Systems Engineer at a consultancy with 1,001-5,000 employees
Real User
Top 20
Aug 5, 2022
Trend Micro Vision One! This XDR solution can be correlated with other information within the network that could be of huge help in threat hunting and mitigating risks.
Search for a product comparison in Endpoint Detection and Response (EDR)
In my personal technical opinion, FortiEDR (an EDR/XDR product) is a highly effective solution because it’s engineered to sit at the kernel level between any executing application and the OS, NIC, and hard drive.
This makes the solution effective beyond typical signatures (which every system uses, including FortiEDR to catch the low hanging fruit). Anything outside typical signature still cannot bypass FortiEDR because it listens to every activity as it hits the OS, NIC, and hard drive.
Network Security Services at ACE Managed Securty Services
Real User
Top 20
Sep 26, 2022
CrowdStrike’s Falcon Insight is inarguably the best EDR product in the market currently, irrespective of the number of users. It simplifies endpoint detection and response while giving you full-spectrum visibility in real time.
While some might consider the solution cost to be on the higher side, it assures you immediate time-to-value and cost-to-value. It’s cloud-based and doesn’t require any on-premises infrastructure management or installation. It has a single lightweight-agent architecture that deploys in minutes and opens the door for instant scalability in the future.
One of the major selling points for CrowdStrike EDR is the minimal learning curve attached to using the solution. It’s immediately operational and does not require reboots, finetuning, baselining, or complex configurations. The best part is that it has zero impact on endpoint performance and end-user productivity.
I deploy and would recommend Deep Instinct. It has a 99%+ detection rate, even on zero days and documents like Word, Excel and PDF, automatically stops malware activation within milliseconds and has a <0.1% false-positive rate.
In the USA it is backed by a $3M warranty from Munich Re for a single breach, and we expect this to be extended to the UK. It is very easy to implement using self-install or automation, and we have never got anything past it. In the UK it has a major bank as a client.
Its customers include T-Systems, Honeywell, Taylor Morrison and Seiko.
@Evgeny Belenky SE Labs also did a report https://selabs.uk/reports/deep.... It is a deep-learning based product - a neural network trained on billions of malware samples and normal documents. The weightings are transferred to an agent (d-brain) that is installed on the endpoint. Even older d-brains detect everything.
I would confidently recommend SentinelOne as it is the only EDR that has not been breached, offers up to 1 million USD warranty if it is not able to roll back a ransomware encryption attack, automatically mitigates cyber-attacks without human intervention, uses artificial intelligence and does not require internet to mitigate attacks.
SentinelOne also effectively provides protection against; zero-day, fileless and lateral movement attacks.
@Edgardo Arrieta, You can look out for LimaCharlie too. It's a new product in the market.
But it has a lot of features. You can build your own rules for detection, response, and control of your data. You can also use many freely available rules for D & R for mitigation.
Leverage solutions custom designed for your environment and control your security posture without having to rely on external vendors to protect you from bad actors. You also get one-click access to many rulesets from sources like Yara, Soteria, Sigma, and others.
Easy deployment, management and daily maintenance. Supporting most operating systems - new, legacy and mobile.
Never breached 1 million warranty, leading MITRE and Gartner. Cool usable roll-back feature and superior storyline technology that tracks all processes and events, making IR, TH, and documentation fast and sublime.
Completely automated attack investigation and remediation on a single platform.
Cynet XDR (by Cynet Security) natively unifies NGAV, EDR, NDR, UEBA and Deception technologies with automated attack investigation and remediation on a single, intuitive platform and it's backed by a 24/7 Managed Detection and Response service.
Extended Detection and Response (XDR) integrates security tools and systems across networks, endpoints, and clouds, enhancing threat detection and response capabilities. It provides a unified framework for detecting, analyzing, and responding to security threats efficiently.XDR offers a comprehensive approach to securing digital environments by correlating data from multiple security components. By centralizing security management, it facilitates quicker threat identification and streamlines...
Trend Micro Vision One! This XDR solution can be correlated with other information within the network that could be of huge help in threat hunting and mitigating risks.
In my personal technical opinion, FortiEDR (an EDR/XDR product) is a highly effective solution because it’s engineered to sit at the kernel level between any executing application and the OS, NIC, and hard drive.
This makes the solution effective beyond typical signatures (which every system uses, including FortiEDR to catch the low hanging fruit). Anything outside typical signature still cannot bypass FortiEDR because it listens to every activity as it hits the OS, NIC, and hard drive.
CrowdStrike’s Falcon Insight is inarguably the best EDR product in the market currently, irrespective of the number of users. It simplifies endpoint detection and response while giving you full-spectrum visibility in real time.
While some might consider the solution cost to be on the higher side, it assures you immediate time-to-value and cost-to-value. It’s cloud-based and doesn’t require any on-premises infrastructure management or installation. It has a single lightweight-agent architecture that deploys in minutes and opens the door for instant scalability in the future.
One of the major selling points for CrowdStrike EDR is the minimal learning curve attached to using the solution. It’s immediately operational and does not require reboots, finetuning, baselining, or complex configurations. The best part is that it has zero impact on endpoint performance and end-user productivity.
Sophos, if you have people to admin the tool, if not Sophos with MTR.
@David Ozuna, why do you suggest these particular products? Thanks.
I deploy and would recommend Deep Instinct. It has a 99%+ detection rate, even on zero days and documents like Word, Excel and PDF, automatically stops malware activation within milliseconds and has a <0.1% false-positive rate.
In the USA it is backed by a $3M warranty from Munich Re for a single breach, and we expect this to be extended to the UK. It is very easy to implement using self-install or automation, and we have never got anything past it. In the UK it has a major bank as a client.
Its customers include T-Systems, Honeywell, Taylor Morrison and Seiko.
@Evgeny Belenky
SE Labs also did a report https://selabs.uk/reports/deep.... It is a deep-learning based product - a neural network trained on billions of malware samples and normal documents. The weightings are transferred to an agent (d-brain) that is installed on the endpoint. Even older d-brains detect everything.
@Edgardo Arrieta
I would confidently recommend SentinelOne as it is the only EDR that has not been breached, offers up to 1 million USD warranty if it is not able to roll back a ransomware encryption attack, automatically mitigates cyber-attacks without human intervention, uses artificial intelligence and does not require internet to mitigate attacks.
SentinelOne also effectively provides protection against; zero-day, fileless and lateral movement attacks.
@Edgardo Arrieta, You can look out for LimaCharlie too. It's a new product in the market.
But it has a lot of features. You can build your own rules for detection, response, and control of your data. You can also use many freely available rules for D & R for mitigation.
Leverage solutions custom designed for your environment and control your security posture without having to rely on external vendors to protect you from bad actors. You also get one-click access to many rulesets from sources like Yara, Soteria, Sigma, and others.
Here (at BlackSwan CyberSecurity) we prefer to stay vendor neutral with an Open XDR approach.
With that said we utilize Sophos as it provides data we use in our SIEM, and XDR provides us with some automation capabilities: Sophos XDR Fact Sheet
I would recommend SentinelOne.
Easy deployment, management and daily maintenance. Supporting most operating systems - new, legacy and mobile.
Never breached 1 million warranty, leading MITRE and Gartner. Cool usable roll-back feature and superior storyline technology that tracks all processes and events, making IR, TH, and documentation fast and sublime.
Bitdefender topped the MITRE ATT&CK tests for consecutive years.
Look at real performance and not marketing and hype.
@MikeAng thanks for the reference.
Completely automated attack investigation and remediation on a single platform.
Cynet XDR (by Cynet Security) natively unifies NGAV, EDR, NDR, UEBA and Deception technologies with automated attack investigation and remediation on a single, intuitive platform and it's backed by a 24/7 Managed Detection and Response service.
@Shani Patel, this is a follow up on my earlier question. Thanks!