Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.
$2.50
per user/per month
Qualys TruRisk Platform
Score 8.2 out of 10
N/A
Qualys TruRisk Platform (formerly Qualys Cloud Platform, or Qualysguard), from San Francisco-based Qualys, is network security and vulnerability management software featuring app scanning and security, network device mapping and detection, vulnerability prioritization schedule and remediation, and other features to provide vulnerability management and network attack surface reduction.
As compared to some of the other products we have used in our organization over the years, Windows Defender has been a lot better at not using a lot of system resources when running on the clients. A lot of other commercial threat protection products on the market today, tend …
It says it's cloud-based. There are lags, so it works well because we have a distributed workforce now working primarily from home, so it's easy to get in there and make those changes. If we were on site and we wanted faster validation of the changes, it would be missing that because it can't do it fast enough and get those quicker turnarounds.
Qualys Cloud Platform is well suited for organizations that need additional tools to secure and bolster their security from end to end. The automated, real-time threat protection is very quick to notify an admin of potential vulnerabilities and risks, as well as recommending quick fixes to resolve/close the gap before an incident occurs. QCP excels at portraying all of these in a single pane of glass, and find that the Qualys reports are more detailed than competitor product lines. One of our big issues with QCP is that you do have to pay for each scanner, which can quickly add up to large costs. For this reason, I would rate Qualys at a ~7 due to great features and functionality, but overall value could be better for a large organization. I would also say that QCP may make more sense for smaller organizations due to this pricing model.
When an end user opens a file or accesses a file I should say that has malicious content, it will quarantine the file. It will also let us know if an end user themselves has an issue now. So the whole Defender Suite has different parts. So some of these may be going over into Defender for identity and stuff. I'm not clear on which is which, but it's the whole ecosystem. I'll get an email letting me know that there's an issue and then we follow up. The email generally has a link in it to the actual event in the defender for endpoint or whatever console. And then we can start looking at the case, make sure the endpoint is quarantined. So it can't do anything. The only thing we can do is talk to it to do forensics or whatever so it's not totally isolated where we have to get somebody on the ground to go to the thing. We can still work on it remotely, but the end user can't do anything that would continue to cause lateral movement of the compromise or anything like that.
It really does well at vulnerability scanning, which it is well known for. It's accuracy at finding vulnerabilities is top notch, more so than a lot of other vulnerability tools out there. In an organization/company you want this kind of accuracy at finding vulnerabilities in your network/endpoints
It is very good at managing endpoints on a consistent basis, meaning you can add endpoints to Qualys and have the platform scan/track/protect for vulnerabilities on an ongoing basis, without user intervention
It does really well at separating out and identifying what levels of criticality each vulnerability should fall into. This way, an organization/company can attack the more critical vulnerabilities first
While it's a very good product for auditing, it has a very hard time to distinguish what is malicious and is an attack, what is not. Very rarely we get indication of a real malicious attack. We got lots of hours for off the shelf malware that it cleans up automatically. So basically we never get to look at it, which is a positive thing, but threats are detected by the third party endpoint, so it will not be enough by itself.
This program is really complicated, the multiple functions that are presented to us are not very clear and in some cases, it is a matter of intuition to execute a function, it is not very informative.
The interface of this program can be a real problem; for our taste, this program looks a bit messy, and the interface does not help or guide you to find the options you need.
Again, the usability of Qualys has been a pinpoint for this entire review. It was easily the worst thing about the product and because of this, I would not recommend Qualys to anybody in my field. This should be something that Qualys strives to improve if they wish to stay in business.
The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session
They had a support page within the WAS to report any concerns or seek help. But the UI of that is not smooth. Regardless support staff were pretty responsive and helpful. They scheduled calls to understand and address our problems. Email support is good as well.
Tenable Security Center was a fantastic exposure detection tool but there was always a lag and servers would hang alot when being scanned causing resource traffic. Microsoft Defender for Endpoint on the other hand does not use up most resources soo there is usually noo lag during scanning and it also provide more detailed insights on the network. Also Microsoft Defender for Endpoint integration power has helped us up our security game by delivering a smooth secure network.
As described before Qualys is used to scan periodically the environment in order to check if there are some packages (Linux) or Applications (Windows) outdated, generating reports to the Service Owners, fulfilling what's is expected from us, attending all our expectations regarding the tool. That's why we'd choose Qualys to our organization.
Positive : Microsoft Defender for Endpoint offers sophisticated threat detection and response capabilities, putting it into use helps increase security. Reduced security incidents, data breaches, and related expenses may arise from this.
Positive : A more secure environment means less time and effort spent by IT and security teams on remediation and incident response.
False Positives: Like any security solution, false positives can occur, leading to unnecessary investigations and potential disruptions to business operations. This may require additional resources to manage.
