In my personal technical opinion, FortiEDR (an EDR/XDR product) is a highly effective solution because it’s engineered to sit at the kernel level between any executing application and the OS, NIC, and hard drive.
This makes the solution effective beyond typical signatures (which every system uses, including FortiEDR to catch the low hanging fruit). Anything outside typical signature still cannot bypass FortiEDR because it listens to every activity as it hits the OS, NIC, and hard drive.
Network Security Services at ACE Managed Securty Services
Real User
Top 5
Sep 26, 2022
CrowdStrike’s Falcon Insight is inarguably the best EDR product in the market currently, irrespective of the number of users. It simplifies endpoint detection and response while giving you full-spectrum visibility in real time.
While some might consider the solution cost to be on the higher side, it assures you immediate time-to-value and cost-to-value. It’s cloud-based and doesn’t require any on-premises infrastructure management or installation. It has a single lightweight-agent architecture that deploys in minutes and opens the door for instant scalability in the future.
One of the major selling points for CrowdStrike EDR is the minimal learning curve attached to using the solution. It’s immediately operational and does not require reboots, finetuning, baselining, or complex configurations. The best part is that it has zero impact on endpoint performance and end-user productivity.
I deploy and would recommend Deep Instinct. It has a 99%+ detection rate, even on zero days and documents like Word, Excel and PDF, automatically stops malware activation within milliseconds and has a <0.1% false-positive rate.
In the USA it is backed by a $3M warranty from Munich Re for a single breach, and we expect this to be extended to the UK. It is very easy to implement using self-install or automation, and we have never got anything past it. In the UK it has a major bank as a client.
Its customers include T-Systems, Honeywell, Taylor Morrison and Seiko.
@Evgeny Belenky SE Labs also did a report https://selabs.uk/reports/deep.... It is a deep-learning based product - a neural network trained on billions of malware samples and normal documents. The weightings are transferred to an agent (d-brain) that is installed on the endpoint. Even older d-brains detect everything.
I would confidently recommend SentinelOne as it is the only EDR that has not been breached, offers up to 1 million USD warranty if it is not able to roll back a ransomware encryption attack, automatically mitigates cyber-attacks without human intervention, uses artificial intelligence and does not require internet to mitigate attacks.
SentinelOne also effectively provides protection against; zero-day, fileless and lateral movement attacks.
Trend Micro Vision One! This XDR solution can be correlated with other information within the network that could be of huge help in threat hunting and mitigating risks.
@Edgardo Arrieta, You can look out for LimaCharlie too. It's a new product in the market.
But it has a lot of features. You can build your own rules for detection, response, and control of your data. You can also use many freely available rules for D & R for mitigation.
Leverage solutions custom designed for your environment and control your security posture without having to rely on external vendors to protect you from bad actors. You also get one-click access to many rulesets from sources like Yara, Soteria, Sigma, and others.
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
Easy deployment, management and daily maintenance. Supporting most operating systems - new, legacy and mobile.
Never breached 1 million warranty, leading MITRE and Gartner. Cool usable roll-back feature and superior storyline technology that tracks all processes and events, making IR, TH, and documentation fast and sublime.
Completely automated attack investigation and remediation on a single platform.
Cynet XDR (by Cynet Security) natively unifies NGAV, EDR, NDR, UEBA and Deception technologies with automated attack investigation and remediation on a single, intuitive platform and it's backed by a 24/7 Managed Detection and Response service.
Hello peers,
I work for a large manufacturing company. We are evaluating EDR and XDR solutions for Endpoint Security, can anyone suggest some good ones for comparison with pros and cons? We did a demo with CrowdStrike, FortiEDR, and SentinelOne.
Thank you for your help.
Hi, It seems you are already looking at some of the best and leaders in the new Gartner Quadrant. SentinelOne and CrowdStrike are very close in their offerings, detections, and responses. CrowdStrike might be a little more mature in their MDR offering, but both are doing very well in protecting your endpoints.You might consider Cybereason as well.Regarding EDR vs XDR, according to the Gartner Hype Curve, EDR is a more mature technology whereas XDR's maturity mostly is on the material from marketing. The difference is whether or not external logs and alerts are consolidated within the platform. Most EDR vendors claim they have XDR as well, but as most vendors, they talk the talk way before they can walk the walk and before the market are ready for the adoption. So if you are a first mover you can go for the full package but you must expect to accept some bugs and be the vendor's remote test lab.Besides that, nearly all solutions have APIs to be called and thus can be included in most platforms.
Product Manager at a comms service provider with 51-200 employees
Mar 6, 2023
I agree with Carsten and want to add my experience. With S1, I get more false positives and resource consumption is a little bit more. Currently, I'm using CD and happy using it. MDR Services is provided by its own staff, not 3rd party. Single-click rollback is a plus with S1. About XDR, it depends on your company's security culture. I think there's no application that you just deploy and relax. If someone says "we do", I simply don't believe it. Network security is a different issue and it's hard to identify adversaries only with AI. You have to have a team to follow up on network traffic. For EDR, AI is more convenient. With XDR, AI will give you lots of false positives. After a while, you'll get exhausted from the noise. Also, most attacks target endpoints, so EDR has more priority in my opinion.
Hi,
I'm looking for an EDR with low resource consumption and very robust for 270 computers.
Any suggestions?
Thank you---
<Original question>
Estoy buscando un EDR con bajo consumo de recursos y muy robusto para 270 equipos de computo
Sugerencias?
Gracias
Hi Fernando,
I’m very happy with Kaspersky. Good value for your money. Good support when you need it. The console gives you more than only antivirus, but also patch management for 3th party software and so many more. And i believe the best anti ransomware in the world.
With kind regards,
Hi dear community members,
In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own!
Trending
These are the topics your peers are talking about on PeerSpot this week
How do I estimate the requir...
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers!
Also, special thanks to the articles' contributors included in this Community Spotlight:
@Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important.
1) Does the solution employ Foundational Tech...
Dear professionals,
Welcome back to PeerSpot's Community Spotlight! Below you can find the latest hot topics posted by your fellow PeerSpot Community members. Read articles, answer questions, and contribute to discussions that are relevant to you and your expertise. Or ask your peers for insight on topics that interest you!
Trending
Here are some topics that your peers are discussi...
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
@Chris Childerhose, @PraveenKambhampati, @Deena Nouril, @Shibu Babuchandran and @reviewer1925439,
Thank you for contributing your articles and sharing your professional knowledge with 618K PeerSpot community members around the globe as well as with a much bigger readers audience!
Hi peers,
We're happy to share our new bi-weekly Community Spotlight with you. Here you'll find recent contributions by PeerSpot community members: questions, articles and trending discussions.
Trending
See what your peers are discussing at the moment!
What to choose: an endpoint antivirus, an EDR solution, or both?
What is your recommended IT Service Management (ITSM) tool in 2022?
W...
Hi dear community members,
This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions!
Trending
What are the Top 5 cybersecurity trends in 2022?
What are the main benefits of modern IT Asset Discovery tools?
Tip
Post an educational article from your Home feed and receive 20 point...
In my personal technical opinion, FortiEDR (an EDR/XDR product) is a highly effective solution because it’s engineered to sit at the kernel level between any executing application and the OS, NIC, and hard drive.
This makes the solution effective beyond typical signatures (which every system uses, including FortiEDR to catch the low hanging fruit). Anything outside typical signature still cannot bypass FortiEDR because it listens to every activity as it hits the OS, NIC, and hard drive.
CrowdStrike’s Falcon Insight is inarguably the best EDR product in the market currently, irrespective of the number of users. It simplifies endpoint detection and response while giving you full-spectrum visibility in real time.
While some might consider the solution cost to be on the higher side, it assures you immediate time-to-value and cost-to-value. It’s cloud-based and doesn’t require any on-premises infrastructure management or installation. It has a single lightweight-agent architecture that deploys in minutes and opens the door for instant scalability in the future.
One of the major selling points for CrowdStrike EDR is the minimal learning curve attached to using the solution. It’s immediately operational and does not require reboots, finetuning, baselining, or complex configurations. The best part is that it has zero impact on endpoint performance and end-user productivity.
Sophos, if you have people to admin the tool, if not Sophos with MTR.
@David Ozuna, why do you suggest these particular products? Thanks.
I deploy and would recommend Deep Instinct. It has a 99%+ detection rate, even on zero days and documents like Word, Excel and PDF, automatically stops malware activation within milliseconds and has a <0.1% false-positive rate.
In the USA it is backed by a $3M warranty from Munich Re for a single breach, and we expect this to be extended to the UK. It is very easy to implement using self-install or automation, and we have never got anything past it. In the UK it has a major bank as a client.
Its customers include T-Systems, Honeywell, Taylor Morrison and Seiko.
@Evgeny Belenky
SE Labs also did a report https://selabs.uk/reports/deep.... It is a deep-learning based product - a neural network trained on billions of malware samples and normal documents. The weightings are transferred to an agent (d-brain) that is installed on the endpoint. Even older d-brains detect everything.
@Edgardo Arrieta
I would confidently recommend SentinelOne as it is the only EDR that has not been breached, offers up to 1 million USD warranty if it is not able to roll back a ransomware encryption attack, automatically mitigates cyber-attacks without human intervention, uses artificial intelligence and does not require internet to mitigate attacks.
SentinelOne also effectively provides protection against; zero-day, fileless and lateral movement attacks.
Trend Micro Vision One! This XDR solution can be correlated with other information within the network that could be of huge help in threat hunting and mitigating risks.
@Edgardo Arrieta, You can look out for LimaCharlie too. It's a new product in the market.
But it has a lot of features. You can build your own rules for detection, response, and control of your data. You can also use many freely available rules for D & R for mitigation.
Leverage solutions custom designed for your environment and control your security posture without having to rely on external vendors to protect you from bad actors. You also get one-click access to many rulesets from sources like Yara, Soteria, Sigma, and others.
Here (at BlackSwan CyberSecurity) we prefer to stay vendor neutral with an Open XDR approach.
With that said we utilize Sophos as it provides data we use in our SIEM, and XDR provides us with some automation capabilities: Sophos XDR Fact Sheet
I would recommend SentinelOne.
Easy deployment, management and daily maintenance. Supporting most operating systems - new, legacy and mobile.
Never breached 1 million warranty, leading MITRE and Gartner. Cool usable roll-back feature and superior storyline technology that tracks all processes and events, making IR, TH, and documentation fast and sublime.
Bitdefender topped the MITRE ATT&CK tests for consecutive years.
Look at real performance and not marketing and hype.
@MikeAng thanks for the reference.
Completely automated attack investigation and remediation on a single platform.
Cynet XDR (by Cynet Security) natively unifies NGAV, EDR, NDR, UEBA and Deception technologies with automated attack investigation and remediation on a single, intuitive platform and it's backed by a 24/7 Managed Detection and Response service.
@Shani Patel, this is a follow up on my earlier question. Thanks!