSP/MSSP
Top 5Leaderboard
High-quality threat intelligence, including encryption and mobile device protection
Pros and Cons
  • "The nice thing about Bitdefender is that it has modules and layers that you can add as the requirement becomes more sophisticated and dangerous or threatening."
  • "The one thing I'd say about their complete MDR product is that it's too expensive, which is why I prefer to use an alternative SOC and integrate Bitdefender to a different SOC on their own."

What is our primary use case?

We offer Bitdefender GravityZone Ultra to our clients. GravityZone Ultra has features such as encryption. I can do anything from their simple core, which is just antivirus, to their complete MDR product if necessary. However, what I usually do is install core plus ATS with encryption and then integrate that with the SOC service so that you only have to look at the SOC interface to monitor the Bitdefender logs. Essentially, it streamlines the SOC.

It's a product from EDR. We are monitoring endpoints for malicious code. It's a basic antivirus. We are also looking for day-zero attacks and for anomalous behavior as well. That's it, ostensibly.

What is most valuable?

It's a very comprehensive product. I like the fact that Bitdefender is used by about 38% or more, of other security vendors is another type of tick box that lends credibility.

What needs improvement?

If we're simply looking at endpoint monitoring, I think the problem is that your basic antivirus, your standard anti-virus, is woefully inadequate.

If you think about small to medium-sized enterprises, my concern is that if they ask for guidance, they'll be told to turn on antivirus. They'd presumably get McAfee or Norton or something similar as an antivirus program. Then they'll probably be told to turn on their Microsoft Defender firewall and not do much else. That is a very dangerous position to be in, because, as we all know, phishing attacks are becoming increasingly sophisticated. They get past people's perimeter defenses, and the staff is deceived into clicking on them, putting them in danger. There are numerous techniques to consider.

Small businesses can get a complete security package from me. It has six layers of security, including Bitdefender's antivirus and encryption, as well as interaction with a security operations center. There are more levels to it, but those three are critical since most antivirus programs, even those from businesses like Sophos and McAfee, and less so from Symantec, appear to have changed who they want to market to at the present.

All of those firms are dreadfully short, whereas Bitdefender if you look at the marketing and blogs and technical stuff that Bitdefender releases on a daily basis, is far superior. Bitdefender is producing extremely high-quality threat intelligence. And if you look at Gartner's right-hand side of the Quadrant, Bitdefender is currently rated as their best endpoint security product, according to Gartner.

The one thing I'd say about their complete MDR product is that it's too expensive, which is why I prefer to use an alternative SOC and integrate Bitdefender to a different SOC on their own.

More integrations are always beneficial.

For how long have I used the solution?

I have been dealing with Bitdefender GravityZone Ultra for two years.

It could be either cloud or on-premises. In fact, I just sold a Bitdefender solution that includes protection for their mobile devices. As a result, Bitdefender for their workstation is cloud-based. Bitdefender for their mobile must be an on-premise device appliance.

What do I think about the stability of the solution?

Bitdefender's stability has never been an issue for me. That's not to suggest other companies haven't had issues, but I haven't had any.

What do I think about the scalability of the solution?

In terms of scalability, I've installed it on companies as small as two people and as large as hundreds of people. In my opinion, it scales perfectly well. The nice thing about Bitdefender is that it has modules and layers that you can add as the requirement becomes more sophisticated and dangerous or threatening.

How are customer service and support?

We handle the majority of tech support. I have firsthand knowledge of it. They're responsive, intelligent, and generally good.

Which solution did I use previously and why did I switch?

I have prior experience with the Cisco Secure Endpoint product, that's true, but it's a little rusty. I previously worked for Cisco. I'm familiar with AMP and AnyConnect, as well as their various solutions. However, it is most likely out of date.

I deal with numerous other vendors, Bitdefender in particular, but also with certain other managed service providers that offer entire solutions. In addition, I offer a managed secured operation center service to my clients. Within my experience, I have my own service as well as merchandise from other suppliers.

How was the initial setup?

Its implementation is straightforward. It's very simple. I'm going through a setup at the moment, although, I am not the technical guy who does it, I know the feedback is that it's very simple.

I'm installing it on about 250 endpoints for a company, and I expect it to be available in two days.

What's my experience with pricing, setup cost, and licensing?

The pricing is competitive.

I offer it in two forms. I either sell it as an annual license, which is fine if consumers want it that way, or as a managed service.

I can purchase a Bitdefender license as a managed service, which allows me to take responsibility for monitoring and maintaining it on behalf of my clients. They have both models at their disposal. 

They have a choice in terms of licensing fees. They can purchase it as a managed service on a monthly subscription basis, or they can purchase an annual or three-year contract, as I do. It makes sense. When you sign a three-year contract, the price drops, and it doesn't make sense to replace an end-point solution every 12 months. It's a great deal if you buy it through me.

What other advice do I have?

Yes, I would recommend this solution to others who are interested in using it.

I would rate Bitdefender GravityZone Ultra a ten out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
David Alfonso - PeerSpot reviewer
Cybersecurity Analyst & System Engineer at Compucare Systems Inc
Reseller
Top 10
Reliable protection that never fails, reasonably-priced, with knowledgeable and responsive support
Pros and Cons
  • "It never fails. Bitdefender always catches all of the viruses that have been detected on customer sites."
  • "The mobile version needs improvement."

What is our primary use case?

We are an MSP company and we provide IT support to hospitals, lawyers, and small businesses.

We protect them using GravityZone EDR solutions. 

It prevents cyber-attacks and monitors the protection status for the service stations.

What is most valuable?

The most valuable feature in Bitdefender is that they continue to update features, and they are very novel as well. 

They have strong ransomware protection.

They have a strong signature detection for malware, and that's why we love Bitdefender and have been using it for all of these years.

It never fails. Bitdefender always catches all of the viruses that have been detected on customer sites. It's very good.

What needs improvement?

The mobile version needs improvement. The graphics for the mobile client is very old, but the rest is fine.

For how long have I used the solution?

We have been using this solution for approximately four years.

We are using the cloud-based version, which is always up to date.

It's agent-based with servers or stations.

What do I think about the stability of the solution?

It is very stable, actually. It's up-to-date at every moment.

They do maintenance on the cloud-Based version all of the time. 

They bring new features every three months, and they update the signatures of the viruses, every minute, which is a very important step.

What do I think about the scalability of the solution?

It's a scalable product.

How are customer service and technical support?

Technical support is very knowledgeable. 

You open a ticket with them and they reply to you within two hours. 

They provide you the information you need to solve the issue, and if needed, they also provide remote support.

Which solution did I use previously and why did I switch?

Previously, we used Symantec, and we switched to Bitdefender for the features they have, and strong protection against the new threats.

We had Symantec, and we had an issue with a virus that Symantec did not detect and Bitdefender did. So that's why we switched. It was ransomware at that moment.

How was the initial setup?

The initial setup was very easy. 

You can install the agents and it synchronizes the cloud base and the Active Directory deployment. It's super easy to do cloud-based from the console.

What's my experience with pricing, setup cost, and licensing?

It's a very good price for MSP. It's cheaper than Symantec.

Which other solutions did I evaluate?

We will be switching from Bitdefender to SentinelOne in the near future.

What other advice do I have?

For anyone who is interested in using this solution, if they need cost-effective protection then Bitdefender is perfect.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Buyer's Guide
EDR (Endpoint Detection and Response)
September 2022
Get our free report covering Microsoft, Trend Micro, Trellix, and other competitors of Symantec Endpoint Detection and Response. Updated: September 2022.
635,162 professionals have used our research since 2012.