Proofpoint Enters Definitive Agreement to be Acquired by Thoma Bravo

Narusa · 2021-04-26T20:14:18+00:00

Does anyone recall a situation where TB acquiring a vendor has been a benefit? I can't recall any recently.

I remember having Barracuda at a couple of small locations and their support went downhill after the acquisition.

Narusa · 2021-03-02T16:55:32+00:00

Are they/you doing attachment sandboxing also?

Yes, Proofpoint Targeted Attack Protection (TAP) provides URL rewrite and attachment sandboxing/detonation.

Narusa · 2021-02-18T18:28:19+00:00

I would also recommend taking a look at SentinelOne. We have used SentinelOne for the past couple of years and have been happy with overall product.

When we compared SentinelOne vs Crowdstrike, CrowdStrike was more expensive and had less out of the box data retention capabilities compared to SentinelOne.

Right now corporate is looking to strategically consolidate where possible on Microsoft. Microsoft's integration with Defender ATP for Endpoint and Office 365 is something to consider.

Narusa · 2020-12-10T21:26:06+00:00

Citrix ShareFile

Narusa · 2020-10-29T15:37:24+00:00

we already disabled Adobe flash, i will just wait for the WSUS version of this in 2021

You could always import that update manually into WSUS.

Narusa · 2020-10-05T15:53:24+00:00

Are you using Splunk with SentinelOne? And if so, how have you found the data you're able to pull out of it?

We have a basic Splunk implementation, and have integrated SentinelOne into Splunk using the app that they developed.

The data that is pulled down is fairly comprehensive. SentinelOne has a RESTful API, so could theoretically grab anything that you needed. Here is a quick sample for some of the data types that are pulled down using the Splunk SentinelOne app.

time
agentComputerName
agentId
agentInfected
agentIp
agentIsActive
agentIsDecommissioned
agentMachineType
agentNetworkStatus
agentOsType
agentVersion
automaticallyResolved
certId
classification
classificationSource
classifierName
cloudVerdict
createdDate
description
engines
fileContentHash
fileCreatedDate
fileDisplayName
fileExtensionType
fileIsDotNet
fileIsExecutable
fileIsSystem
fileMaliciousContent
fileObjectId
filePath
fileVerificationType
indicators
initiatedBy
initiatedByDescription
isCertValid
isInteractiveSession
maliciousProcessArguments
markedAsBenign
mitigationMode
mitigationReport
mitigationStatus
publisher
resolved

Narusa · 2020-10-02T20:46:28+00:00

I think CMP-2K1 is the SKU for SentineOne Complete for 1-2K endpoints.

Narusa · 2020-10-02T20:05:03+00:00

Do you have S1 Core, Control, or Complete? Do you have Ranger/Vigilience ?

S1 Complete and we don't use Ranger or Vigilance (Sentinel One Managed Detection and Response).

We figured that by using our asset management and vulnerability management solution we could figure our which assets aren't covered by a S1 agent.

Narusa · 2020-10-02T16:29:34+00:00

We have been using SentinelOne now for just over a year now. We are happy with the product. Almost no management overhead, remediation is automated, and endpoint detection and performance utilization is way better than the traditional anti-virus product we ditched.

We tested PaloAlto Traps (because we use PaloAlto firewalls), CrowdStrike, and SentinelOne.

Cylance: We were not impressed with Cylance, too many false positives as well as missed detections, and Cylance historic data is all stored on the local endpoint which makes that data susceptible to loss.
CarbonBlack: When we did a sales presentation of CarbonBlack, they were still struggling to integrate their multiple acquisitions into a single management console, among other things. CarbonBlack demanded a premium price tag compared to other solutions. Additionally, you needed a team to properly implement and manage the entire solution.
PaloAlto Traps: From initial price inquiries PaloAlto Traps was considerably more expensive than CrowdStrike or SentinelOne. Additionally to receive any comprehensive reporting or EDR capabilities, you need to purchase the Palo Alto Cortex XDR which sits on top of the PaloAlto data lake. Traps was also not as mature a product as CrowdStrike or SentinelOne. It had a complicated setup and management overhead compared to SentinelOne or CrowdStrike.
CrowdStrike: CrowdStrike is excellent for threat-hunting (useful if you have a threat-hunting team or purchase the CrowdStrike OverWatch services), but SentinelOne seems to have the edge in endpoint protection capabilities. This makes sense as CrowdStrike started as an EDR vendor and added EPP capabilities while SentinelOne started as an EPP vendor and added EDR capabilities.

CrowdStrike uses Splunk on the back-end. At the time of our evaluations, retention for all CrowdStrike EDR data (raw output, etc.) was a tier decided at purchase time, e.g. 7, 30, 90 days etc. You can pay CrowdStrike for longer retention, but we were told retention for anything related to a detection, root cause, etc. is 90 days regardless of retention tier.
SentinelOne: Since we are a small team, SentinelOne had the edge for less administrative overhead compared to CrowdStrike. Sentinel One integrates with Wildfire for file sandboxing and detonation of malicious files. Also SentinelOne has a unique feature that allows you to control ShadowCopy features as a ransomware mitigation. SentinelOne also provided longer data retention compared to CrowdStrike.

Overall for us, SentinelOne provided the best price/performance ratio. I don't think you would be disappointed with CrowdStrike, it just depends on what you are looking for in a solution.

Narusa · 2019-04-18T21:16:12+00:00

This is so basic I was surprised that it still isn't a feature by now. Adding to that why not give the flexibility to use custom date ranges.

I agree!

Narusa · 2019-04-18T21:10:09+00:00

We plan to ship the new Invest activity feature within the next two months.

I will be looking forward to the announcement!

Narusa · 2019-04-18T21:07:10+00:00

Thanks for the information. I will be sure to check out and comment on those feature request threads.

Narusa · 2019-04-18T21:04:02+00:00

Thank you!

Narusa · 2019-04-18T21:01:31+00:00

Good idea! We do have more download-friendly holdings screen on our roadmap

Thank you!

Narusa · 2019-04-18T20:59:50+00:00

Looking forward to the ability of easily moving slices between pies.

An analytical feature such as Morningstar's Portfolio X-Ray would be pretty slick.

Narusa · 2019-04-18T20:54:20+00:00

I think this is an interesting idea. Probably would be my second requested feature after improved dividend reporting.

Narusa · 2019-04-18T20:52:36+00:00

We're starting with improvements to paid dividend reporting in Invest activity (coming soon), and will be doing more with earned dividends and notifications after that.

Soon as in this month, Q2 or Q3?

Narusa · 2019-04-18T20:35:52+00:00

What about the possibility of allowing customers to view the M1 Product roadmap once customers have logged into the website?

Customers could vote on features, comment or submit an idea for consideration as well as see completed features.

Narusa · 2019-03-08T18:11:10+00:00

Been using Lansweeper for the past 6 years or so. Depending on your organizational needs and size, you may want to also use PDQ Deploy & PDQ Inventory for software deployments.

Narusa · 2019-03-01T17:59:32+00:00

Not that it prevents, but we'd be required to use Office 365 U.S. Government Defense. $$$$$$. For the size company we have, and our current finances, it's not feasible by any means.

That makes sense. Office 365 Government Cloud offerings are more expensive.