Product Manager at a tech services company with 11-50 employees
Real User
Top 5
2021-11-18T20:56:18Z
Nov 18, 2021
Solutions that are simple and easy to use can also leverage all available threat intelligence sources. Must help proactively to prevent and mitigate any endpoints risks.
Vulnerability Threats and Patching with automation - Identify any misconfiguration, Vulnerability apps, settings or ports to regularly scan and suggest measures and auto-protect. Even if no fix availability should be able to be captured the manual fix or workaround from vendors or the security community to apply the fix.
Should cover all aspects of unified endpoint security across platforms Windows/Mac/Linux/MDM-
Configurations Management, Threats and Patching, Software Deployment, OS Deployments, Mobile Device Management, System Tools, Browser Security, Vulnerability Management, Application Control, Device Control and Bit Locker Management.
Should help auto-updating drivers, AV updates, browser updates etc and flexibility in controlling our rings fenced updates accordingly.
Search for a product comparison in EPP (Endpoint Protection for Business)
Network & Security Engineer at a healthcare company with 51-200 employees
Real User
Top 5
2021-10-11T14:41:50Z
Oct 11, 2021
Ariel,
Thank you for your question hope you are finding many answers to assist you here. My own opinion on this will probably be in line with multiple others here.
Several questions I like to ask during this process are as follows:
-Will this be hosted on cloud or on-prem?
-AI or machine learning threat model is a must today
-If hosted what are SLA's for detection, response, ability to view dashboards, what is your level of access to that dashboard, can you disable an agent quickly if needed and what is that process?
-Is this for your own environment or do you want to host it for someone else?
-How well does the product work when disconnected from the internet? - This is a key factor for me. If the product fails when disconnected from the cloud move onto another product.
-How well can the product recover should it miss something? Are you able to retrace the events that caused the issue?
-Cost per endpoint vs cost of being down due to infection.
-Easy to deploy
-What OSs does the product work on? Does it support Linux and what versions of Linux?
There are several questions for you on this. I hope they help you or others.
Multiplatform is critical for total endpoint coverage, which is easy to deploy with or without other vendors' AV installed. The deployment must be easy and seamless for the end-user. IT cannot afford the time to sort out mishaps at the endpoints.
Reporting & Visibility to justify ROI. Visibility of how, when, where, and why the attack happened.
Must have auto updates & auto-remediation, granular configurability as well as a “just work” setting.
Regional Sales Manager at Alchemy Global Networks i
Vendor
2021-10-13T16:24:29Z
Oct 13, 2021
On any given day, an amazing new technology could swoop in and fundamentally change the way you do business. That’s exciting, but there’s a downside to today’s technology-driven world.
New and unpredictable threats to your cybersecurity are forming all the time, and it’s next to impossible to stay ahead of them all. From assessment to cybersecurity, from ongoing support to network and infrastructure design, trust your network services to no one but the very best.
ITSM SME at a tech services company with 11-50 employees
Reseller
Top 10
2021-10-13T01:19:18Z
Oct 13, 2021
The days of signature-based solutions are end of life. AI threat detection with human monitoring is where we are at today: Sentinel One, Crowdstrik, FieldEffects, Carbon Black. Check out Red Canary.
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
Besides what's been already mentioned, I would also explicitly mention automation (API) and data export options.
How good is the information provided, e.g. the threat/vulnerability database?
How complete and useful are the reported findings, and how easy are they to interpret and explain?
Is it possible to configure and manage exceptions, e.g. to manage obvious false positives reported, exceptions granted, "old news" or classifications of the findings that are obviously off?
Sr Systems Administrator at a comms service provider with 11-50 employees
User
2020-09-14T16:28:34Z
Sep 14, 2020
Being more advanced than a signature-based system. Its ability to detect lateral movement and not just remediate but prevent attacks before they start.
evaluation of endpoint protection should look at what the product offers for prevention, detection and remediation. On prevention does the product provide basic exposure prevention, the ability to prevent the end users device from navigating to known malicious sites, or to insert an unauthorized external media (usb). Does the product prevent the execution of malware, either through heuristics matching, emulation, downlaod reputation or signatures. If exposed to malware does the product provide robust malicious action detection, run time behaviors, exploit detection, malicious command and control beaconing etc. Last the product needs to include robust remediation capabilities, not simply malware removal but the ability to understand the root cause of the threat and what led to the detection of malicious activity. With that last bit of information you should be able to scan the network for other similar indicators of compromise, so you can fully remediate the detected activity. Often malware today involves the exploit of running applications with no payload delivery, in these situations it is critical that the endpoint product can detect/block and take action on memory resident threats. It gets fairly complex, but the key evaluation criteria are what does it do to Prevent, Detect and Remediate malicious activity. Any vendor without a good story for all of this is just a point solution in the overall security posture for your company.
I agree with Stephen, but also would like to add that I think it's important to evaluate which attack vectors the solution will block. Oftentimes I see people do testing with only known malware samples. One should test with known samples, unknown malware 0days, as well as exploits.
IT Contractor at a tech services company with 51-200 employees
Consultant
2015-11-17T12:59:44Z
Nov 17, 2015
Endpoint Security should be proactive, the days of reactive endpoint protection are far gone. I have evaluated many End Point Security products and what stands out with all of them is they are very similar and are all working towards the proactive approach. Most technology being used are the same with a few exceptions. The answer to this question must be based around the organization looking for the solution. Some Company's don't allow BYOD there for mobile endpoint solutions are not needed
Generally I look for Suppliers Support, Price, Ease of installation and removal.
Endpoint protection platforms (EPPs) have evolved beyond traditional antivirus software to offer advanced threat detection and response capabilities. Many EPPs also offer threat-hunting or SOC services to provide organizations with real-time visibility into security incidents and remediation recommendations.
Among the EPP providers that offer these services are the following, and, obviously, this is just a sample but, hopefully, also a good start:
CrowdStrike Falcon Complete
Kaspersky Endpoint Security has an Endpoint Detection and Response
McAfee (Trellix) Endpoint Security Managed Detection and Response (MDR)
Palo Alto Networks Unit 42 MDR Service for Cortex XDR
SentinelOneVigilance Respond
Sophos MDR
Symantec (Broadcom) Endpoint Protection Managed Endpoint Detection and Response
Trend Micro Apex One Managed XDR
VMware Carbon Black MRDR
Sophos MDR is interesting in that it leverages other providers' cybersecurity technologies including telemetry from AWS, Check Point, CrowdStrike, Darktrace, Fortinet, PAN, and others.
Yes, there are endpoint protection platforms that offer threat-hunting or SOC (Security Operations Center) services, and Custodian360 is one of them.
Endpoint protection platforms (EPPs) are security solutions that are installed on endpoint devices to detect, prevent, and respond to cyber threats. Threat-hunting is a proactive approach to cybersecurity that involves actively searching for threats and vulnerabilities that might have evaded traditional security measures. SOC services involve monitoring and analysing security events to identify and respond to security incidents.
Custodian360 is a comprehensive endpoint protection platform that offers both threat-hunting and SOC services. It uses a combination of signature-based and behavior-based detection to detect and respond to cyber threats in real-time. The platform has a built-in threat-hunting engine that continuously scans endpoints for signs of compromise, and it also has a team of expert analysts who perform manual threat-hunting to identify and respond to advanced threats.
Custodian360's SOC services include 24/7 monitoring and analysis of security events, incident response, and forensic investigation. The platform also provides detailed reporting and analytics to help organisations understand their security posture and identify areas for improvement.
In summary, Custodian360 is an endpoint protection platform that offers threat-hunting and SOC services, making it an ideal solution for organisations that want comprehensive protection against cyber threats.
There are several endpoint protection solutions available that can provide protection for endpoints running on Linux, Windows, and MacOS. Among them are Symantec (Broadcom) Endpoint Protection, Trend Micro Apex One, McAfee (Trellix) Endpoint Security, Kaspersky Endpoint Security for Business, ESET Endpoint Security, Palo Alto Networks Cortex XDR and, perhaps surprisingly (but then again, not) Microsoft Defender for Endpoint. (This is not an exhaustive list).
However, the devil is in the details regarding which versions of an OS and what kind of hardware requirements a given solution supports. You need to closely check the specifics of the range of devices you have with what a given vendor covers. It's also important to note that for agent-based solutions, the minimum processor requirements may allow you to install the product, but if you're just getting by in that regard, there could be issues with computer performance.
Symantec supports a fairly broad range of Linux and Windows Embedded versions, but does not support application control on Mac, Windows Servers, Windows Embedded, Linux, or mobile devices.
Trend Micro Apex One's agents support support from macOS High Sierra 10.13 to macOS Monterey 12, on Apple M1, Apple M2, or Intel® Core processors. To protect Linux file, web, and application servers with Trend Micro, you'll need its ServerProtect product.
McAfee handles Windows 8.1, 10, and 11, and offers limited customer service if you try running it on Windows 8.0 and 7.x. For macOS it goes as far back as Mac OS X 10.10 and through to macOS 12 (Monterey). For Linux it offers limited coverage: Ubuntu 16.04, Ubuntu 18.04, and Ubuntu 20.4.
With Kaspersky Endpoint Security for Business you get Windows, of course, and pretty extensive Linux coverage, with nine 32-bit OSs covered, and literally dozens of 64-bit Linux flavors. Mac coverage is included in the Advanced and Select versions of Kaspersky ESB (and you also get Android and iOS).
ESET Endpoint Security will work with Windows 7 - 11 (although some features are not supported on ARM processors) macOS 10.12 and up, and a couple of 64-bit Linux systems: Ubuntu Desktop 18.04 LTS and RHEL Desktop 7.
PAN Cortex XDR supports Windows 8 - 11 as well as macOS as far back as 10.13 with its 7.5-CE release. Subsequent 7.x releases cover later macOS versions (with 7.7.3 and later handling macOS 13.x). Cortex XDR only supports 64-bit Linux and you have to install a supported kernel module version, but it does cover a good selection of the main Linux offerings including CentOS, Debian, Oracle, RHEL, openSUSE, and Ubuntu.
Microsoft Defender for Endpoint has coverage for macOS 11 (Big Sur), 12 (Monterey), and 13 (Ventura), although Big Sur requires some additional configuration. It also protects more recent versions of RHEL, CentOS, Ubuntu, Debian, and Oracle Linux. Android (6.0 and higher) and iOS (11.0 and higher) are also available.
As for legacy systems, it's best to explicitly ask the vendor if they cover the particular hardware/OSs you have. For example, older versions of Symantec Endpoint Protection 14 cover Windows as far back as Vista, and Windows Server as far back as Windows Server 2008 (RTM, SP1, SP2).
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote!
If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too!
...
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important.
1) Does the solution employ Foundational Tech...
Hi dear community members,
This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions!
Trending
What are the Top 5 cybersecurity trends in 2022?
What are the main benefits of modern IT Asset Discovery tools?
Tip
Post an educational article from your Home feed and receive 20 point...
Hi community members,
Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback!
Trending
What are the pros and cons of internal SOC vs SOC-as-a-Service?
Join The Moderator Team at IT Central Station (soon to be PeerSpot)!
Questions
Share your experience with other peers by ans...
Solutions that are simple and easy to use can also leverage all available threat intelligence sources. Must help proactively to prevent and mitigate any endpoints risks.
Vulnerability Threats and Patching with automation - Identify any misconfiguration, Vulnerability apps, settings or ports to regularly scan and suggest measures and auto-protect. Even if no fix availability should be able to be captured the manual fix or workaround from vendors or the security community to apply the fix.
Should cover all aspects of unified endpoint security across platforms Windows/Mac/Linux/MDM-
Configurations Management, Threats and Patching, Software Deployment, OS Deployments, Mobile Device Management, System Tools, Browser Security, Vulnerability Management, Application Control, Device Control and Bit Locker Management.
Should help auto-updating drivers, AV updates, browser updates etc and flexibility in controlling our rings fenced updates accordingly.
Ariel,
Thank you for your question hope you are finding many answers to assist you here. My own opinion on this will probably be in line with multiple others here.
Several questions I like to ask during this process are as follows:
-Will this be hosted on cloud or on-prem?
-AI or machine learning threat model is a must today
-If hosted what are SLA's for detection, response, ability to view dashboards, what is your level of access to that dashboard, can you disable an agent quickly if needed and what is that process?
-Is this for your own environment or do you want to host it for someone else?
-How well does the product work when disconnected from the internet? - This is a key factor for me. If the product fails when disconnected from the cloud move onto another product.
-How well can the product recover should it miss something? Are you able to retrace the events that caused the issue?
-Cost per endpoint vs cost of being down due to infection.
-Easy to deploy
-What OSs does the product work on? Does it support Linux and what versions of Linux?
There are several questions for you on this. I hope they help you or others.
Thanks.
Multiplatform is critical for total endpoint coverage, which is easy to deploy with or without other vendors' AV installed. The deployment must be easy and seamless for the end-user. IT cannot afford the time to sort out mishaps at the endpoints.
Reporting & Visibility to justify ROI. Visibility of how, when, where, and why the attack happened.
Must have auto updates & auto-remediation, granular configurability as well as a “just work” setting.
The protection services you may look at: Anti-malware, Anti-ransomware, Anti-bot, DLP, Firewall, Application Control, etc.
On any given day, an amazing new technology could swoop in and fundamentally change the way you do business. That’s exciting, but there’s a downside to today’s technology-driven world.
New and unpredictable threats to your cybersecurity are forming all the time, and it’s next to impossible to stay ahead of them all. From assessment to cybersecurity, from ongoing support to network and infrastructure design, trust your network services to no one but the very best.
The days of signature-based solutions are end of life. AI threat detection with human monitoring is where we are at today: Sentinel One, Crowdstrik, FieldEffects, Carbon Black. Check out Red Canary.
Besides what's been already mentioned, I would also explicitly mention automation (API) and data export options.
How good is the information provided, e.g. the threat/vulnerability database?
How complete and useful are the reported findings, and how easy are they to interpret and explain?
Is it possible to configure and manage exceptions, e.g. to manage obvious false positives reported, exceptions granted, "old news" or classifications of the findings that are obviously off?
ROI-Return on investment; does it integrate well? does it work as advertised? is it cost-effective?
You could invest millions, what's good enough in your environment?
Being more advanced than a signature-based system. Its ability to detect lateral movement and not just remediate but prevent attacks before they start.
@J Rice nice idea
Key points for me are speed, scale & reporting, and I generally classify my toolkit into these compartments.
evaluation of endpoint protection should look at what the product offers for prevention, detection and remediation. On prevention does the product provide basic exposure prevention, the ability to prevent the end users device from navigating to known malicious sites, or to insert an unauthorized external media (usb). Does the product prevent the execution of malware, either through heuristics matching, emulation, downlaod reputation or signatures. If exposed to malware does the product provide robust malicious action detection, run time behaviors, exploit detection, malicious command and control beaconing etc. Last the product needs to include robust remediation capabilities, not simply malware removal but the ability to understand the root cause of the threat and what led to the detection of malicious activity. With that last bit of information you should be able to scan the network for other similar indicators of compromise, so you can fully remediate the detected activity. Often malware today involves the exploit of running applications with no payload delivery, in these situations it is critical that the endpoint product can detect/block and take action on memory resident threats. It gets fairly complex, but the key evaluation criteria are what does it do to Prevent, Detect and Remediate malicious activity. Any vendor without a good story for all of this is just a point solution in the overall security posture for your company.
Security, Managment and easy deploy
Most important is the ability to recognize, stop and remove malicious software.
Coverage. Performance. Enterpriseness :-)
Speed (installation, detection, scans), low impact (on boot, memory). Then price etc.
I agree with Stephen, but also would like to add that I think it's important to evaluate which attack vectors the solution will block. Oftentimes I see people do testing with only known malware samples. One should test with known samples, unknown malware 0days, as well as exploits.
Endpoint Security should be proactive, the days of reactive endpoint protection are far gone. I have evaluated many End Point Security products and what stands out with all of them is they are very similar and are all working towards the proactive approach. Most technology being used are the same with a few exceptions. The answer to this question must be based around the organization looking for the solution. Some Company's don't allow BYOD there for mobile endpoint solutions are not needed
Generally I look for Suppliers Support, Price, Ease of installation and removal.