IT Central Station is now PeerSpot: Here's why
2021-07-28T15:32:00Z

What is the best EDR or XDR product for a company with 9000 employees?

Cybersecurity and Cyber Defense Manager at ecopetrol
143

Hi peers,

Our company is looking for the best EDR or XDR solution for the company with 9K+ employees.

What would be your professional advice to us? Why this or another solution should be our choice?

Thanks in advance!

PeerSpot user
Guest
1020 Answers

John Recendez - PeerSpot reviewer
User

In my personal technical opinion, FortiEDR (an EDR/XDR product) is a highly effective solution because it’s engineered to sit at the kernel level between any executing application and the OS, NIC, and hard drive. 


This makes the solution effective beyond typical signatures (which every system uses, including FortiEDR to catch the low hanging fruit). Anything outside typical signature still cannot bypass FortiEDR because it listens to every activity as it hits the OS, NIC, and hard drive.

2022-07-12T23:49:00Z
Evgeny Belenky - PeerSpot reviewerEvgeny Belenky
Community Manager

@John Recendez thanks for your answer! 

Also, have you compared FortiEDR vs other EDR/XDR products? I suppose there are additional solutions providing a kernel-level implementation. 

Do you possibly know what types of security testing have been performed (by an independent 3rd party) to test the detection rate of this solution? 

I believe there are no silver-bullet security products. What do you think?

David Ozuna - PeerSpot reviewer
User

Sophos, if you have people to admin the tool, if not Sophos with MTR.

2022-07-12T20:03:28Z
Evgeny Belenky - PeerSpot reviewerEvgeny Belenky
Community Manager

@David Ozuna, why do you suggest these particular products? Thanks.

Tom Foale - PeerSpot reviewer
Top 5LeaderboardReal User

I deploy and would recommend Deep Instinct. It has a 99%+ detection rate, even on zero days and documents like Word, Excel and PDF, automatically stops malware activation within milliseconds and has a <0.1% false-positive rate. 


In the USA it is backed by a $3M warranty from Munich Re for a single breach, and we expect this to be extended to the UK. It is very easy to implement using self-install or automation, and we have never got anything past it. In the UK it has a major bank as a client. 


Its customers include T-Systems, Honeywell, Taylor Morrison and Seiko. 

2022-07-12T13:54:55Z
Evgeny Belenky - PeerSpot reviewerEvgeny Belenky
Community Manager

@Tom Foale thank you for your answer. 
I have a question: when you say "it has a 99%+ detection rate" what does it mean? Which tests have been performed to get this number? Any independent 3rd party references? Thanks.

Tom Foale - PeerSpot reviewerTom Foale
Top 5LeaderboardReal User

@Evgeny Belenky 
It's actually >99% of zero-day threats. We and others have tried to get even malware we have written ourselves past it and cannot. Unit 221B, an incident response company, tested it independently https://www.brighttalk.com/web..., as did SE Labs https://selabs.uk/reports/deep.... It's on HP's premium PC range too.

Tom Foale - PeerSpot reviewerTom Foale
Top 5LeaderboardReal User

@Evgeny Belenky 
SE Labs also did a report https://selabs.uk/reports/deep.... It is a deep-learning based product - a neural network trained on billions of malware samples and normal documents. The weightings are transferred to an agent (d-brain) that is installed on the endpoint. Even older d-brains detect everything.

Steve Pender - PeerSpot reviewer
Top 5LeaderboardReal User

@Edgardo Arrieta ​ 


I would confidently recommend SentinelOne as it is the only EDR that has not been breached, offers up to 1 million USD warranty if it is not able to roll back a ransomware encryption attack, automatically mitigates cyber-attacks without human intervention, uses artificial intelligence and does not require internet to mitigate attacks. 


SentinelOne also effectively provides protection against; zero-day, fileless and lateral movement attacks.

2021-09-21T14:37:55Z
Meleria Mangaring - PeerSpot reviewer
Top 5LeaderboardReseller

Trend Micro Vision One!  This XDR solution can be correlated with other information within the network that could be of huge help in threat hunting and mitigating risks.

2022-08-05T00:31:11Z
Basheer Ahmed Khan - PeerSpot reviewer
ExpertModeratorReal User

@Edgardo Arrieta, You can look out for LimaCharlie too. It's a new product in the market. 


But it has a lot of features. You can build your own rules for detection, response, and control of your data. You can also use many freely available rules for D & R for mitigation. 


Leverage solutions custom designed for your environment and control your security posture without having to rely on external vendors to protect you from bad actors. You also get one-click access to many rulesets from sources like Yara, Soteria, Sigma, and others.

2022-07-15T08:19:15Z
David_Roy - PeerSpot reviewer
User

Here (at BlackSwan CyberSecurity) we prefer to stay vendor neutral with an Open XDR approach. 


With that said we utilize Sophos as it provides data we use in our SIEM, and XDR provides us with some automation capabilities: Sophos XDR Fact Sheet

2022-07-13T15:58:59Z
Carsten Dan Petersen - PeerSpot reviewer
Reseller

I would recommend SentinelOne. 


Easy deployment, management and daily maintenance. Supporting most operating systems - new, legacy and mobile. 


Never breached 1 million warranty, leading MITRE and Gartner. Cool usable roll-back feature and superior storyline technology that tracks all processes and events, making IR, TH, and documentation fast and sublime.

2022-07-12T06:53:49Z
MikeAng - PeerSpot reviewer
User

Bitdefender topped the MITRE ATT&CK tests for consecutive years. 


Look at real performance and not marketing and hype.

2022-07-11T15:54:15Z
Evgeny Belenky - PeerSpot reviewerEvgeny Belenky
Community Manager

@MikeAng thanks for your suggestion. Can you please share a reference for it?
Also, can you please explain to the community what MITRE ATT&CK tests include/cover?
Thanks!

Evgeny Belenky - PeerSpot reviewerEvgeny Belenky
Community Manager

@MikeAng thanks for the reference.

Shani Patel - PeerSpot reviewer
Real User

Completely automated attack investigation and remediation on a single platform.

Cynet XDR (by Cynet Security) natively unifies NGAV, EDR, NDR, UEBA and Deception technologies with automated attack investigation and remediation on a single, intuitive platform and it's backed by a 24/7 Managed Detection and Response service. 

2021-09-10T22:05:41Z
Evgeny Belenky - PeerSpot reviewerEvgeny Belenky
Community Manager

@Shani Patel have you used this product?
What distinguishes this XDR from other products such as, for example, Palo Alto Networks Cortex XDR, SentinelOne Singularity XDR and Trend Micro Vision One?
Thanks!

Evgeny Belenky - PeerSpot reviewerEvgeny Belenky
Community Manager

@Shani Patel, this is a follow up on my earlier question. Thanks!

Buyer's Guide
EDR (Endpoint Detection and Response)
July 2022
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in EDR (Endpoint Detection and Response). Updated: July 2022.
620,600 professionals have used our research since 2012.