Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
  • 15
  • 170

When evaluating Endpoint Security, what aspect do you think is the most important to look for?

Let the community know what you think. Share your opinions now!

PeerSpot user
17 Answers
Kris S, MIITP CITPNZ - PeerSpot reviewer
Product Manager at a tech services company with 11-50 employees
Real User
Top 5
Nov 18, 2021

Solutions that are simple and easy to use can also leverage all available threat intelligence sources.  Must help proactively to prevent and mitigate any endpoints risks.

Vulnerability Threats and Patching with automation - Identify any misconfiguration, Vulnerability apps, settings or ports to regularly scan and suggest measures and auto-protect.  Even if no fix availability should be able to be captured the manual fix or workaround from vendors or the security community to apply the fix.

Should cover all aspects of unified endpoint security across platforms Windows/Mac/Linux/MDM- 

Configurations Management, Threats and Patching, Software Deployment, OS Deployments, Mobile Device Management, System Tools, Browser Security, Vulnerability Management, Application Control, Device Control and Bit Locker Management.

Should help auto-updating drivers, AV updates, browser updates etc and flexibility in controlling our rings fenced updates accordingly.

Search for a product comparison in EPP (Endpoint Protection for Business)
Eric Rise - PeerSpot reviewer
Network & Security Engineer at a healthcare company with 51-200 employees
Real User
Top 5
Oct 11, 2021


Thank you for your question hope you are finding many answers to assist you here. My own opinion on this will probably be in line with multiple others here.

Several questions I like to ask during this process are as follows:

-Will this be hosted on cloud or on-prem?

-AI or machine learning threat model is a must today

-If hosted what are SLA's for detection, response, ability to view dashboards, what is your level of access to that dashboard, can you disable an agent quickly if needed and what is that process?

-Is this for your own environment or do you want to host it for someone else?

-How well does the product work when disconnected from the internet? - This is a key factor for me. If the product fails when disconnected from the cloud move onto another product.

-How well can the product recover should it miss something? Are you able to retrace the events that caused the issue?

-Cost per endpoint vs cost of being down due to infection.

-Easy to deploy

-What OSs does the product work on? Does it support Linux and what versions of Linux?

There are several questions for you on this. I hope they help you or others.


Paul Stern - PeerSpot reviewer
Cyber Security Consultant at Stern Tech Ltd.
Real User
Sep 27, 2022

Multiplatform is critical for total endpoint coverage, which is easy to deploy with or without other vendors' AV installed. The deployment must be easy and seamless for the end-user. IT cannot afford the time to sort out mishaps at the endpoints.

Reporting & Visibility to justify ROI. Visibility of how, when, where, and why the attack happened.

Must have auto updates & auto-remediation, granular configurability as well as a “just work” setting.

Feb 17, 2022

The protection services you may look at: Anti-malware, Anti-ransomware, Anti-bot, DLP, Firewall, Application Control, etc.

Regional Sales Manager at Alchemy Global Networks i
Oct 13, 2021

On any given day, an amazing new technology could swoop in and fundamentally change the way you do business. That’s exciting, but there’s a downside to today’s technology-driven world.

New and unpredictable threats to your cybersecurity are forming all the time, and it’s next to impossible to stay ahead of them all. From assessment to cybersecurity, from ongoing support to network and infrastructure design, trust your network services to no one but the very best. 

IanMacfarlane - PeerSpot reviewer
ITSM SME at Valencia Advisors IIP
Real User
Top 5
Oct 13, 2021

The days of signature-based solutions are end of life. AI threat detection with human monitoring is where we are at today: Sentinel One, Crowdstrik, FieldEffects, Carbon Black. Check out Red Canary.  

Find out what your peers are saying about CrowdStrike, Microsoft, SentinelOne and others in EPP (Endpoint Protection for Business). Updated: November 2022.
653,522 professionals have used our research since 2012.
Bořivoj Tydlitát - PeerSpot reviewer
Chief Security Officer at The Mama AI
Real User
Top 5
Oct 12, 2021

Besides what's been already mentioned, I would also explicitly mention automation (API) and data export options. 

How good is the information provided, e.g. the threat/vulnerability database? 

How complete and useful are the reported findings, and how easy are they to interpret and explain? 

Is it possible to configure and manage exceptions, e.g. to manage obvious false positives reported, exceptions granted, "old news" or classifications of the findings that are obviously off? 

IT Security Coordinator at a healthcare company with 10,001+ employees
Real User
Top 5
Oct 11, 2021

ROI-Return on investment; does it integrate well? does it work as advertised? is it cost-effective? 

You could invest millions, what's good enough in your environment?

Pilar San Julian - PeerSpot reviewer
Ejecutivo Desarrollo Grandes Cuentas at Vodafone
Real User
Mar 27, 2021

Security, Managment and easy deploy

Sr Systems Administrator at a comms service provider with 11-50 employees
Sep 14, 2020

Being more advanced than a signature-based system. Its ability to detect lateral movement and not just remediate but prevent attacks before they start.

it_user762459 - PeerSpot reviewer
Director at a tech services company with 1-10 employees
Real User
Oct 26, 2017

Key points for me are speed, scale & reporting, and I generally classify my toolkit into these compartments.

it_user400131 - PeerSpot reviewer
User at Sophos
Mar 4, 2016

evaluation of endpoint protection should look at what the product offers for prevention, detection and remediation. On prevention does the product provide basic exposure prevention, the ability to prevent the end users device from navigating to known malicious sites, or to insert an unauthorized external media (usb). Does the product prevent the execution of malware, either through heuristics matching, emulation, downlaod reputation or signatures. If exposed to malware does the product provide robust malicious action detection, run time behaviors, exploit detection, malicious command and control beaconing etc. Last the product needs to include robust remediation capabilities, not simply malware removal but the ability to understand the root cause of the threat and what led to the detection of malicious activity. With that last bit of information you should be able to scan the network for other similar indicators of compromise, so you can fully remediate the detected activity. Often malware today involves the exploit of running applications with no payload delivery, in these situations it is critical that the endpoint product can detect/block and take action on memory resident threats. It gets fairly complex, but the key evaluation criteria are what does it do to Prevent, Detect and Remediate malicious activity. Any vendor without a good story for all of this is just a point solution in the overall security posture for your company.

Team Lead Implementation Services/Systems Integration Engineer at Trinidad Systems Limited
Real User
Jul 27, 2020

Most important is the ability to recognize, stop and remove malicious software. 

it_user786366 - PeerSpot reviewer
Infrastructure Architect at a financial services firm with 1,001-5,000 employees
Real User
Dec 8, 2017

Coverage. Performance. Enterpriseness :-)

it_user762615 - PeerSpot reviewer
IT manager at a pharma/biotech company with 201-500 employees
Oct 26, 2017

Speed (installation, detection, scans), low impact (on boot, memory). Then price etc.

it_user350946 - PeerSpot reviewer
User at PeerSpot
Dec 4, 2015

I agree with Stephen, but also would like to add that I think it's important to evaluate which attack vectors the solution will block. Oftentimes I see people do testing with only known malware samples. One should test with known samples, unknown malware 0days, as well as exploits.

it_user341994 - PeerSpot reviewer
IT Contractor at a tech services company with 51-200 employees
Nov 17, 2015

Endpoint Security should be proactive, the days of reactive endpoint protection are far gone. I have evaluated many End Point Security products and what stands out with all of them is they are very similar and are all working towards the proactive approach. Most technology being used are the same with a few exceptions. The answer to this question must be based around the organization looking for the solution. Some Company's don't allow BYOD there for mobile endpoint solutions are not needed
Generally I look for Suppliers Support, Price, Ease of installation and removal.

Related Questions
Sep 19, 2022
Hi community professionals, I am looking for your advice on whether it makes sense to use both an endpoint antivirus and an EDR solution simultaneously? What are the pros and cons of using each one or both simultaneously? *In terms of products, I've been looking at CrowdStrike Falcon, Microsoft Defender for Endpoint, and ESET Endpoint Security. Thanks for the help!
2 out of 9 answers
Partner Account Manager 🔆 at SEC DataCom A/S
Apr 26, 2022
If you look at a product like SentinelOne, it is both EPP and EDR (and much more...). In that case you only need this single product.You could take a look at this short explanaition on YouTube: EDR? EPP? Both?!? See how to explain SentinelOne in just 2 minutes
Principal Consultant at 1net
Apr 27, 2022
The “Antivirus” protection technology is replaced by EDR which does include a modern version of “antivirus” along with other ways of device protection.  Multiple vendors provide EDR: Trend Micro, Cisco, etc. The more current technology is XDR.
CIO & Information manager at a leisure / travel company with 501-1,000 employees
Apr 26, 2022
Hi peers,   I work as the CIO & Information Manager in the gaming and gambling industry. The company has 650 employees and >30.000 customers. I'm not able to find a study where Darktrace is compared against Crowdstrike Falcon (or other solutions for endpoint security, e.g. Sentinel One).  Can anyone help and share their insights?  Thanks, Regards from the Netherlands
See 2 answers
Consultant at a computer software company with 51-200 employees
Mar 31, 2022
Hi @reviewer1799568, Most of these comparisons are opinions and some tests are done in specific conditions that might not suit or reflect your organization's needs and roadmap. Ultimately, the cost of a mistake is a data breach and not just an audit finding or operational discomfort. I mention this because there are no viable shortcuts. I suggest you test the solutions thoroughly in your own environment to see what works for you. The gaming floor is hopefully "air-gapped" and the solution should respect that segregation and still provide great security and visibility. One of the challenges is security updates. For such an environment you would need comprehensive AI and machine learning. I suggest you look at the difference between IOC and IOA. IOA vs IOC: Defining & Understanding The Differences | CrowdStrike. (Please also check other sources). Good luck and stay safe!  
Partner Account Manager 🔆 at SEC DataCom A/S
Apr 26, 2022
Hi. I am told that Darktrace is a complimentary product that doesn't do any endpoint protection.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important. 1) Does the solution employ Foundational Tech...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Feb 4, 2022
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset Discovery tools? Tip Post an educational article from your Home feed and receive 20 point...
See 1 comment
reviewer1577907 - PeerSpot reviewer
Manager at PeerSpot
Feb 4, 2022
Thank you, these community Spotlights are very handy!
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Nov 19, 2021
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback! Trending What are the pros and cons of internal SOC vs SOC-as-a-Service? Join The Moderator Team at IT Central Station (soon to be PeerSpot)! Questions Share your experience with other peers by ans...
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
8 Questions to Ask While Selecting an Endpoint Security Solution for Your Business
If you’re weighing your options for endpoint security solutions, there are many options out there...
Download Free Report
Download our free EPP (Endpoint Protection for Business) Report and find out what your peers are saying about CrowdStrike, Microsoft, SentinelOne, and more! Updated: November 2022.
653,522 professionals have used our research since 2012.