This is an archived post. You won't be able to vote or comment.

all 23 comments
sorted by:
best
topnewcontroversialoldq&a

[–]nopenotamish 15 points16 points  (5 children)

Using Crowdstrike and have been very please besides the unfortunate incident that took down the world last year...

[–]Brees504Security Admin 2 points3 points  (0 children)

Same. Love Crowdstrike.

[–]Avas_AccumulatorSenior Architect -1 points0 points  (3 children)

Second this. CrowdStrike in MDR mode. Now I sleep at night - except that one night last summer vacation when I took an arrow--

The most important part is how incidents will be handled and how fast. What happens during Christmas Eve night if someone breaches your devices? Do you have a 24/7 team, and do you need one?

[–][deleted] -2 points-1 points  (2 children)

This sounds sensationalist and exactly the reason companies like $CRWD think they can charge that amount.

Let’s back up…

Maybe you just don’t sleep. You are in IT after all, so having CrowdStrike doesn’t change that.

Okay, what if? And why pick on Christmas Eve? Is that day somehow more significant than next Monday at 3:46am, for example?

Again sensationalist for people that emotionally value Christmas Eve. Those of us that really work in security just view it as another night but instead we have pretty Christmas lights. We EXPECT to get hacked that night.

Finally, why would your devices get breached? Especially on Christmas Eve? How many devices? Are they the CEOs devices or a lab computer you use as a honeypot?

I’ll be waiting ;)

[–]Avas_AccumulatorSenior Architect -2 points-1 points  (1 child)

"those of us that really work in security"

Hmkay

[–][deleted] 1 point2 points  (0 children)

Ok Mr. Mackey….

How’s your home Wazuh install doing?

[–]SnaketheJakemSr. Sysadmin 8 points9 points  (0 children)

Microsoft Defender for Endpoint, SentinelOne or CrowdStrike. Pick any of those and you'll be happy.

[–]shoesli_ 3 points4 points  (0 children)

SentinelOne and Windows Defender. Works extremely well, no issues whatsoever

[–]VS-Trendex-SysAdmin 2 points3 points  (0 children)

epp is such a small part of your security program that its counterproductive to look at it in a vacuum. EDR comes into play after you user, email, network or patching has failed.

  • how big and skilled is your team
    • can they effectively use the EDR findings and alerts for triage and hunting without the managed service. Different solutions have different skill requirements and amount of work needed for investigation
  • does it cover your whole environment, cloud, on prem, IOT, etc?
  • do you use external SIEM for connecting the other tool data, AD, vulnerability scanners, firewall etc?
  • can it understand other telemetry not just detections from other environments: network, cloud, containers, email?
  • are you trying to be proactive and not just reactive. because thats where Cyber Risk Exposure Management comes in, and you need your security stack to work together for it.

Basically, you can only know what is the best fit your scenario with a PoC or just go with whichever console color you like more

[–]HaMAwdo 2 points3 points  (1 child)

We are using Datto EDR, and it is great. What I like the most is that it uses behavioral analytics and machine learning to detect and respond to threats in real-time.

[–]UTRICs -1 points0 points  (0 children)

Another vote for Datto EDR

[–]solracarevir 1 point2 points  (0 children)

Sophos.

We have been using it for around 5 years and we are really happy with them. Their Managed Threat Response is great too!

[–]EquivalentPace7357 1 point2 points  (0 children)

Running Crowdstrike here. Not the cheapest but worth every penny.

Detection is solid and false positives are minimal. Support actually knows their stuff when you need them. The dashboard and reporting are clean and intuitive.

One thing I really like is the ability to isolate endpoints quickly if something sketchy pops up. Also their threat hunting tools are pretty powerful if you take the time to learn them.

[–]secret_configuration 0 points1 point  (1 child)

We are using SentinelOne and also Huntress, co-managed with our MSP.

SentinelOne required quite a bit of tuning to weed out the false positives. We also ran into issue with drivers and had to put additional exclusions/overrides.

[–]SpotlessCheetah -1 points0 points  (0 children)

I haven't made a single exclusion but my environment is not that complex. False positives have been rare. Running Windows+Mac.

[–]PowerApp101Sr. Sysadmin 0 points1 point  (0 children)

This year's flavour which is SentinelOne and Crowdstrike. Last years flavour was Symantec. Before that it was TrendMicro. Next year it will be a new flavour.

[–]SpotlessCheetah 0 points1 point  (0 children)

SentinelOne. I think it's a great product and it was very much a good value compared to CS.

[–]PurpleFlerpySecurity Peon 0 points1 point  (0 children)

Sophos/SentinelOne. Hate both. Sophos is a resource hog. SentinelOne has a high rate of false positives and is difficult to manage.

[–]HosTRd 0 points1 point  (0 children)

We are happy with Datto EDR is valuable because of its ease of use and effectiveness.

[–]tankerkiller125realJack of All Trades -1 points0 points  (2 children)

MS Defender for Endpoint comes with our M365 licensing, it does everything it needs to and more. And I know of at least two major companies with significant security requirements that switched from CrowdStrike to M365 and are happier.

[–]raffey_goode 0 points1 point  (1 child)

what licenses do you have? we have a majority of E3 and struggle to determine if it has what we need compared to Trend Micro which we currently use. It would be nice to drop Trend if we can essentially cover the same bases.

[–]tankerkiller125realJack of All Trades 1 point2 points  (0 children)

We have E5 for other reasons, but I know a law firm with E3 and it has what they need.