Attivo Endpoint Detection Net (EDN) vs. Microsoft System Center Endpoint Protection

Attivo Endpoint Detection Net (EDN) is a suitable option in mid level and large companies to detect insider threats and stealthy attackers. It is highly recommended where data is highly sensitive and there are chances of attack to get access to critical revers to get saves credentials and stored files. for small and medium business this solution is not recommended where perimeter security is already configured.

Incentivized

It is well suited in environments that want a simple AV product/solution that, for the most part, can be easily deployed to client endpoints. It is also good for environments that want something that is easy to use by end-users, and also doesn't use a whole lot of system resources. It is less suited for environments that want an AV solution that is more robust feature-wise, or has more configurable options for the end-users. It is also less suited for those organizations that want an AV product to have the highest detection rate in the industry.

Incentivized

• To mimic production servers to deceive attackers
• To detect the lateral movements of adversary through machine learning algorithms
• To feed dummy data on production servers through threat strike feature

Incentivized

• Microsoft System Center Endpoint Protection offers exceptional threat protections for signature-based "known" threats.
• The signatures are constantly updated and management of this application is super easy with the use of Microsoft SCCM.
• The application is very much a "set it and let it" type of deployment. Once you install it, there are very little configuration or changes that need to be made.

Incentivized

• Attivo Endpoint Detection Net (EDN) should have capability for getting forensics packages from compromised systems in my opinion.
• I believe Auto phishing email detection capability should be improved to meet industry requirements to tackle phishing attack vector
• Malware detection capabilities should be improved to work to kernel level for better visibility in my opinion.

Incentivized

• The product could improve in the area of having better mechanisms in place with how the SCEP client is deployed/installed from the server on the management side. We have run into this firsthand with the client not installing on an endpoint, and then having to take the time to investigate why it was not installing.
• A second improvement that can be made is to keep trying to improve the products detection rate for finding malware/viruses. The case can be made that there are some products out there that do a better job at this and have a higher detection rate.

Incentivized

There was a time and a place in which Microsoft System Center Endpoint Protection was an excellent choice to provide threat protections. However, now that threats have been evolving, so too does the need for more advanced protections. In its current offering, it just no longer meets the needs of our organization in terms of providing protections against threats.

Incentivized

Attivo provides a user friendly management with a centralized manager. We can do configuration of Attivo Endpoint Detection Net (EDN) from a centralized console and deploy the Attivo Endpoint Detection Net (EDN) very easily. In other deception tool like forti deceptor etc, they have a bit poor user interface in my opinion and use-ability feature are improved in Attivo as compared to its competitors solutions I believe

Incentivized

How SCEP stacks up against some of the other AV solutions/products is that it does a pretty good job overall (not the best in the industry) at detecting/removing malware, which is the main focus for a product like this. It is also easy to use on the end-user side, which can't be said for some other AV products on the market. I was not involved with the selection/purchase of the product in the organization, but I'm almost certain the organization selected this based on the tight integration with Microsoft System Center Manager, which is used in the organization. Also, given the fact that SCEP is tightly integrated and works well in organizations that utilize Microsoft products, it was probably another factor in selecting this. Lastly, the cost of licenses was probably lower (because of System Center already being in place) than other AV products.

Incentivized

• Attivo Endpoint Detection Net (EDN) helps to protect information hence Attivo Endpoint Detection Net (EDN) is securing sensitive data therefore ROI is better as loosing the data is much more costlier as per Business Impact Analysis.
• In small organization ROI is not effective as cost of Attivo Endpoint Detection Net (EDN) is a bit high and data being protected through EDN is not high value asset in my opinon.
• It is a better technology to detect cyber threats so anyway it is recommended to use for better security posture.

Incentivized

• There was little/no cost associated with this software since we are utilizing SCCM and are paying license costs for that anyways.
• The level or protection is excellent for the cost of the software.
• There was at least one instance in which Microsoft System Center Endpoint Protection identified a crypto-malware, but not before it had already started to encrypt many of our files. So it did detect the threat, but since it was a little delayed we still were infected.

Incentivized