Community Manager at PeerSpot (formerly IT Central Station)
Answered Aug 25, 2020
CrowdStrike Falcon and Microsoft Defender ATP are popular tools for EDR. Have you done a POC on these two tools, or had experience using them? If so, please share some insights on how these products perform, and which you would recommend.
In a nutshell, Microsoft as most of its products tend to be behind the leaders and ATP is no exception, we used both and stayed with Falcon. With ATP you think you are protected until you deploy Falcon, or any other NGAV, and realize you were blind. We also used Cylance and still better than MS ATP.
A few reasons why Falcon: Time response, real AI engine no signatures, support, easy to manage, one of the most well-organized vendors we've worked with, one of my favorites: if you don't have the --expertise-- and human power in-house they offer a fully managed insured ($1M) solution that monitors all the way to remediation 24x7 in less than 30min and without user intervention or interruption. Last, network containment at the click of a button in real-time with the ability to still remediate remotely
The SentinelOne Endpoint Protection Platform (EPP) unifies prevention, detection, and response in a single purpose-built agent, powered by machine learning and automation. It is not reliant on hash signatures or an internet connection. SentinelOne provides prevention and detection of attacks across all major vectors and rapid elimination of threats with a fully automated real-time response without human intervention.
SentinelOne has not been breached and offers upto $1,000,000 warranty if it cannot roll back a ransomware attack.
I work as the CIO & Information Manager in the gaming and gambling industry. The company has 650 employees and >30.000 customers.
I'm not able to find a study where Darktrace is compared against Crowdstrike Falcon (or other solutions for endpoint security, e.g. Sentinel One).... Read More »