2020-05-18T12:28:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
  • 5
  • 65

Which ransomware is the biggest threat in 2020?

Which EPP provider does the best job at ransomware protection? Which provider is best at proactively defending against unknown threats?

6
PeerSpot user
6 Answers
Paresh Makwana - PeerSpot reviewer
Director at a tech services company with 1-10 employees
Reseller
Top 20Leaderboard
2020-05-18T15:23:14Z
May 18, 2020

Cylance:
One of the fastest growing vendors in the Endpoint Security market, Cylance has built its reputation on the back of proactive and preventive antivirus technology based on artificial intelligence, machine learning, and algorithmic science. Headquartered in Irvine, California and
with offices around the world, Cylance was founded by a team of security industry professionals and scientists with the goal to “redefine the endpoint standard of protection by preventing threats from ever executing.”

Bottom Line: Cylance’s signatureless anti-malware provides an alternative to traditional, signature-based technology, and benefits from easy deployment and management, low-performance impact, and high detection rates against new threat variants. The company is a good pick for companies of all sizes looking to shore-up existing defenses, or for an alternative to traditional anti-malware. The most valuable feature is the ability to respond to zero-day and unknown threats.

Cylance’s AI and Machine Learning ensures that all types of malware and PUP (Potential Unwanted Programs) are detected and your endpoint devices are fully protected, even with day zero threats.

Search for a product comparison in EPP (Endpoint Protection for Business)
Chetan Woodun - PeerSpot reviewer
Senior Consultant at a tech services company with 11-50 employees
Real User
Top 5
2020-05-19T17:03:10Z
May 19, 2020

Some words about ransomware first.

Ransomware has become much more targeted these days, so that ordinary users are less likely to suffer from it.
Also, avoid the free tools as with the degree of sophistication and the way they target companies, most of them will not remove the ransomware.
Finally, also think about protecting mobile devices as these now has email clients, VPN tools and access to corporate applications. Therefore, go for those protecting mobile phones also.

I have seen many interesting products proposed in this forum. Adding the following 3:

1. Bitdefender
2. AVG Antivirus paid version
3. Trend Micro Antivirus RandomBuster
This application addresses the ransomware issue through a bait mechanism - fake files are placed in pre-selected strategic locations around a system and are then observed for any malicious behaviors or attack attempts.

SP
Managing Member at Pender & Associates
Real User
Top 5Leaderboard
2020-08-26T10:53:20Z
Aug 26, 2020

SentinelOne is my recommended solution.


The SentinelOne Endpoint Protection Platform (EPP) unifies prevention, detection, and response in a single purpose-built agent, powered by machine learning and automation. It is not reliant on hash signatures or an internet connection. SentinelOne provides prevention and detection of attacks across all major vectors and rapid elimination of threats with a fully automated real-time response without human intervention.


SentinelOne can also detect and protect against zero-day, file less and lateral movement attacks.


SentinelOne has not been breached and offers upto $1,000,000 warranty if it cannot roll back a ransomware attack.


Please contact me at cybersec@global.co.za for more information, a demonstration, or a quote.

Manoj Nair - PeerSpot reviewer
Tech consultant at select softwares
Real User
Top 5
2020-05-19T06:30:37Z
May 19, 2020

OK a real tricky answer. There are so many out there now and all seem to have one or the other upper hand on the ransomware arena. It all depends on their back end system finally - How they analyse and how fast they analyse (even if in the wild) . And most importantly how fast u can get tech support - Try out Crowdstrike, Checkpoint, Sophos, McAfee, TrendMicro. Remember this - you need to be more specific with your actual physical scenario to get a better answer. This one is very generic in purpose.

it_user1146165 - PeerSpot reviewer
Cibersecurity Pre-Sales at Ingram Micro Inc.
Real User
2020-05-18T23:02:28Z
May 18, 2020

Cortex XDR de Palo Alto Networks is the best solution in the market, because it has protection methods multiples, like are Local Machine Learning/IA, Static Analysis, Dynamic Analysis, Network Profiling, Baremetal, Exploits Protection (By technical or method, no by exploit), Kernel Protection, Behavior Anomaly Protection, etc. Best score in the Mitre att&ck Evaluation.

TC
IT Security Architect at a computer software company with 51-200 employees
User
2020-05-18T21:50:39Z
May 18, 2020

There are several good ones and it depends on budget, integrations needed, staff levels, etc. Crowdstrike Falcon is great if you can afford it. Price reflects "set it and forget it" type of EPP. No need to hire FTE to manage it and comes with 24x7x365 SOC. If you can manage, SentinelOne offers great detections and incident response capabilities (it is really an EDR). S1 has a ransomware rollback feature in case it gets through initial detections (can restore encrypted files if needed) and provides up to 1 million in ransom costs to back up their confidence. If you are a Checkpoint shop and want to leverage some of their other features (Cloudguard SaaS, Endpoint Encryption, etc.) then their Sandblast agent also offers great detections and a rollback feature of their own. Palo Alto traps is decent if you are a PAN shop but can get heavy on admin overhead. Same with Cisco AMP. We do not sell traditional A/V anymore because of polymorphic threats and zero day. Must have behavioral analytics and anomaly detection capabilities.

Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
657,849 professionals have used our research since 2012.
Related Questions
Sep 19, 2022
Hi community professionals, I am looking for your advice on whether it makes sense to use both an endpoint antivirus and an EDR solution simultaneously? What are the pros and cons of using each one or both simultaneously? *In terms of products, I've been looking at CrowdStrike Falcon, Microsoft Defender for Endpoint, and ESET Endpoint Security. Thanks for the help!
2 out of 9 answers
CP
Partner Account Manager 🔆 at SEC DataCom A/S
Apr 26, 2022
If you look at a product like SentinelOne, it is both EPP and EDR (and much more...). In that case you only need this single product.You could take a look at this short explanaition on YouTube: EDR? EPP? Both?!? See how to explain SentinelOne in just 2 minutes
AS
Principal Consultant at 1net
Apr 27, 2022
The “Antivirus” protection technology is replaced by EDR which does include a modern version of “antivirus” along with other ways of device protection.  Multiple vendors provide EDR: Trend Micro, Cisco, etc. The more current technology is XDR.
PJ
CIO & Information manager at a leisure / travel company with 501-1,000 employees
Apr 26, 2022
Hi peers,   I work as the CIO & Information Manager in the gaming and gambling industry. The company has 650 employees and >30.000 customers. I'm not able to find a study where Darktrace is compared against Crowdstrike Falcon (or other solutions for endpoint security, e.g. Sentinel One).  Can anyone help and share their insights?  Thanks, Regards from the Netherlands
See 2 answers
HF
Consultant at a computer software company with 51-200 employees
Mar 31, 2022
Hi @reviewer1799568, Most of these comparisons are opinions and some tests are done in specific conditions that might not suit or reflect your organization's needs and roadmap. Ultimately, the cost of a mistake is a data breach and not just an audit finding or operational discomfort. I mention this because there are no viable shortcuts. I suggest you test the solutions thoroughly in your own environment to see what works for you. The gaming floor is hopefully "air-gapped" and the solution should respect that segregation and still provide great security and visibility. One of the challenges is security updates. For such an environment you would need comprehensive AI and machine learning. I suggest you look at the difference between IOC and IOA. IOA vs IOC: Defining & Understanding The Differences | CrowdStrike. (Please also check other sources). Good luck and stay safe!  
CP
Partner Account Manager 🔆 at SEC DataCom A/S
Apr 26, 2022
Hi. I am told that Darktrace is a complimentary product that doesn't do any endpoint protection.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important. 1) Does the solution employ Foundational Tech...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Feb 4, 2022
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset Discovery tools? Tip Post an educational article from your Home feed and receive 20 point...
See 1 comment
reviewer1577907 - PeerSpot reviewer
Manager at PeerSpot
Feb 4, 2022
Thank you, these community Spotlights are very handy!
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Nov 19, 2021
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback! Trending What are the pros and cons of internal SOC vs SOC-as-a-Service? Join The Moderator Team at IT Central Station (soon to be PeerSpot)! Questions Share your experience with other peers by ans...
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
8 Questions to Ask While Selecting an Endpoint Security Solution for Your Business
If you’re weighing your options for endpoint security solutions, there are many options out there...
Download Free Report
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
657,849 professionals have used our research since 2012.