I work as the CIO & Information Manager in the gaming and gambling industry. The company has 650 employees and >30.000 customers.
I'm not able to find a study where Darktrace is compared against Crowdstrike Falcon (or other solutions for endpoint security, e.g. Sentinel One).
Can anyone help and share their insights?
Regards from the Netherlands
Consultant at a computer software company with 51-200 employees
Mar 31, 2022
Most of these comparisons are opinions and some tests are done in specific conditions that might not suit or reflect your organization's needs and roadmap. Ultimately, the cost of a mistake is a data breach and not just an audit finding or operational discomfort.
I mention this because there are no viable shortcuts. I suggest you test the solutions thoroughly in your own environment to see what works for you.
The gaming floor is hopefully "air-gapped" and the solution should respect that segregation and still provide great security and visibility. One of the challenges is security updates.
For such an environment you would need comprehensive AI and machine learning. I suggest you look at the difference between IOC and IOA.
IOA vs IOC: Defining & Understanding The Differences | CrowdStrike. (Please also check other sources).
Good luck and stay safe!
I suggest Fortinet’s FortiEDR over FortiClient for several reasons. For starters, FortiEDR guarantees solid protection because it continually scans servers for emerging vulnerabilities, which gives me peace of mind. FortiEDR can mitigate actions in real time. I also like that I can look into specific events and track the paths the events take as they move through the environment. There are times when I don’t understand the data being shown to me, but when that happens the managed services team is always there to help. They have been super reliable, and are great to work with.
Neither solution is perfect, though. One thing I dislike about FortiEDR is that it can be time-consuming to fine-tune what services are scanned and which ones are valid within our environment. And while it is a great product, it is not a product you can independently implement.
FortiClient has basic functionality and, upon doing product research, I discovered that the newer versions of the product were faulty and the reason for problems, making its ease of use less desirable. Moreover, if FortiClient scans Outlook for its files and archives, your PC will become unusable because it will eat up all of your PC resources and there is no way to stop it. Another huge problem for me is that it generates loads of false positives which also ends up blocking legitimate applications from running. Before making my decision, I also read that learning the incident exception process is complicated. These disadvantages were enough to sway my decision and ultimately make me choose FortiEDR.
ConclusionAs a whole, I have been very pleased using FortiEDR. While there are some areas that can be improved, such as the communication between the managed services team and my own team on site, other than that I have very few complaints.