I work as an IT Security person at a large Logistics company.
At the moment, I'm researching these 2 products for my organization: Microsoft Defender for Endpoint and Cortex XDR by Palo Alto Networks.
Most comparisons and reviews I found were done in late 2021 and early 2022.
As of now, considering all Microsoft Updates on their Defender, which product would you prefer to use?...
I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform. I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform. But I am biased ;-)
We all know that it's important to conduct a trial and/or proof-of-concept as part of the buying process.
Do you have any advice for your peers about the best way to conduct a trial/POC?
How do you conduct a trial effectively? Are there any mistakes to avoid?
You might want to start out with business cases ... ensuring that your endpoint solution begins to address those. some ideas might include:
* antivirus updates via automation
* antivirus updates via cloud or on premise automation
* antivirus reporting to central on premise management server
* do you want to rely upon static signatures?
* do you want to find the zero days?
* what about polymorphic / variants of previously known malware?
* will your antivirus mechanism share with other machines / computer their discoveries?
* do you want to share your information with the manufacturer (via cloud) or keep your discoveries in house / on premise?
* DLP -data loss protection
* DLP reporting to central management server
* DLP - how easily configurable?
* DLP -what type of additional work will this entail for analyses, etc
* Host Intrusion Prevention (HIP)
* HIP - will it report to a central management server?
* How will all the central management servers communicate with each other / other computers?
* Do you have to tier the solution due to network segmentation / geographic considerations / size of deployment?
* Will the endpoint product talk to or receive from other security devices (email, web filters, etc at the perimeter?)
* has Gartner developed some frameworks that are used for testing endpoint solutions?
* has Gartner at least testing the solution you are looking at?
* potentially check firecompass.com for endpoint solution comparisons?
* does endpoint protection support all operating systems you are using?
* does endpoint protection interface with other security products on the endpoint?
* logging ... is it detailed enough?
* do you want to automatically quarantine computer if malware is found?
* go through vendors data sheet and ensure you check all capabilities and test them
* what things did the vendor promise? test those.
* talk to a couple of their customers (same size organization if possible using similar if not same endpoint protection capabilities). discuss roll out, problems faced, vendor assistance, etc.
A couple of ideas - certainly not exhaustive.
Guide to Enterprise Telework, Remote Access, and Bring ...
NIST Special Publication 800-46 . Revision 2. Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security . Murugiah Souppaya
Guide to storage encryption technologies for end user devices
Guide to Storage Encryption Technologies for End User Devices Recommendations of the National Institute of Standards and Technology Karen Scarfone