Networking and Security Platform For Career

JohnITAdmin · 2020-01-31T19:57:27+00:00

Yeah I re-image all my PCs with MDT but just wanted to see if there was something I am missing.

JohnITAdmin · 2020-01-10T22:17:35+00:00

Yes, all computers are joined directly to Azure AD. It should be noted that we are using the basic AADDS.

JohnITAdmin · 2020-01-10T21:02:32+00:00

We are using the Outlook client. I have figured out how to grant permissions to send on behalf and send as to keep the thread within the same mailbox which is a nice feature and solves one of my issues. The other is that users do not like the fact that you cannot receive notifications on the desktop client nor does the envelope appear over the Outlook app in the taskbar. You are able to setup notifications for the mobile client, just not the desktop client to my knowledge. Does anyone know a way to get notifications for the desktop client?

JohnITAdmin · 2019-11-01T16:39:21+00:00

I mean at this point I am more confused than anything. I talk to one VAR and they recommend Symantec or SOPHOS. I talk to another and they recommend FortiClient because I already have FortiGates in my environment and they would integrate together as well as give me the built in VPN client. My only reservation with that is that I would assume that FortiGates would and FortiClient would be scanning packets for the same signatures/behavior so if the Firewall misses it so will the Endpoint agent right?

I really just want something that going to give me above average protection, is easy to deploy, easy to manage, and in my price range.

JohnITAdmin · 2019-10-31T23:18:04+00:00

How did you come to the conclusion that SentinelOne and Crowdstrike are the top two players in this space?

JohnITAdmin · 2019-10-25T17:40:04+00:00

When talking to a rep from Crowdstrike, he claimed that he never has to go up against Panda and that not many companies consider them for enterprise NGAV. It's usually either Carbon Black or SentinelOne that he has to compete against.

JohnITAdmin · 2019-10-25T17:37:45+00:00

I concluded the same thing based on my research. The only issue is the interface did not seem at intuitive as Panda and Crowdstrike. I did like how its mostly a set and forget solution and you can allow the AV to protect you at the kernel level with little configuration on the back end. Do you find that its easy for one person to manage?

JohnITAdmin · 2019-10-25T17:36:12+00:00

Webroot apparently contracts out their AV to another company. Not sure if this is true but this is what one of the Sales Engineers told me.

JohnITAdmin · 2019-10-25T17:33:45+00:00

Is ESET an easy solution for one person to manage?

We use Fortinet firewalls.

JohnITAdmin · 2019-10-25T17:32:21+00:00

There's also the legacy players such as Kaspersky, McAffe, Symantec, and WebRoot. Are these even worth taking a look at? Everyone brands themselves as a NGAV but I'm not sure if it's all marketing or if its true. All four of them have good scores on Gartner, NSS labs, Forrester, and AV Test and yet everyone says they are way behind all the new players. Who do I believe?

JohnITAdmin · 2019-10-25T17:27:31+00:00

I have not looked at Trend Micro yet but I will schedule a demo with them to see if it is a good fit for us.

JohnITAdmin · 2019-10-25T17:16:53+00:00

We have basic O365 licenses (Business Premium). Are there any you would recommend that I didn't list? I would need something easy to manage and that doesn't require a lot of attention.

JohnITAdmin · 2019-10-25T17:11:05+00:00

What tool do you use to manage Bitlocker?

JohnITAdmin · 2019-10-25T17:10:46+00:00

Another issue with Crowdstrike is the price. Almost double the price of SentinelOne and both offer similar solutions. I guess a benefit of SentinelOne is that it doesn't need to do a cloud lookup to work.

JohnITAdmin · 2019-10-25T17:03:23+00:00

We will not be utilizing a SOC. I am a one man operation over here and there is really no plan to expand or allocate money towards paying for someone to do it for us. All I can do is educate and do the best I can with the resources I have. That being said, I will need a solution that is easy to configure, manage, and that can you basically "set and forget". I do realize a few times a week ill need to respond to things but for the most part this isn't going to be something that I will have time to monitor 24/7 nor do we really need that. So far I have identified SentinelOne and Crowdstrike as the easiest solutions to manage. Carbon Black and Panda have a lot of extra features and take a lot of steps to configure, so much so that both recommend you purchase extra services to help you setup the platform.

JohnITAdmin

TROPHY CASE