IT Central Station is now PeerSpot: Here's why

Which is the best EDR for a logistics company with 500-1000 employees?

Samy Adel - PeerSpot reviewer
Senior ICT Helpdesk Administrator at CACC Cargolinx


I'm working as a Senior ICT Helpdesk Administrator at a Logistics & Supply Chain company with 500+ employees.

Which Endpoint Detection and Response (EDR) product would you recommend purchasing and why?

I appreciate the help!

PeerSpot user
1111 Answers

Patrick Flanders - PeerSpot reviewer

It's been offered in the previous suggestions, Sophos or Crowdstrike Falcon.  

The other two excellent points were: 

(1) whether they want this running on-prem or in the cloud and 

(2) do they have the resources and knowledge base to effectively manage whichever solution is best moving forward?

Andy Scutt - PeerSpot reviewer

I'd say, unless you have an existing 24x7 SOC, go for a managed solution - EDR is great but if no one is monitoring it and responding to the alerts/isolating you're only really getting 50% of its value. 

ITSecuri7cfd - PeerSpot reviewer
Top 5Real User

I think most of the answers provided will work for you, but you have to take into account your environment, integration with other solutions, firewall, antivirus or even just Windows-native and you have to look at price vs features you want. 

How much is good enough? You could spend 1/2 a million or next to nothing. 

S1 is a good choice, especially, if you have legacy devices. CSF is also good but a bit more expensive. 

You also need to decide: on-prem or cloud; what your needs are and weigh that against the features and costs.

Cheri Smith - PeerSpot reviewer
Top 5LeaderboardReal User

Without really knowing what type of system you are running I'm going to stab from what info I've been given and recommend Falcon CrowdStrike. 

It's reliable and cloud-based and doesn't take away from system performance; it's easy to install and maintain.

Georges-Emmanuel TOPE - PeerSpot reviewer
Top 10Real User

If you are already using Windows 10 for the clients, you may benefit from a native integration by using Microsoft Defender Advanced Threat Protection.

It's robust and pretty easy to manage and understand, and the features are on par with the other leading EDR on the market.

All you have to do is to ensure it's well configured and establish a review schedule to take actions on time even if most actions can be done automatically thanks to its machine learning and AI engine.

Darshil Sanghvi - PeerSpot reviewer
Top 5LeaderboardReseller

Hi @Samy Adel ​

I just wanted to know some more details about your environment. I have worked with and tested out multiple products and tools in EDR and NGAV segments.

For an instance, Trend Micro and Sophos Intercept X work well if you are looking for a tool with multiple features - Security and Operational features like EDR, AV, DLP, App Control, etc. 

If you are looking for a solution for only EDR (cloud-based), with good efficacy and without impacting the user's system performance, you can go ahead with Crowdstrike's Falcon Platform. If you are planning for a solution that has security-focused capabilities that can integrate with your firewall and help you get RCA, with advanced security features like UBA/UEBA, NTA, custom IOC/BIOC creation, etc along with EDR, you can check out Cortex XDR by Palo Alto Networks.

Each solution has its own limitations and unique feature set that distinguishes and is based on your priorities and budget. You can select one accordingly.

Steve Pender - PeerSpot reviewer
Top 5LeaderboardReal User

Hi @Samy Adel

I would confidently recommend SentinelOne, as it is the only EDR that has not been breached, offers up to 1 million USD warranty if it is not able to roll back a ransomware encryption attack, automatically mitigates cyber-attacks without human intervention, uses artificial intelligence and does not require internet to mitigate attacks. 

SentinelOne also effectively provides protection against; zero-day, fileless and lateral movement attacks

Eric Rise - PeerSpot reviewer
Top 5Real User

@Samy Adel,

Thank you for the question. I hope you discover the answers here. First off does this company want to manage the EDR solution on-prem, or would they prefer a hosted solution? Windows-based shop or are the end points Mac, and Linux as well?

EDR's I do prefer Sentenal One(S1), or Sophos as others have suggested here. 

I do prefer S1 over Sophos because I tested both in real-world situations and S1 out performed Sophos. AI and machine learning is a huge plus. S1 can be disconnected from it's cloud and still provide you protection. Also provides you the ability to roll back an infected machines providing the VSS on the local machine is working. Installs very easily on Windows and Linux workstations.

Sophos wasn't a bad solution, very nice dashboard. However, like the old Symantec End Point Protection platform, Sophos wants to install and have control of everything. It's become bloated a very thick client. It does a good job of protecting the end point but will impact performance depending on the features you enable. It is cloud-based. I don't recall whether an on-prem version of this being available. If you lose your internet you lose the cloud and your ability to control the EDR solution.

John Johny Restrepo Hernández - PeerSpot reviewer
Top 5User
John Johny Restrepo Hernández - PeerSpot reviewer
Top 5User

I would recommend (if all devices have at least Windows 10) to choose Microsoft Defender for Endpoint.

It is a family of products focused on detecting attack patterns based on the behavior of users and their devices. It is not only the device that has to be managed, its identities, permissions and applications are also to be managed.

The best option, for me, is Microsoft.

Evgeny Belenky - PeerSpot reviewer
Community Manager

Hello @Basil Dange, @Devanand PR@OmidKoushki ​and @Darshil Sanghvi. What would your professional advice be to @Samy Adel?

We appreciate your help to the community.

Buyer's Guide
Endpoint Detection and Response (EDR)
June 2022
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Detection and Response (EDR). Updated: June 2022.
607,332 professionals have used our research since 2012.