Please share with the community what you think needs improvement with Secureworks Red Cloak MDR.
What are its weaknesses? What would you like to see changed in a future version?
Tamper-proofing or tamper protection is still pending in Secureworks. Tamper protection will make it more secure. If I'm an admin of a device, I can uninstall an agent without the knowledge of the security or Secureworks admin. If someone gets hold of one endpoint with admin credentials, he can remove anything, and an organization will lose visibility. They need to work on providing more visibility across endpoints. A couple of times it has happened that the cloak agent is there, but it did not get activated, or there were some issues. The machine was restarted, but the cloak agent didn't run. In such cases, you have to troubleshoot. It is a big issue if a cyber attack is happening, and your machine is rebooted, but the events are not captured.
The solution could work on its simplicity. Dell Secureworks is for higher-end customers and it's not quite as straightforward to implement or to get up and running as some of the other solutions. They do provide an engineer for the first few weeks to help you get things implemented, however, there's a lot of bells and whistles with Dell Secureworks. That's a disadvantage for smaller customers. With a lot of the other easier solutions available to smaller customers, you just stick a box in there and set it and forget. With Dell Secureworks it's more hands-on.
What do you like most about Secureworks Red Cloak MDR?
Thanks for sharing your thoughts with the community!