IT Central Station is now PeerSpot: Here's why
Buyer's Guide
EPP (Endpoint Protection for Business)
July 2022
Get our free report covering Trend Micro, Microsoft, Palo Alto Networks, and other competitors of Trend Micro Apex One. Updated: July 2022.
619,967 professionals have used our research since 2012.

Read reviews of Trend Micro Apex One alternatives and competitors

Information Security & Privacy Manager at a retailer with 10,001+ employees
Real User
Top 20
By using the Deep Visibility feature, we found some previously unknown persistent threats
Pros and Cons
  • "The Deep Visibility feature is the most useful part of the EDR platform. It gives us good insights into what is actually happening on the endpoints, e.g., when we have malicious or suspicious activity. We came from a legacy type AV previously, so we didn't have that level of visibility or understanding. For simplifying threat-hunting, it is extremely useful, where traditional techniques in threat hunting are quite laborious. We can put in indicators of compromise and it will sweep the environment for them, then they would give us a breakdown of what assets have been seen and where they have been seen, which is more of a forensics overview."
  • "The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do."

What is our primary use case?

Our use cases are for client and server visibility in our enterprise and operational technology environments, as EPP and EDR solutions.

How has it helped my organization?

Traditionally, we have had an open policy on endpoints in terms of what has actually been installed. We don't really centrally manage the application. So, we have had a sort of dirty environment. Now that we have SentinelOne with its advanced capabilities, this has enabled us to detect and categorize unwanted applications. It has given us a good foothold into the area of inventory management on endpoints when it comes to our applications as well.

One of the main selling points of SentinelOne is its one-click, automatic remediation and rollback for restoring an endpoint. It is extremely effective. Everything is reduced, like cost and manpower, by having these capabilities available to us.

What is most valuable?

The Deep Visibility feature is the most useful part of the EDR platform. It gives us good insights into what is actually happening on the endpoints, e.g., when we have malicious or suspicious activity. We came from a legacy type AV previously, so we didn't have that level of visibility or understanding. For simplifying threat-hunting, it is extremely useful, where traditional techniques in threat hunting are quite laborious. We can put in indicators of compromise and it will sweep the environment for them, then they would give us a breakdown of what assets have been seen and where they have been seen, which is more of a forensics overview.

From a forensics point of view, we can see exactly what is going on with the endpoint when we have threats in progress. It also gives us the ability to react in real-time, if it has not been handled by the AI. We have set the policy to protect against unknown threats, but only alert on suspicious ones. 

The Behavioral AI feature is excellent. It is one of the reasons why we selected SentinelOne. We needed a solution that was quite autonomous in its approach to dealing with threats when presented, which it has handled very well. It has allowed us to put resources into other areas, so we don't need to have someone sitting in front of a bunch of screens looking at this information.

The Behavioral AI recognizes novel and fileless attacks, responding in real-time. We have been able to detect several attacks of this nature where our previous solution was completely blind to them. This has allowed us to close gaps in other areas of our environment that we weren't previously aware had some deficiencies.

The Storyline technology is part of our response matrix, where you can see when the threat was initially detected and what processes were touched, tempered, or modified during the course of the threat. The Storyline technology's ability to auto-correlate attack events and map them to MITRE ATT&CK tactics and technique is very effective. By getting that visibility on how the attack is progressing, we can get a good idea of the objective. When we have the reference back to the framework, that is good additional threat intelligence for us.

Storyline automatically assembles a PID tree for us. It gives us a good framing of the information from a visibility standpoint, so it is not all text-based. We can get a visualization of how the threat or suspicious activity manifested itself.

The abilities of Storyline have enabled our incident response to be a lot more agile. We are able to react with a lot greater speed because we have all the information front and center.

The solution’s distributed intelligence at the endpoint is extremely effective. We have a lot of guys who are road warriors. Having that intelligence on the network to make decisions autonomously is highly valuable for us.

What needs improvement?

The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do.

For how long have I used the solution?

We have used it for around 10 to 11 months.

What do I think about the stability of the solution?

In the 11 months that we have had it, we have only had one problem. That was related back to a bug on the endpoint agent. So. it is very stable when I compare it to other platforms that I have used, like McAfee, Symantec, and Cylance.

Being a SaaS service, they take care of all the maintenance on the back-end. The only thing that we have to do is lifecycle the agents when there is a new version or fixes. So, it is very minimal.

What do I think about the scalability of the solution?

It is highly scalable. It is just a case of purchasing more licensing and deploying agents.

We have three global admins, myself included, with about 10 other administrators. Primarily, the way that we are structured is we have a client team and a server team. So, we have resources from each geographical region who have access to the solution to police their own environment on a geographical basis. So, we have three global admins, then everybody else just has a sort of SoC-based level functionality, which goes back to the custom role issue because this is too much access. 

How are customer service and technical support?

The technical support is very good. My only criticism is they are not very transparent when they are giving you a resolution to a problem. We have had several cases where we have had a problem that we have been given the fix for it. However, when we asked for background information on the actual problem, just to get some more clarity, it is very difficult to get that. I don't know if it's relative to protecting the information regarding the platform or a liability thing where they don't want to give out too much information. But, in my experience, most vendors when you have a problem, they are quite open in explaining what the cause of the issue was. I find SentinelOne is a bit more standoffish. We have gotten the information in the end, but it is not an easy process. 

When responding to fixing a problem, they are excellent. It is any of the background information that we are after (around a particular problem) that we find it difficult to get the right information.

Which solution did I use previously and why did I switch?

We were previously using Trend Micro Deep Security. The primary reason why we switched was that it is rubbish. It is a legacy-based AV. We had a lot of problems functionality-wise. It was missing a lot of things, e.g., no EDR, no NextGen capabilities, and it had interoperability problems with our Windows platform deployments. So, there was just this big, long list of historical problems.

We specifically selected SentinelOne for its rollback feature for ransomware. When we started looking into securing a new endpoint solution about 24 months ago, there was a big uptick in ransomware attacks in the territory where I am based. This was one of the leading criteria for selecting it.

How was the initial setup?

The initial setup is extremely straightforward. The nature of the platform has been very simplistic when it comes to configuring the structure for our assets and policies. Several other platforms that I have worked with are quite complex in their nature, taking a lot of time. We were up and running within a day on the initial part of our rollout. For the whole organization, it took us about 30 days to roll out completely in five different countries across roughly 20,000 endpoints. 

Behavioral AI works both with or without a network connection. We tested it several times during procurement. It can work autonomously from the network. One of our selection criteria was that we needed it to be autonomous because we have air gapped environments. Therefore, we can connect, install, or disconnect, knowing that we have an adequate level of protection. This mitigates certain risks from our organization. It also gives us good assurance that we have protection.

We had a loose implementation strategy. It was based on geography and the size of the business premises in each country. We started with our administration office, but most of our environment is operational technology, e.g., factories and manufacturing plants.

What about the implementation team?

We did the deployment ourselves, but we had representation from the vendor in the form of their security engineer (SE). We did the work, but he gave us input and advisories during the course of the deployment.

Three of us from the business and one person from Sentinel (their SE) were involved in the deployment of SentinelOne.

What was our ROI?

We saw a return of investment within the first month.

On several occasions, we found some persistent threats that we wouldn't have known were there by using the Deep Visibility feature.

The solution has reduced incident response time by easily 70 percent.

The solution has reduced mean time to repair by probably 40 to 50 percent. This has been a game changer for us.

Analyst productivity has increased by about 50 percent.

What's my experience with pricing, setup cost, and licensing?

We are on a subscription model by choice. Therefore, we are paying a premium for the flexibility. We would have huge cost savings if we committed to a three-year buy-in. So, it's more expensive than the other solutions that we were looking at, but we have the flexibility of a subscription model. I think the pricing is fair. For example, if we had a three-year tie-in SentinelOne versus Cylance or one of the others, there is not that much difference in pricing. There might be a few euro or dollars here and there, but it's negligible.

Which other solutions did I evaluate?

We evaluated:

  • Microsoft Defender for Endpoint
  • Cisco AMP for Endpoints
  • CylancePROTECT
  • Apex One, which is Trend Micro's NextGen platform.

The main differentiator between SentinelOne has been ease of use, configuration, and performance. It outperformed every single one of the other solutions by a large margin in our testing. We had a standardized approach in tests, which was uniform across the platforms. Also, there is a lot of functionality built into SentinelOne, where other vendors offered the additional functionality as paid add-ons from their basic platforms.

During our evaluation process, SentinelOne detected quite a lot of things that other solutions missed, e.g., generic malware detection. We had a test bed of 15,000 samples, and about 150 were left for SentinelOne. What was left was actually mobile device malware, so Android and iOS specific, fileless attacks, and MITRE ATT&CKs. SentinelOne performed a lot stronger than others. Cylance came second to SentinelOne, even though they were 20 percent more effective in speed and detection. The gulf was so huge compared to other solutions.

SentinelOne's EDR is a lot more comprehensive than what is offered by Cylance. They are just two different beasts. SentinelOne is a lot more user-friendly with a lot less impactful on resources. While I saw a lot of statistics from Cylance about how light it is, in reality, I don't think it is as good as the marketing. What I saw from SentinelOne is the claims that they put on paper were backed up by the product. The overall package from SentinelOne was a lot more attractive in terms of manageability, usability, and feature set; it was just a more well-rounded package.

What other advice do I have?

Give SentinelOne a chance. Traditionally, a lot of companies look at the big brand vendors and SentinelOne is making quite a good name for itself. I have actually recommended them to several other companies where I have contacts. Several of those have picked up the solution to have a look at it.

You need to know your environment and make sure it is clean and controlled. If it's clean and you have control, then you will have no problems with this product. If your environment isn't hygienic, then you will run into issues. We have had some issues, but that's nothing to do with the product. We have never been really good at securing what is installed on the endpoint, so we get a lot of false positives. Give it a chance, as it's a good platform.

I would give the platform and company, with the support, a strong eight or nine out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Sr. Security Lead at a healthcare company with 10,001+ employees
Real User
Enables us to see at a glance whether users have device control and disk encryption enabled properly
Pros and Cons
  • "The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that."
  • "Some of the filters for the console need improvement. There are alerts that show up and just being able to acknowledge that we've seen those and not turn them off, but dismiss them, would be a huge benefit."

What is our primary use case?

We purchased Morphisec primarily to help mitigate and protect us against Ryuk ransomware back in December when that was running really rampant. The antivirus that we were using at that point was outdated. We were looking to move to a new vendor, and we needed something as a stopgap to supplement our current antivirus. Morphisec fit that bill perfectly. It had features that our antivirus did not. It had an immediate deployment and immediate return on investment that we just would not be able to get if we were to turn around and try to deploy a full-blown antivirus across the entire environment. Morphisec was quick, simple, and did not conflict with anything that we already had. It also did not cause any additional delays in our virtualized environment, which was a huge concern for our infrastructure team. It just fit perfectly.

We've detected things that our antivirus was not picking up. We had no visibility or control over anything that was running in process memory. Morphisec immediately started blocking things that should not have been running in process memory. It also gave us visibility into the Windows Defender antivirus that we did not have without increasing our Microsoft licensing and gave us some basic control over Defender as well. We previously used McAfee.

How has it helped my organization?

The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that.

It's very important to us that it offers visibility into and control over Windows 10, native device control, disc encryption, and personal firewall. We're actually in the process now of deploying the control over the firewall so that we can consolidate to a single pane of glass for our antivirus and controls. It will help us through leveraging group policy, which can fail, especially if the machine drops off of the domain, we have a significantly larger remote than we did a year ago. We have machines that don't necessarily get the policies they need to get when they need to get them. Morphisec fixed that.

The level of control from Morphisec Guard compared to Windows 10 Native Security tools is a bit more basic than the Windows 10 Native Controls. You basically enable the firewall or you disable it, based on the various profiles. I have not yet seen a way to create exceptions in the firewall or rules and things like that but those can be pushed through group policy, regardless. As long as the firewall is enabled, it's functioning and it's doing better than if there was no policy applied at all.

Morphisec Guard enabled us to see at a glance whether our users have device control and disk encryption enabled properly. It is especially important with our remote workforce. Disc encryption is an absolute must. And the device control, USB devices, is also an absolute must.

It has reduced the amount of time we spend investigating false positives. It reduced our amount of chasing antivirus alerts by about 80% a week.

Our team's overall workload has also been reduced by about 30% on a weekly basis of our workload, we would spend a lot of time tracking alerts.

It has enabled us to take Morphisec and leverage one product where we would have had to have had at least two previously. I don't really have numbers for what that would look like. We didn't really investigate too many other vendors in that space, but it's probably at least 50% savings over what we would have needed. So it has helped us to save money on our security stack.

What needs improvement?

Some of the filters for the console need improvement. There are alerts that show up and just being able to acknowledge that we've seen those and not turn them off, but dismiss them, would be a huge benefit.

For how long have I used the solution?

We've been using Morphisec for about six months now. It is installed on our endpoints and servers. We have a SaaS version of the console.

What do I think about the stability of the solution?

I've had 100% availability anytime I've needed to go look. I have not had any issues in any of our environments with the agents.

What do I think about the scalability of the solution?

Scalability is very easy. We can just call and say that we need more licenses and they give us more licenses and we can push that agent out. It's the same executable file we have on our file shares. We just expand however many we need, to as large as we want to go.

We have about 8,000 endpoints, 2,500 servers, and 4,000 virtualized desktops.

Our next step would be to purchase the Linux agent and get that on the few Linux servers and appliances that we have.

How are customer service and technical support?

The technical support has been fantastic. Any feature requests I've had, any issues I've run into, which have been very minimal, they've had an immediate response. Turnaround for feature requests is really, really fast. I've seen it within the next update which they do monthly. They provide great technical support. 

Which solution did I use previously and why did I switch?

We looked at Bitdefender, Trend Micro, and Microsoft Defender. We are still using Microsoft Defender in conjunction with Morphisec in a small pilot group. We're still evaluating where we want to go for a true antivirus solution. So, we still have a small deployment of Defender.

Deployment was the biggest difference between Morphisec and the other solutions. It was far simpler to deploy Morphisec without having to remove another antivirus, without having to make a large-scale project, or look for compatibility. It works on all supported operating systems. It works in conjunction with other antiviruses. We didn't have to create exceptions and there were no conflicts with the antivirus we were running and Morphisec. So that really helped us make that decision, purchase this, roll it out, and have it supplement our existing technologies. And it gave us an almost immediate return on investment.

How was the initial setup?

The initial setup was very straightforward. We deployed it via group policy. We had it deployed across the entire environment in about three days.

What's my experience with pricing, setup cost, and licensing?

There are no additional costs to standard licensing. We've had full support. I get biweekly calls with my technical account manager and we purchased the licenses for everything we needed for a single cost.

What other advice do I have?

If you have the ability to get Morphisec into their environment, it's going to be a hundred percent return on investment. I would recommend it every time.

If you can, get it and run with it, because it's great. It's been eye-opening, the things that other antiviruses were missing, and we've seen it protect against zero days. We've seen it protect against ransomware that other antiviruses have not even seen.

I would rate Morphisec a ten out of ten. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Director of IT at a tech services company with 51-200 employees
Real User
Top 20
Responsive and fast support, easy to deploy, well-tuned to ignore false positives
Pros and Cons
  • "We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur."
  • "It would be nice if the dashboard had some more information upfront, and looked a little better."

What is our primary use case?

We use this product for endpoint security and threat remediation.

How has it helped my organization?

The fact that this is a cloud-native solution that provides us with flexibility and always-on protection is absolutely important, especially with a good majority of our staff working remotely, now.

We've had security incidents that occurred and within a matter of just a couple of minutes, they were completely remediated and fixed and we didn't even have to think about it. We just got the report after the fact.

Falcon's ability to prevent breaches is excellent. It's affected us in that we haven't had any downtime as a result of breaches or any malware or anything like that. Ultimately, it's given us a lot of our time back. On the IT side, this is at least five to ten hours per week. On the user side, it is probably more.

What is most valuable?

The most valuable feature is threat remediation. We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur.

CrowdStrike takes care of all of the updates, so we don't even think about it or see it. This is great because we definitely spent a lot of time doing that kind of thing with our previous solution. Now that we haven't had to do it in four months, it's not even something we consider anymore.

We use both the endpoint and cloud workload protection and the detection and prevention it provides are excellent. It's tuned well to the fact that there can be a lot of false positives, so there's not a lot of potential issues that we're getting alerted about that aren't real. This means that when we do get alerts, we know that they're real and they're already being remediated for us.

What needs improvement?

It would be nice if the dashboard had some more information upfront, and looked a little better. Having a cooler dashboard is nice to have, although it is not as important as the functionality, which is very good.

For how long have I used the solution?

I have been using CrowdStrike Falcon for approximately four months.

What do I think about the stability of the solution?

The stability is great and we haven't had a single issue.

What do I think about the scalability of the solution?

It was originally deployed to 200 users and we haven't really grown since we started, so I can't speak to scalability. This represents 100% adoption in our organization, and there are no current plans to grow. As we hire more people, our usage will increase.

There are two people who work with it on a daily basis. There is the director of IT and a network administrator.

How are customer service and technical support?

The technical support is excellent. I've only used it a couple of times and they were extremely responsive and very fast.

Which solution did I use previously and why did I switch?

Prior to implementing CrowdStrike, we used BlackBerry Cylance. We switched for the ability to have full remediation so that we didn't have to do it ourselves. Also, this product is pretty much best-in-class for endpoint protection.

The only real difference that we have found with CrowdStrike, compared to Cylance, is that we no longer have to spend time remediating our issues. The detection and prevention capabilities are similar, although, with CrowdStrike, we have fewer false positives.

How was the initial setup?

The initial setup is extremely easy. It took me about five minutes to deploy it to my entire organization of about 200 users. The single-center process is extremely important because it's something that we were worried about, but it turned out to be a non-issue because it only took five minutes and we haven't had to think about it again.

We initially had a plan for deployment but once we found out how easy it really turned out to be, it was basically a one-step plan.

What was our ROI?

Our return on investment comes from the fact that there is less downtime for people that do get malware and other such problems. That is something that can be quantified.

What's my experience with pricing, setup cost, and licensing?

We made use of the free trial and the process for getting set up was extremely easy. We spoke to our sales rep and in our discussions and demos, they offered the free trial. We accepted, they sent me a link and I downloaded the agent. I was then able to install it and login in less than five minutes.

Having the free trial was very important in making our decision to implement CrowdStrike because without being able to test it, it's not something that we would have chosen.

The pricing is definitely high but you get what you pay for, and it's not so high that it prices itself out of the market. That said, it's definitely one of the highest. There are no costs in addition to the standard licensing fees and the fact that it's keeping us safe, and it's proven that it works, is worth it.

Which other solutions did I evaluate?

We evaluated solutions from several vendors including Sophos, Trend Micro, McAfee, Kaspersky, and perhaps another one. A lot of these other endpoint solutions don't offer a full remediation option, and that was a big deal for us.

Also, reputation was important. We had used a couple of others in the past and there were issues where they would make an update that would negatively affect all of our computers. For example, our users could no longer access certain important websites. We haven't had that problem with CrowdStrike.

In terms of ease of use, CrowdStrike is extremely easy. Comparatively, we've had less time in the administration console than we have previously.

What other advice do I have?

My advice for anybody who is looking into implementing CrowdStrike is to go ahead and do it. There is nothing to worry about and they deliver as promised.

I would rate this solution a nine out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Andrew Nai - PeerSpot reviewer
Lead Infrastructure Engineer at Government of Singapore
MSP
Well priced with a good visualization tree but doesn't allow for high availability configuration
Pros and Cons
  • "The solution is stable."
  • "There's some disparity between the on-premise and the cloud type of application."

What is our primary use case?

We're providing this product to our customers. The main intention of using this product is to detect small malware and for vulnerabilities and scanning detection in real-time.

What is most valuable?

The Intel fit was very extensive and comprehensive enough. The visualization tree product feature in this CB defense is quite good. These are the two more notable product features.

The pricing is excellent.

The solution is stable.

What needs improvement?

There's some disparity between the on-premise and the cloud type of application. We basically manage applications versus SaaS-based ones. We were hoping that some of the more advanced features that they offer in the SaaS actually could be similarly offered for the on-premise managed applications. We find that cloud-based solutions are particularly more advanced in product roadmaps compared to on-prem.

There should be more roles in support. There needs to be support for multi-tenancy, the likes of multiple names space. When you use that in a very large organization, you have many departments. It doesn't really provide grouping by department, et cetera. 

There's actually a lagging feature that we saw in the SaaS, yet not on the on-premise setup. It seems like the on-premise one was really, really meant for a single department setup rather than for multiple departments.

The solution doesn't allow for high availability configuration. That's also a negative impact relating to the product.

For how long have I used the solution?

We have been using this solution for about two years.

What do I think about the stability of the solution?

Stability-wise, the product has been quite stable. There's no issue. The maintenance was quite straightforward, and if you don't really touch it, you won't have stability problems. 

What do I think about the scalability of the solution?

Medium to large companies will be selecting Carbon Black solutions mainly due to the fact that they needed this to better the security posture checks in the environment, typically in the more regulated environment. Regulatory, regulated environments or companies that are more security-centric will go for this type of product.

While it can scale, it only supports non-HA. Scalability is quite limited. You can only scale vertically - not horizontally.

How are customer service and support?

Technical support can be much improved. They're quite lagged in terms of their support and post-sales. In terms of the roadmap to sell, they tend to sell more towards endpoints and very large enterprises. For a server base, it would lose itself. That's not really their main focus at this point in time. Therefore, it's not as good there.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I'm also familiar with Trend Micro. Trend Micro is advancing the product, keeping it fairly up to date, and covering some aspects of the EDR over time and they're doing a lot of catching up. They actually have caught up. The technology now is quite fairly similar - it's just that the initial focus was in different areas, however, they are filling this gap. It's actually a very strong competitor. In terms of user, features-wise, et cetera, this solution is quite on par. Trend Micro is a security-focused company, so from an enterprise point, probably they are more focused than Carbon Black nowadays being bought over by VMware. Security is probably not their main area of focus at this point in time. 

How was the initial setup?

The initial setup is a bit of a mix. It is simple in the sense the setup was quite straightforward, however, when it comes to configuring for other supports, like emails, notifications, Syslog, et cetera, this identity provider's power integration, which we did for our SML 2.0, is powered based, rather than supported directly through the GUI. That was not so user-friendly, or more complex in terms of configuration.

On a scale from one to five in terms of ease of setup, it'll be about three. It probably takes about half a day just to complete the configuration setup.

The maintenance so far has been quite fairly straightforward. We don't really have any issues with the maintenance. Obviously, I didn't want the downside of the product side, maybe one of the cons is that it doesn't really support HA high availability setup configuration. 

What's my experience with pricing, setup cost, and licensing?

We have a contract, we have actually a BOT tender contract where our different customers from different departments actually purchase their licensing. Generally, the pricing is from a unique cost perspective. I wouldn't know exactly how much they buy typically, as they procure their licenses on their own. Typically, if you compared the pricing to Trend Micro, it's probably about half the cost.

What other advice do I have?

We're not quite a partner. We are a systems integrator and reseller. 

We do not have the latest update. We integrate that into our Azure AD itself.

We have the solution deployed both on the cloud and on-premises. 

I'd recommend the solution based on the cost. It's really subjective to the organization's needs. If it's for a single, small department, it's fine. If it's for a large organization itself, some of it lacks. Enterprise capabilities are probably a hindrance for a large organization to take up such a product. The limitations of supporting multiple departments with different roles and users, for them to configure what they need, would be a problem. When you talk about alerts et cetera, and also certain tracks, different departments actually probably they have their own different needs, so they wanted something to be a little bit independent, where the configuration settings are unique to the department, rather than something that can only be common for all departments in the current setup.

I'd rate the solution six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
Technical Analyst - Desktop at a manufacturing company with 501-1,000 employees
Real User
Top 20
Managing multiple machines is a pain, but support is top notch
Pros and Cons
  • "It prevents our users from circumventing security. Everything is password protected so they can't get into it. They can't uninstall it. They can't do anything."
  • "It needs improvements in its EDR and its ability to manage all the nodes. I'd like better communication between the console and the nodes, so I don't have to remote into each individual machine that's having an issue with the protection."

What is our primary use case?

We use it for our endpoint security solution for 1,000 machines worldwide. We're one of the largest machine shops in the world. In just one building, I've got over 500 machines in there. Some of them are old and come from the World War II era. Some of my machines, like my laser hole poppers, are still running Windows 3.1. I've got a lot of older lathes and mills that are running Windows 95 and Windows 98.

How has it helped my organization?

It hasn't improved our company in any way. Panda is the most painful endpoint solution I've ever had to work with except SentinelOne. With Panda, if the protection is turned off or there is a problem on a machine, you have to access that machine remotely to fix it. You can't fix it via the console. I'm the network admin and security admin at my company I don't have the bandwidth to babysit an endpoint solution. 

What is most valuable?

It prevents our users from circumventing security. Everything is password protected so they can't get into it. They can't uninstall it. They can't do anything. 

What needs improvement?

It needs improvements in its EDR and its ability to manage all the nodes. I'd like better communication between the console and the nodes, so I don't have to remote into each individual machine that's having an issue with the protection. The console's intended purpose is to manage and I've got half the management capabilities in their console. I've got almost 1,000 machines worldwide. As one person, I don't have the capacity to take care of this.

For how long have I used the solution?

We adopted this one about three years ago.

What do I think about the scalability of the solution?

It's good for all platforms— iOS, Windows, Android, Linux—so its scalability is there.

How are customer service and technical support?

Technical support has always been top-notch when you can get through. Sometimes you're on hold for up to an hour, but their technical support has always been able to address the issue and get it resolved within 48 hours.

Which solution did I use previously and why did I switch?

Prior to Panda, we had SentinelOne. Panda is a lot less work than SentinelOne in our environment. We still use a lot of Excel macros. We've got applications that we created ourselves and are unsigned. We work with machines with extremely old operating systems, and these things run off of applications that we have built in-house. SentinelOne wanted to shut down the applications so that the machines couldn't connect. It was costing us money. I can't give SentinelOne a bad review just because of our environment. Our environment is very unique, so it's not fair to SentinelOne. But at the same time, we just weren't made for each other. 

How was the initial setup?

The setup is pretty easy. Deployment takes less than an hour. It's typically connected to the console, so it has already downloaded the latest and greatest updates or file hashes. Creating groups and policies for those groups can be a little complex but once you've got all that figured out, then you're good. The console needs a lot of help. Even downloading the installer for a new deployment on a PC is not very straightforward. 

What about the implementation team?

I have an in-house team. I've got two help desk guys that I've had to train to use the Panda tenant. I don't even know if they're doing it anymore — touching every machine that has a problem with the protection.

What's my experience with pricing, setup cost, and licensing?

I don't think Panda's license is too expensive, but they're charging more than it's worth. It's a yearly license. For 1,000 endpoints, it's around $18,000. 

Which other solutions did I evaluate?

We're considering switching to something else. Right now we're looking at ESET Endpoint Security and Trend Micro Apex One. Panda's EDR is rudimentary, so we're looking to upgrade because our insurance policy is asking us to find something better. Right now, we're leaning toward Trend because they're telling me that I can do everything from the console with their solution. That was the biggest pain with Panda.  

What other advice do I have?

I'd rate Panda five out of 10. I give it that high just because it does work to some extent and it's cost-effective. My attitude toward Panda is 50/50. I get probably 10 or 15 emails a day complaining that machines lack protection. But if the console can detect the machine and knows that it's lacking protection, then my logic says, "Update it." But for whatever reason, I have to manually do it again. It's painful. It shouldn't be as expensive as it is. And I think it's going to be a lot more expensive now that WatchGuard owns it. Hopefully, they make a lot of good changes, but I've had enough with Panda.

Another thing to note about Panda is that I haven't seen anything in the documentation about compliance with GDPR regulations. I've got 11 locations in Europe, and we're going to have a GDPR tenant for the most stringent country or area. So even being in the US, I'll have to abide by European GDPR here in the US for all the locations to share one tenant. Otherwise, we'd have to have multiple tenants, which will cost us more money and be more of a hassle to manage. 

Before you install it, do a 90-day proof of concept. Thirty days is too short. You need to see the failing endpoints and what you have to do to fix it.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
EPP (Endpoint Protection for Business)
July 2022
Get our free report covering Trend Micro, Microsoft, Palo Alto Networks, and other competitors of Trend Micro Apex One. Updated: July 2022.
619,967 professionals have used our research since 2012.