Coming October 25: PeerSpot Awards will be announced! Learn more
Nurit Sherman - PeerSpot reviewer
Content Operations Manager at PeerSpot (formerly IT Central Station)
  • 16
  • 536

What's the best way to trial endpoint protection solutions?

Hi community, 

We all know that it's important to conduct a trial and/or proof-of-concept as part of the buying process. 

Do you have any advice for your peers about the best way to conduct a trial/POC? 

How do you conduct a trial effectively? Are there any mistakes to avoid?

PeerSpot user
18 Answers
Central Florida Field Account Manager at Mission Critical Systems, Inc.
24 August 21

Ensure you have a defined set of outcomes. Communicate these expectations to the VAR/Vendor to ensure they can address all criteria and review results. (Example; EPP should not utilize more than 2% CPU).

Things to think about when forming the outcomes: 

Why are we looking at this solution? 

What have they previously claimed in conversations? 

What impacts will it have on the production environment? 

How does this align with company goals? 

Many solutions can be turned into production once the POC/POV has concluded and licenses purchased. This may allow cost savings in professional services. A good discussion to have when deciding the scope of the POC/POV.

Search for a product comparison in EPP (Endpoint Protection for Business)
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Real User
Top 5Leaderboard
24 August 21

1. Choosing only using a Gartner magic quadrant.
2. Don't consider cross-platforms,like Linux, variants and mobile.
3. Evaluate the cost of each modules and TCO.

1. Test against pieces of real artifacts.
2. Consider geographic and political issues (including support/language).
3. Prefer virtualized (and controlled) installations/images/tests.
4. Evaluate exit/disruption capability with supplier.
5. Cross testing (scripts from supplier-A against supplier-B and vice-versa).

Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Real User
Top 5Leaderboard
24 August 21

@Evgeny Belenky Normally, i search for another similar orgs, inline with scope/product/type/function over analysis (Forrester,, IT Central etc.).

PeerSpot user
IT Security Coordinator at a healthcare company with 10,001+ employees
Real User
Top 5
23 August 21

Once you have narrowed down the top 5 picks for a capability/solution, we typically will look at the last few things that make things stand out from the competition. 

1-cost, 2-ease of deployment (need prof serv?) 3-support or training if all other features of products being similar of course. That usually narrows it down to 2 or 3 tops for vendors to choose from. 

We then work with our VAR to help coordinate a POC for us from anywhere from 30-90days depending on the vendor/product. 

Our architect sets a requirements doc. for the POC to see how each vendor performs: stops virus, test remote healing, replication, client mgmt. features, failover testing when things go bad, etc... 

Once the requirements are completely charted either success or failure in the checklist we then review how those top 2 or 3 vendors performed and score them accordingly. If they do well and the price point is right we typically start working on an SOW and agreement with the vendor and get a quote to purchase from there. 

It normally works out ok. Sometimes products change over the course of time or support gets work, but this general method works for the US.

Norman Freitag - PeerSpot reviewer
Account-Manager at Consist ITU Environmental Software GmbH
Real User
Top 5
25 August 21

Well, these are pretty good points with a vast variety of options and hints.

Please think of creating success criteria out of these points and let the vendors agree to them. 

And if you have a lot of criteria you should sort them in A, B, C classification (from "must" to "nice-to-have"). 

You can use marks (or scores) to grain down and make different solutions more comparable.

Best Regards,

John Johny Restrepo Hernández - PeerSpot reviewer
Solutions Architect at Controles Empresariales
Top 5
23 August 21

Hello, the best way to carry a proof-of-concept is to implement an environment as much as possible, at least a few users who are part of all kinds of company profiles, for example, financial, marketing, human resources, legal, technology, etc.; what are the expected features at the functional and response level of the Endpoint Protection Platform (EPP) solution.

Now, for the tests, you must also consider the technical aspects such as: Implementation, Performance, Response to conventional and advanced Threats, if you have Artificial Intelligence if you can add an Endpoint Detection and Response (EDR) solution. It is highly recommended that the tests performed on the new solution, also with the same laboratory will be tested on the current EPP solution, confirm that it is working as expected.

The most important thing of all comes, both technical and functional tests have already been done, the time has come to review costs. I think I intentionally left it last. The new EPP + EDR solution if meets everything expected, the cost should not be the first option to evaluate. It is important to have a new solution but that can integrate more security solutions such as identity management, devices and information, consolidate solutions.

ABHILASH TH - PeerSpot reviewer
Managing Director at FOX DATA
Top 5Leaderboard
23 August 21

Few points to add:

-Test the capability, effectiveness provided by the endpoint security solution compared to the one they are already running.
-The complexity of the migration.
-The implementation impact on the business.
-Efficacy of this solution in the long term.
-Local support and Vendor support.
-How easy to arrange the POC- without complicated formalities and commitment.
-Limitation of trial license. For e.g. Crowdstrike falcon POV is a full product - without any restrictions and user/usage limitations.
-How easy it is to navigate the required feature on a daily basis without external support.
-Flexibility from a channel partner and OEM

Find out what your peers are saying about CrowdStrike, Microsoft, SentinelOne and others in EPP (Endpoint Protection for Business). Updated: September 2022.
635,987 professionals have used our research since 2012.
31 July 18

Before you do end point evaluation, I think you should identify proper requirement and feathers that you required. Also you have to consider feature security implementation, if there, because sometimes we do focus only Antivirus and later may need some additional feathers such as DLP, Encryption, Web and App filtering.
1st step - Selected few antivirus Product and do feature comparison at technical point of view. And get an idea about the features currently available in market.
2nd step – Considering those features select which are more suitable for your environment, always need to consider the latest advance features rather than looking for a common traditional AV features.
3rd step- Select one or two best product that will suite for your environment and get proper evaluation licenses from expertise and do the evaluation.
Consider the
1. PC Performance
2. How easy to use
3. Product rating
4. Malware detection rates (NSS labs, IDC, Gartner and etc.)
5. Implementation Structure and architecture.
6. Protection for malware and non-malware attacks
Recommended products
Next Generation AV
• Carbon black
• CrowdStrike
Common AV solution
• MacAfee
• Kaspersky
• TrendMicro
• Symantec

Eric Rise - PeerSpot reviewer
Network & Security Engineer at a healthcare company with 51-200 employees
Real User
Top 5
31 July 18

Consult with several VARs with any product being looked at. If possible work directly with the vendor of the product to avoid the VAR pressing you in any one direction. The product vendor can then point you to the proper/ best fit VAR offering the best price for the product as this will vary based on VAR choice.
Provide the VAR with a list of what things you need and then things you might want in a product.
Have a set of hardware and users that will be the test group for your product(s) being tested then have a proper plan in place to document every step all the way through to end result for each and every product being tested.
Apples to apples as close as possible for all products to make a decision. It's not always about price either, expensive solutions hurt one time, cheap ones will hurt for a long long time.
Don't be afraid to contact the vendor either if you're not happy with a price or a VARs service... that vendor will or should always be happy to accommodate your request as a customer/ possible lead to become one.
All other suggestions above here are all valid as well.

ICT Administrator with 1-10 employees
30 July 18

Some suggestions:

1. Some products you can test for a restricted period with a trial license.
2. It is possible to test in a virtualized environment (VMware, VirtualBox)
3. Today I have tested myself a new version on a new server (nb: not live).
4. I made a mistake to install SQLEXPRESS 14 on a 2016 domain controller.
5. After trial and error, I solved it with an extra instance on a SQL Server 2017.
6. Kaspersky Support was very fast and helpful with clear tips and tricks.

30 July 18

You might want to start out with business cases ... ensuring that your endpoint solution begins to address those. some ideas might include:

* antivirus
* antivirus updates via automation
* antivirus updates via cloud or on premise automation
* antivirus reporting to central on premise management server
* do you want to rely upon static signatures?
* do you want to find the zero days?
* what about polymorphic / variants of previously known malware?
* will your antivirus mechanism share with other machines / computer their discoveries?
* do you want to share your information with the manufacturer (via cloud) or keep your discoveries in house / on premise?
* DLP -data loss protection
* DLP reporting to central management server
* DLP - how easily configurable?
* DLP -what type of additional work will this entail for analyses, etc
* Host Intrusion Prevention (HIP)
* HIP - will it report to a central management server?
* How will all the central management servers communicate with each other / other computers?
* Do you have to tier the solution due to network segmentation / geographic considerations / size of deployment?
* Will the endpoint product talk to or receive from other security devices (email, web filters, etc at the perimeter?)
* has Gartner developed some frameworks that are used for testing endpoint solutions?
* has Gartner at least testing the solution you are looking at?
* potentially check for endpoint solution comparisons?
* does endpoint protection support all operating systems you are using?
* does endpoint protection interface with other security products on the endpoint?
* logging ... is it detailed enough?
* do you want to automatically quarantine computer if malware is found?
* go through vendors data sheet and ensure you check all capabilities and test them
* what things did the vendor promise? test those.
* talk to a couple of their customers (same size organization if possible using similar if not same endpoint protection capabilities). discuss roll out, problems faced, vendor assistance, etc.

A couple of ideas - certainly not exhaustive.


31 July 18

I always prefer giving trial on endpoint protection by seeking into the customer environment

Step 1: we must think of giving trail based on cloud solution or enterprise solution

Step 2: user-friendly products are some kind of idea for enterprise-level customers.

Step 3: installing the best product also explaining all the features of that product which we had installed.

Step 4: the product is which does all the task of the product console itself is the best.

Step 5: Deploying client from remote and updates from the console which make easy for the customer .

IT Security Analyst at Infosys Technologies Ltd
Real User
31 July 18

Before you proceed with poc make sure you compare the features between the latest Endpoint and consult with the Experts and decide which one is suitable for your environment. Because right now End-points are having built with Advance features which may not be compatible and it may be not useful to your infrastructure.

There are different ways we can do the trail but the purpose have to be matched. The best way is to first plan the Process, Design a architecture and implement it in non-prod where you have Test environment either in On-premises or cloud. Make sure you deploy in the few targeted App servers
in order to learn the initial issues and to modify the firewall, Device and Application rules accordingly. Then it have to be deployed site wise, Region or country wise.

it_user765789 - PeerSpot reviewer
Assistant Account Manager with 51-200 employees
31 July 18

avoid installing the console in AD Server. also if there is any ERP or Critical server avoid installing the console in those servers as well.
it is recommended to install the Av in the real enviroment rather than installing in the test bed.
so the customer will be able to identify the real-time issues etc..
note- should not install in all the endpoints.

it_user848832 - PeerSpot reviewer
Senior System Test Engineer with 1-10 employees
31 July 18

Do you have any advice for the community about the best way to conduct a trial or POC? How do you conduct a trial effectively?

We fully recommend test three aspects to conduit a PoC about endpoint protection:
1. Effective, the rate of malware detection
2. Use of resources (CPU, MEM, Bandwith)
3. Complexity

For the 1st point There are a lot of web pages who store malware for the test used it, even you should mutate the malware with VMProtect.
Select 100 samples mutated
Run the sample in every Endpoint protection you want to try, the observe: Effective, Resources, and complexity of the operation

Are there any mistakes to avoid?
Yes, always disconnect your PC or test PC from the Internet, Traditional AV use cloud lookup to improve their efficiency, without Internet you can test the real performance of the engine

User at EMC Corporation
Real User
30 July 18

The expectations of the PoC according to the capabilities of the Dell Data Security solutions.
All sections marker with a should be completed by the customer before starting the PoC.
The contents and scope of this document will never be shared in any form (digital, in print, writing or any other form) without explicit written permission from the customer.
The Dell ESSE solution contains multiple modules that can be tested during the PoC.
Please select the modules to be evaluated during the PoC.
Explain the Key Advantages to customer about our product. A) Effectiveness B) Simplicity C) Performance.
It’s important to identify the improvements you seek for the business / organization as well as the top-level security and operational drivers.
Clearly explain to customer what are requirements to POC/Implementation of product. "Because first impression is the last impression".
Show the demo's /Testing once setup done. explain to the customer How we are strong compared with other product.
Create the checklist and share with customer.
Create the final documents POC and put all contact detail of customer and Dell team.

IT Manager at a security firm with 201-500 employees
Real User
30 July 18

Wait until next year and there will be less legacy endpoint protection solutions on the market. In spite you'll get next generation artificial intelligence endpoint protection solutions like palo alto/traps, sentinelone, sophos/interceptx, cylance, carbon black etc. And for POC, try ransomware attacks on them, click the links on the phishing mails and try running the malware programs.

Javier Medina - PeerSpot reviewer
Cyber Security Officer at Grupo Vision
Real User
Top 5
30 July 18

try to bluid a POC for diferent needs and usid depending on the client you are bringind the show, you can built a ransomeware POC ar a phishing scenario, some time i do 2 screens one with kali, revers tcp and othe station opening a word file with a script that gives conection to kali, so clients can see both sides, the attacker side and the client protected side, build your own scenarion and try yo make it in a way you fell more comfortable.

30 July 18


Guide to Enterprise Telework, Remote Access, and Bring ...
NIST Special Publication 800-46 . Revision 2. Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security . Murugiah Souppaya

Guide to storage encryption technologies for end user devices
Guide to Storage Encryption Technologies for End User Devices Recommendations of the National Institute of Standards and Technology Karen Scarfone


Related Questions
Sep 19, 2022
Hi community professionals, I am looking for your advice on whether it makes sense to use both an endpoint antivirus and an EDR solution simultaneously? What are the pros and cons of using each one or both simultaneously? *In terms of products, I've been looking at CrowdStrike Falcon, Microsoft Defender for Endpoint, and ESET Endpoint Security. Thanks for the help!
2 out of 9 answers
Partner Account Manager 🔆 at SEC DataCom A/S
26 April 22
If you look at a product like SentinelOne, it is both EPP and EDR (and much more...). In that case you only need this single product.You could take a look at this short explanaition on YouTube: EDR? EPP? Both?!? See how to explain SentinelOne in just 2 minutes
Principal Consultant at 1net
27 April 22
The “Antivirus” protection technology is replaced by EDR which does include a modern version of “antivirus” along with other ways of device protection.  Multiple vendors provide EDR: Trend Micro, Cisco, etc. The more current technology is XDR.
CIO & Information manager at a leisure / travel company with 501-1,000 employees
Apr 26, 2022
Hi peers,   I work as the CIO & Information Manager in the gaming and gambling industry. The company has 650 employees and >30.000 customers. I'm not able to find a study where Darktrace is compared against Crowdstrike Falcon (or other solutions for endpoint security, e.g. Sentinel One).  Can anyone help and share their insights?  Thanks, Regards from the Netherlands
See 2 answers
Consultant at a computer software company with 51-200 employees
31 March 22
Hi @reviewer1799568, Most of these comparisons are opinions and some tests are done in specific conditions that might not suit or reflect your organization's needs and roadmap. Ultimately, the cost of a mistake is a data breach and not just an audit finding or operational discomfort. I mention this because there are no viable shortcuts. I suggest you test the solutions thoroughly in your own environment to see what works for you. The gaming floor is hopefully "air-gapped" and the solution should respect that segregation and still provide great security and visibility. One of the challenges is security updates. For such an environment you would need comprehensive AI and machine learning. I suggest you look at the difference between IOC and IOA. IOA vs IOC: Defining & Understanding The Differences | CrowdStrike. (Please also check other sources). Good luck and stay safe!  
Partner Account Manager 🔆 at SEC DataCom A/S
26 April 22
Hi. I am told that Darktrace is a complimentary product that doesn't do any endpoint protection.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 09, 2022
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important. 1) Does the solution employ Foundational Tech...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Feb 04, 2022
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset Discovery tools? Tip Post an educational article from your Home feed and receive 20 point...
See 1 comment
reviewer1577907 - PeerSpot reviewer
Manager at PeerSpot
04 February 22
Thank you, these community Spotlights are very handy!
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Nov 19, 2021
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback! Trending What are the pros and cons of internal SOC vs SOC-as-a-Service? Join The Moderator Team at IT Central Station (soon to be PeerSpot)! Questions Share your experience with other peers by ans...
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 09, 2022
8 Questions to Ask While Selecting an Endpoint Security Solution for Your Business
If you’re weighing your options for endpoint security solutions, there are many options out there...
Download Free Report
Download our free EPP (Endpoint Protection for Business) Report and find out what your peers are saying about CrowdStrike, Microsoft, SentinelOne, and more! Updated: September 2022.
635,987 professionals have used our research since 2012.