IT Central Station is now PeerSpot: Here's why
Buyer's Guide
EPP (Endpoint Protection for Business)
July 2022
Get our free report covering Trend Micro, Microsoft, Palo Alto Networks, and other competitors of Trend Micro Smart Protection. Updated: July 2022.
619,967 professionals have used our research since 2012.

Read reviews of Trend Micro Smart Protection alternatives and competitors

Director of IT at a tech services company with 51-200 employees
Real User
Top 20
Responsive and fast support, easy to deploy, well-tuned to ignore false positives
Pros and Cons
  • "We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur."
  • "It would be nice if the dashboard had some more information upfront, and looked a little better."

What is our primary use case?

We use this product for endpoint security and threat remediation.

How has it helped my organization?

The fact that this is a cloud-native solution that provides us with flexibility and always-on protection is absolutely important, especially with a good majority of our staff working remotely, now.

We've had security incidents that occurred and within a matter of just a couple of minutes, they were completely remediated and fixed and we didn't even have to think about it. We just got the report after the fact.

Falcon's ability to prevent breaches is excellent. It's affected us in that we haven't had any downtime as a result of breaches or any malware or anything like that. Ultimately, it's given us a lot of our time back. On the IT side, this is at least five to ten hours per week. On the user side, it is probably more.

What is most valuable?

The most valuable feature is threat remediation. We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur.

CrowdStrike takes care of all of the updates, so we don't even think about it or see it. This is great because we definitely spent a lot of time doing that kind of thing with our previous solution. Now that we haven't had to do it in four months, it's not even something we consider anymore.

We use both the endpoint and cloud workload protection and the detection and prevention it provides are excellent. It's tuned well to the fact that there can be a lot of false positives, so there's not a lot of potential issues that we're getting alerted about that aren't real. This means that when we do get alerts, we know that they're real and they're already being remediated for us.

What needs improvement?

It would be nice if the dashboard had some more information upfront, and looked a little better. Having a cooler dashboard is nice to have, although it is not as important as the functionality, which is very good.

For how long have I used the solution?

I have been using CrowdStrike Falcon for approximately four months.

What do I think about the stability of the solution?

The stability is great and we haven't had a single issue.

What do I think about the scalability of the solution?

It was originally deployed to 200 users and we haven't really grown since we started, so I can't speak to scalability. This represents 100% adoption in our organization, and there are no current plans to grow. As we hire more people, our usage will increase.

There are two people who work with it on a daily basis. There is the director of IT and a network administrator.

How are customer service and technical support?

The technical support is excellent. I've only used it a couple of times and they were extremely responsive and very fast.

Which solution did I use previously and why did I switch?

Prior to implementing CrowdStrike, we used BlackBerry Cylance. We switched for the ability to have full remediation so that we didn't have to do it ourselves. Also, this product is pretty much best-in-class for endpoint protection.

The only real difference that we have found with CrowdStrike, compared to Cylance, is that we no longer have to spend time remediating our issues. The detection and prevention capabilities are similar, although, with CrowdStrike, we have fewer false positives.

How was the initial setup?

The initial setup is extremely easy. It took me about five minutes to deploy it to my entire organization of about 200 users. The single-center process is extremely important because it's something that we were worried about, but it turned out to be a non-issue because it only took five minutes and we haven't had to think about it again.

We initially had a plan for deployment but once we found out how easy it really turned out to be, it was basically a one-step plan.

What was our ROI?

Our return on investment comes from the fact that there is less downtime for people that do get malware and other such problems. That is something that can be quantified.

What's my experience with pricing, setup cost, and licensing?

We made use of the free trial and the process for getting set up was extremely easy. We spoke to our sales rep and in our discussions and demos, they offered the free trial. We accepted, they sent me a link and I downloaded the agent. I was then able to install it and login in less than five minutes.

Having the free trial was very important in making our decision to implement CrowdStrike because without being able to test it, it's not something that we would have chosen.

The pricing is definitely high but you get what you pay for, and it's not so high that it prices itself out of the market. That said, it's definitely one of the highest. There are no costs in addition to the standard licensing fees and the fact that it's keeping us safe, and it's proven that it works, is worth it.

Which other solutions did I evaluate?

We evaluated solutions from several vendors including Sophos, Trend Micro, McAfee, Kaspersky, and perhaps another one. A lot of these other endpoint solutions don't offer a full remediation option, and that was a big deal for us.

Also, reputation was important. We had used a couple of others in the past and there were issues where they would make an update that would negatively affect all of our computers. For example, our users could no longer access certain important websites. We haven't had that problem with CrowdStrike.

In terms of ease of use, CrowdStrike is extremely easy. Comparatively, we've had less time in the administration console than we have previously.

What other advice do I have?

My advice for anybody who is looking into implementing CrowdStrike is to go ahead and do it. There is nothing to worry about and they deliver as promised.

I would rate this solution a nine out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Systems Administrator at a legal firm with 51-200 employees
Real User
Top 20
Intuitive, easy to use, and does a good job of catching and stopping things for the most part and has a unique rollback feature
Pros and Cons
  • "It is intuitive and easy to use. For the most part, it does a good job of catching things. It is good at stopping stuff. I did a couple of tests with a password cracker. I tried to load that on, and Malwarebytes didn't let me do that, which was pretty good. It has a rollback feature that I haven't seen with any other company. If one of your endpoints are hit with mass ransomware, you could actually roll it back. I watched a demo of them do that, and it was pretty sweet."
  • "The EPP solution lacks the sophisticated artificial intelligence required for automating reports and letting you know about things in real-time. It stops a suspicious activity in real-time, but it doesn't let you know in real-time. You have to look at a report, and then you find out that something is wrong. You have to manually kick off a scan. With the Advanced EDR solutions, Malwarebytes has the ability to alert you in real-time, but they still don't do automatic remediation or quarantining of devices. That is something that you still have to do manually. So, the endpoint protection piece, which is just like their basic endpoint protection, lacks AI. For the advanced detection and response piece, there is an add-on that comes with it, but it still doesn't go far enough in terms of automatic remediation of viruses. It won't separate that virus from your network if something happens. You have to manually go there and do it."

What is our primary use case?

We just needed something that was intuitive and easy to use. It had a good record for catching viruses in the wild and things like that.

We have the cloud endpoint solution, so it is cloud Malwarebytes or the cloud EPP.

What is most valuable?

It is intuitive and easy to use. For the most part, it does a good job of catching things. It is good at stopping stuff. I did a couple of tests with a password cracker. I tried to load that on, and Malwarebytes didn't let me do that, which was pretty good.

It has a rollback feature that I haven't seen with any other company. If one of your endpoints are hit with mass ransomware, you could actually roll it back. I watched a demo of them do that, and it was pretty sweet.

What needs improvement?

The EPP solution lacks the sophisticated artificial intelligence required for automating reports and letting you know about things in real-time. It stops a suspicious activity in real-time, but it doesn't let you know in real-time. You have to look at a report, and then you find out that something is wrong. You have to manually kick off a scan.

With the Advanced EDR solutions, Malwarebytes has the ability to alert you in real-time, but they still don't do automatic remediation or quarantining of devices. That is something that you still have to do manually. So, the endpoint protection piece, which is just like their basic endpoint protection, lacks AI. For the advanced detection and response piece, there is an add-on that comes with it, but it still doesn't go far enough in terms of automatic remediation of viruses. It won't separate that virus from your network if something happens. You have to manually go there and do it.

For how long have I used the solution?

I have been using this solution since 2016.

What do I think about the stability of the solution?

Its stability is fine. I haven't had any problems. The only thing is that it catches some of the programs as viruses. We have a program called Poll Everywhere that some of our staff members use, and Malwarebytes flagged it as a virus. Very often, we have to go in and update the hash on this particular software. Malwarebytes catches a lot of things like that. It is good I guess, but there are a lot of false positives.

What do I think about the scalability of the solution?

It is easy to scale, but it depends on what your organization is. If your organization has a lot of PII and you are a large company, then you might want to look at a different type of solution. One of the reports that we got back for Malwarebytes said that it is too commercial, and it is for big businesses like law firms and stuff like that, and we should probably use something else, but that was it. Malwarebytes also had a bad report in third-party testing. This company tests a product against all these viruses in the wild, and apparently, it did pretty poorly in that.

How are customer service and technical support?

Tech support is good. I haven't called them. You don't really have to call them because it is good at stopping stuff. 

Which solution did I use previously and why did I switch?

We switched to Malwarebytes from Sophos. Sophos provided good protection, but the customer support was just awful. We had to get away from them for that reason. Sophos also made it really difficult for even an admin to remove a product. Sometimes we had problems with the application, and we wanted to uninstall and re-install it, but it was just a nightmare trying to get that stuff off. It is a plus when you are trying to uninstall somebody's antivirus, but it is just hard for an admin who has a legitimate reason for going in there and removing it.

How was the initial setup?

The initial setup was straightforward. In terms of the implementation strategy, the only thing that we had to do was to create policies to turn off Windows Defender. It is recommended that you don't have two antiviruses running at the same time. We did that with a GTO, and then we pushed out the software through group policy. It was a big process because we had Sophos. We had to get Sophos off the machines and then deploy Malwarebytes.

What's my experience with pricing, setup cost, and licensing?

Its cost is around $60 a machine. The cost of the total solution for 250 people is about $8,500 a year. If we add EDR to it, it will bring that cost up to about $15,000. The cost for Carbon Black is about $25,000, which is $10,000 more, but you get all AI functions with it.

Which other solutions did I evaluate?

We evaluated Carbon Black and Trend Micro. We had a demo with Carbon Black. It is a really good solution, but it is expensive, and there is a learning curve associated with it,

We use a research company. We had a meeting with them, and they gave us an initial bad report with Malwarebytes. The researcher thought that we were this huge company, whereas we only have 150 employees. The same person wrote a report saying that Malwarebytes was good. The report they gave us at a meeting contradicted another report they gave us.

What other advice do I have?

If you're a small company with less than 500 people, the Malwarebytes EDR solution is a good fit. It is also a good solution if:

  • You don't have any DOD requirements for your data.
  • You don't have a lot of PPI.
  • You don't have a lot of confidential documents in your environment.

If you have strict DOD regulations or something like that, you might want to look at Carbon Black and Trend Micro.

I would rate Malwarebytes an eight out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Andrew Nai - PeerSpot reviewer
Lead Infrastructure Engineer at Government of Singapore
MSP
Well priced with a good visualization tree but doesn't allow for high availability configuration
Pros and Cons
  • "The solution is stable."
  • "There's some disparity between the on-premise and the cloud type of application."

What is our primary use case?

We're providing this product to our customers. The main intention of using this product is to detect small malware and for vulnerabilities and scanning detection in real-time.

What is most valuable?

The Intel fit was very extensive and comprehensive enough. The visualization tree product feature in this CB defense is quite good. These are the two more notable product features.

The pricing is excellent.

The solution is stable.

What needs improvement?

There's some disparity between the on-premise and the cloud type of application. We basically manage applications versus SaaS-based ones. We were hoping that some of the more advanced features that they offer in the SaaS actually could be similarly offered for the on-premise managed applications. We find that cloud-based solutions are particularly more advanced in product roadmaps compared to on-prem.

There should be more roles in support. There needs to be support for multi-tenancy, the likes of multiple names space. When you use that in a very large organization, you have many departments. It doesn't really provide grouping by department, et cetera. 

There's actually a lagging feature that we saw in the SaaS, yet not on the on-premise setup. It seems like the on-premise one was really, really meant for a single department setup rather than for multiple departments.

The solution doesn't allow for high availability configuration. That's also a negative impact relating to the product.

For how long have I used the solution?

We have been using this solution for about two years.

What do I think about the stability of the solution?

Stability-wise, the product has been quite stable. There's no issue. The maintenance was quite straightforward, and if you don't really touch it, you won't have stability problems. 

What do I think about the scalability of the solution?

Medium to large companies will be selecting Carbon Black solutions mainly due to the fact that they needed this to better the security posture checks in the environment, typically in the more regulated environment. Regulatory, regulated environments or companies that are more security-centric will go for this type of product.

While it can scale, it only supports non-HA. Scalability is quite limited. You can only scale vertically - not horizontally.

How are customer service and support?

Technical support can be much improved. They're quite lagged in terms of their support and post-sales. In terms of the roadmap to sell, they tend to sell more towards endpoints and very large enterprises. For a server base, it would lose itself. That's not really their main focus at this point in time. Therefore, it's not as good there.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I'm also familiar with Trend Micro. Trend Micro is advancing the product, keeping it fairly up to date, and covering some aspects of the EDR over time and they're doing a lot of catching up. They actually have caught up. The technology now is quite fairly similar - it's just that the initial focus was in different areas, however, they are filling this gap. It's actually a very strong competitor. In terms of user, features-wise, et cetera, this solution is quite on par. Trend Micro is a security-focused company, so from an enterprise point, probably they are more focused than Carbon Black nowadays being bought over by VMware. Security is probably not their main area of focus at this point in time. 

How was the initial setup?

The initial setup is a bit of a mix. It is simple in the sense the setup was quite straightforward, however, when it comes to configuring for other supports, like emails, notifications, Syslog, et cetera, this identity provider's power integration, which we did for our SML 2.0, is powered based, rather than supported directly through the GUI. That was not so user-friendly, or more complex in terms of configuration.

On a scale from one to five in terms of ease of setup, it'll be about three. It probably takes about half a day just to complete the configuration setup.

The maintenance so far has been quite fairly straightforward. We don't really have any issues with the maintenance. Obviously, I didn't want the downside of the product side, maybe one of the cons is that it doesn't really support HA high availability setup configuration. 

What's my experience with pricing, setup cost, and licensing?

We have a contract, we have actually a BOT tender contract where our different customers from different departments actually purchase their licensing. Generally, the pricing is from a unique cost perspective. I wouldn't know exactly how much they buy typically, as they procure their licenses on their own. Typically, if you compared the pricing to Trend Micro, it's probably about half the cost.

What other advice do I have?

We're not quite a partner. We are a systems integrator and reseller. 

We do not have the latest update. We integrate that into our Azure AD itself.

We have the solution deployed both on the cloud and on-premises. 

I'd recommend the solution based on the cost. It's really subjective to the organization's needs. If it's for a single, small department, it's fine. If it's for a large organization itself, some of it lacks. Enterprise capabilities are probably a hindrance for a large organization to take up such a product. The limitations of supporting multiple departments with different roles and users, for them to configure what they need, would be a problem. When you talk about alerts et cetera, and also certain tracks, different departments actually probably they have their own different needs, so they wanted something to be a little bit independent, where the configuration settings are unique to the department, rather than something that can only be common for all departments in the current setup.

I'd rate the solution six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
Meleria Mangaring - PeerSpot reviewer
Systems Engineer at Trends and Technologies, Inc
Reseller
Top 5
Great ePolicy orchestrator, seamlessly expands, and offers good reliability
Pros and Cons
  • "It's very stable and reliable."
  • "Looking at the current ePolicy orchestrator, and the transition of most vendors to the cloud, they need to do an improvement with the current dashboard or the overall aesthetic of their GUI."

What is our primary use case?

We primarily use the solution for endpoint security.

What is most valuable?

One of the strengths of McAfee in general, not only in the Endpoint, is the ePolicy orchestrator. It's a single management platform for all the solutions and also a single agent. From my experience, with all other products, it becomes easy to use with multiple deployments. 

With McAfee, what you do is you just upload and download some packages for specific features. For example, with endpoint security, you get only the four features, the firewall, web control, the ATP, and then threat prevention. Should the client would want an additional feature, for example, device control, full-blown DLP, or application control, then we can add the packages for that and then easily deploy it with the client. 

What needs improvement?

Looking at the current ePolicy orchestrator, and the transition of most vendors to the cloud, they need to do an improvement with the current dashboard or the overall aesthetic of their GUI. They need to just keep up with the current trends. It's still a bit old-looking. That said, with the CASB, their other solutions their cloud solutions, they're already on the way with that. They are working on improving things. 

The initial setup can be a bit difficult. 

They should offer further application control. The way of doing the application control is based on an inventory scan. It would be great and it would be at par with other solutions if they would be able to improve that into a category-based application control.

For how long have I used the solution?

I've used the solution for about three years. 

What do I think about the stability of the solution?

McAfee is one of my favorites. It's very stable and reliable. There are no bugs or glitches. 

What do I think about the scalability of the solution?

We have been able to scale. For example, a client who wanted to migrate their on-premise solution and then move to the cloud found it to be pretty straightforward. With things like this, there is still room for improvement and there can be trouble doing that. However, with the experience that I had during the migration, it was pretty smooth and seamless.

How are customer service and support?

I haven't had any experience with technical support. I'm working as a presales engineer, however, I have colleagues who've had a few experiences with McAfee technical support. Usually, it's all about clarifications around the licensing or loading of the license. For example, we have had experiences with the license already loaded to the client's account and we haven't received the email yet. When that happens, we have no way of accessing the account of the client. In those instances, we'd reach out to support. Beyond that, we don't really need help. 

Which solution did I use previously and why did I switch?

I have experience with Trend Micro, Sophos, and McAfee.

The main difference is their single solution. There's one single pane of glass you're looking at which gets easier with the maintenance. The utilization is also great. It takes away the customer of having to deal with problems with the utilization. There's a balance between the performance of the agent as well as the operation of the client. You won't hear a client complaining that a McAfee solution.

The threat intelligence with respect to endpoint security is great too. With the threat intelligence and McAfee having been in the industry for so long, it has a better capability of protecting our endpoints.

How was the initial setup?

For the setup, if you're not familiar with it, it can be a challenge. From my experience, when I just started working with McAfee, it was really hard to understand how the policies work, how the policies should be implemented and how would you assign them to certain groups. If you're just getting started, it's hard. However, if you're already familiar with how policy creation works and how you're supposed to assign it to certain groups or certain users, then it becomes easier over time.

For every 100 users, one person is enough in terms of handling maintenance tasks. Management is easy as you can manage everything from a single pane of glass. It doesn't require a lot of manpower. 

What's my experience with pricing, setup cost, and licensing?

If you look from the Gartner perspective, and if we're only looking at the leaders' quadrant, McAfee is around five out of five in terms of price affordability. Among all other solutions, it has really a reasonable price. If you look at the entire Magic Quadrant, not only the leaders' quadrant, McAfee is even better. There are other solutions that have a more reasonable price, however, it also comes at the cost of the quality that we're offering.

What other advice do I have?

I'm a reseller and solutions provider. 

It can be deployed in a virtualized environment or on the cloud. It depends on the client's requirements. I typically recommend the SaaS environment, however, in the Phillippines, it's mostly on-premises still. In that case, we may use a virtualized or physical server.

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
CISO at a media company with 10,001+ employees
Real User
Easy to deploy and configure, stable, and has good support
Pros and Cons
  • "Morphisec is a straightforward solution that is efficient and very stable."
  • "The weakest point of this product is how difficult it is to understand the reasons for an alert. This is a problem because it is hard to determine whether an attack is real or not."

What is our primary use case?

I am a consultant for a cybersecurity company and I'm active as CSO for several customers. 

We use this product to provide protection against viruses and other threats.

How has it helped my organization?

This solution automatically blocks threats, which is important to us because we're a small team. We don't have a lot of incidents and we don't do any investigation into them.

I can't say whether using Morphisec has reduced our team's workload, although I can say that it hasn't increased it. That's a good point.

What is most valuable?

The most important point for me is to have technology that does not require any interaction. We don't have a need to understand the way in which Morphisec detects threats. We have a small security team and we want a solution that we can set and forget. This product makes it easy to prevent breaches, even with a small team.

What needs improvement?

The weakest point of this product is how difficult it is to understand the reasons for an alert. This is a problem because it is hard to determine whether an attack is real or not. It blocks the behavior automatically but it is quite difficult to check the reason for this, and it is something that we are discussing with Morphisec.

We need to have better reporting features that are able to produce KPIs that we can show to management. Improved analytics reports would help us to understand what type of attack it is and how it was able to reach a particular computer.

For how long have I used the solution?

I have been working with the Morphisec Breach Prevention Platform for approximately four years.

What do I think about the stability of the solution?

The stability is perfect. We have never had any issues.

What do I think about the scalability of the solution?

The size of our perimeter is quite stable and is limited to between 3,000 and 4,000 computers. As such, it's hard for me to say how easy it is to scale. For example, I wouldn't know how well it works for 10,000 or 100,000 computers, although I don't think that it's an issue with Morphisec.

We are considering expanding the use of this product by installing it on our servers. However, that plan is not active for the moment.

There are five people in charge of using the solution for security analysis and configuration.

How are customer service and support?

We have a good relationship with Morphisec. The product is working well and we don't need a lot of support but when we have a specific question or when we want new features, they answer us quickly and well.

Overall, we are very satisfied with the support.

Which solution did I use previously and why did I switch?

We were using another antivirus technology prior to this, and we switched because we wanted to have better coverage. We met Morphisec during a technology trip and we decided to deploy it, giving us better coverage against the attacks.

In my role as CSO for several customers, I have used different solutions. These include SentinelOne and CrowdStrike, and we currently use Trend Micro.

I don't think that these are competitors because they do things differently, but we can compare the results and the interfaces. Morphisec is a straightforward solution that is efficient and very stable. It probably covers fewer attacks and is less technical than competitors but what they do, they do perfectly. The workload on our staff is very low compared to a product like CrowdStrike when we need to have our experts analyze the results so that we can understand them.

How was the initial setup?

The initial setup was straightforward. It is really easy to deploy and configure.

Our deployment took perhaps three months, although the delay was not due to Morphisec. Rather, it was a result of the time it took to deploy things on our computers. We were able to get the service running in one or two days.

As part of our implementation, we tried a number of different tasks. We worked mainly with the business teams to ensure that we weren't getting any false positives.

What about the implementation team?

We worked directly with the Morphisec team. They had a small team, four years ago.

On our side, there was me and one of my engineers. For me, there is no workload due to Morphisec. The only time that I work on it is when we are deploying it for a new client. 

Which other solutions did I evaluate?

We did a pilot with the product and we tested it with certain attacks from within our team. We could tell from these tests that the solution was able to block the types of attacks that we wanted to protect ourselves against.

What other advice do I have?

This product provides us with full visibility into security events with Microsoft Defender and Morphisec in a single dashboard, although this is not a focal point for us because we do not use Defender. We use Trend Micro for protection.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Buyer's Guide
EPP (Endpoint Protection for Business)
July 2022
Get our free report covering Trend Micro, Microsoft, Palo Alto Networks, and other competitors of Trend Micro Smart Protection. Updated: July 2022.
619,967 professionals have used our research since 2012.