I'm a Senior Manager- Security Monitoring and Incident Response at a large manufacturing company.
I am looking for thoughts from those who may have done a comparative analysis on these two products within the last 6 months or so. Realizing these technologies have advanced rapidly over the past year or two I would like to hear some current observations.
While I am interested in the value/functionality of the platforms, I am currently focused on assessments around EDR performance and ultimate functionality.
Thanks in advance for your thoughts.
Hiya Paul, I'm a bit biased as we are partnered with Cynet Security. We've done extensive testing on Cynet 360 using two recipes: MITRE Framework and Atomic Red Team's collection of small, highly portable detection tests mapped to MITRE ATT&CK®. Value Proposition is very good with a 24/7 SOC support. Fully automated D&R agent with ability to integrate to external SIEM. Also has User Behaviour Analytics (UBA) which is helpful. But EDR comparison needs to be evaluated according to your company's needs. Not one size fits all. So i suggest you test drive both using the MITRE framework as we have. Many CISOs or Managers wants an EDR that you install and forget, and i think Cynet is that.Additionally, the Deception module is an excellent honeypot for Advanced Persistent Threat (APT) Attacks. Cynet Offers Free Threat Assessment for Mid-sized and Large Organizations (min 250 endpoints). And based on Gartner's Peer Insights EDR review, Cynet came #1 out of 51 vendors with an average rating of 5 out of 5. Sorry, we've done our eval on many EDR/XDR/MDRs and we've hit home with Cynet 360. Perhaps an on prem eval is in order. Cheers!!
We didn't consider either of these after demo and comparison from reviews of multiple EDR solutions we came up with SentinelOne on top and are now POCg it as an endpoint solution.
If you're looking for a NextGen, Machine Learning & AI-driven Active EDR with automated remediation, that has not been breached and is backed by a one million USD ransomware warranty. Contact me and I'll provide you with detailed comparisons between SentinelOne, Cylance and Carbon Black, showing how SentinelOne is superior to both Cylance and Carbon Black.
It will also be my pleasure to demonstrate the SentinelOne solution to you.
The future of your company's cybersecurity is in your hands.
Paul,
While I've not used Carbon I have used Cylance and Optics for years before moving away from them in favor of a more robust and easy to manage solution. Cylance, IF properly configured can stop the majority of attacks out there and incorporates machine learning. I would strongly suggest if you're reviewing EDR's that you also consider S1.
Cylance in order to compete with other platforms needs to have Cylance and Optics installed. Last I used it these were two separate components and still not integrated into the same client. That was the goal but never happened while I was a customer. Optics was confusing to use, confusing to configure. I've had ZERO issues like this with our S1 deployment and production use. the ML on this client has been superior to the Cylance ML model as well and I don't need multiple apps installed to accomplish the same end goal.
Cylance as an EDR failed for me, I loved the ML machine learning for the antivirus and malware/ ransomware protection and such but as an EDR there're WAY better choices on the market.
Hope this helps.
Capability Cylance Carbon Black
Leverages local ML Model Yes No
Leverages cloud ML Model. Not required but No
adds to efficacy
Predictive Advantage Yes No
Prevents attacks from
zero-day threats Yes Partial
Daily or frequent updates No Yes
Allows malware to execute No Yes
Cloud vs. On-Premise Mgmt Cloud & On-Premise On-Premise
Single Agent Yes No
Scale of Agents Infinite Limited
Single Console Yes No
Requires continual scans No Yes
Capable of convicting offline Yes No
Avg mem/cpu <70MB/1% High
Agent Update Cycle Quarterly Daily
ML Update Cycle 3x Yearly N/A