What is most valuable?
I like that Webroot is very lightweight. It didn't bog down the machine, and more importantly, it had heuristics artificial intelligence to some degree. It wasn't like full-blown artificial intelligence, but something where you have one endpoint recognizing issues because it maintains a cloud database. If one client recognizes a threat, it would add it to the database, and almost immediately, every agent in the world would also know about that threat. That was very appealing to us. However, now it's becoming commonplace, whereas ventures like Symantec and McAfee were based more on the traditional model of definition and updates, and we were always falling behind. Webroot also has pretty good technical support.
What needs improvement?
One of the biggest pain points is that it's not really ransomware-oriented. They will be able to catch some, but that's where Sentinel One is a better player compared to Webroot.
For how long have I used the solution?
I have been dealing with Webroot Business Endpoint Protection for about two years.
What do I think about the scalability of the solution?
Webroot is scalable. The policies that we created were at the MSP level, and as we added more clients. Those clients just utilized the MSP policy that we had created once in a while, but it was probably a rarity and not the norm. You could also create client-level policies.
How are customer service and support?
Webroot's tech support is pretty good. It was like one issue that we really had problems with, and it really wasn't their fault. They were good at trying to help us with it, but it really came down to a conflict with a client's plugin, which was used for web filtering.
Which solution did I use previously and why did I switch?
We used Trend Micro many years ago, and then it wasn't doing great. We looked around and found another company that I think is out of business now. Next, we transitioned to Viper, and from there, we moved to Webroot. Now we're beginning to move to Sentinel One, as the keys keep moving, and we can try and move with it finding the best solutions for our clients. The hardest thing about going to Webroot was that you didn't really have any way to really have any third party that was actually testing these antivirus products to understand whether it was false positive or whether it did great. You didn't really have that much, and not many of them actually tested Webroot because it didn't really fall into the same category as all the other products that were out at the time. Sentinel One is truly looking at not just every process but exactly what it's doing and what it's touching. Truly not just journaling, but whatever it does, it's keeping track of all the changes, and they can actually roll them back. We actually just had three incidents that we have seen since we started using Sentinel One. This one happened three or four days ago, and it was a false positive. But Sentinel wants to sense the way the package was designed. It had every appearance of being malicious because the way it was acting was like a malicious function. That's the only false positive we've seen so far, and if it was a weird one too. Whoever sent it never should have sent something in that type of package. Before that, we had to locked-down the machine. That's what Sentinel One will do when there are attacks, ransomware, or some malicious activity that can be detrimental to the data and the network. It literally locks that machine down, and users can't access anything on the network. The computer can't access anything on the network except for the Sentinel One dashboard.
How was the initial setup?
The initial setup was straightforward. I think we spent about a couple of hours on the phone with their support nailing down the right settings for our various categories of machines, and we broke down the machines and added policies for our general servers. Here's a policy for our RDS and Citrix servers. Here's a policy for general workstations. Here's another policy for engineering, chat, or graphic design machines because they tend to need slightly more or slightly less restrictive settings. We had to put together five or six different base-level policies. Once they were gathered, there were some white lists added at different times.
What other advice do I have?
On a scale from one to ten, I would give Webroot Business Endpoint Protection an eight. The only reason I've dropped it down now is that they're just not including the additional items like Sentinel One. They haven't added ransomware and TrueBlue artificial intelligence, and those kinds of things. If they build those into it, they would be able to pump it back up again.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner