Carbon Black Endpoint is an endpoint security and "next-gen antivirus (NGAV)" that uses machine learning and behavioral models to analyze endpoint data and uncover malicious activity to stop all types of attacks before they reach critical systems.
N/A
Watchguard Endpoint Security
Score 8.9 out of 10
N/A
WatchGuard EPDR (formerly Panda Adaptive Defense 360) combines next-generation antivirus protection, endpoint detection and response (EDR), patch management, content filtering, email security, full disk encryption, and more, into one package. The platform touts a unique zero-trust security service that certifies the legitimacy and safety of all running applications thanks to a combination of automated, AI-driven processes and investigation services provided by a team of malware analysts.
Cb Defense has been working very well in our organization. It is giving us much better insight into the applications that people are running on their systems (without authorization). This software is also great because it provides visibility into systems that are remote (off the network but still have Internet access). The out of band feature is great to help ensure that the systems are protected even when a user is traveling.
I can only speak to WatchGuard Endpoint Security being well suited for us. Because we have over 350 devices (tablet, laptops, desktops, phones) on our network, this product has been a great fit, especially when paired wih our Firebox m390. Again, the protection is fast, low overhead, and virtually undetectable that it is running all the time.
History of Process Execution, really anything that happens in the system is easily seen within the Dashboard. I can determine if a bad actor has infected the system, be it malware, backdoor, rootkit, Trojan, then from that point, I can put the system into Quarantine.
Being able to quarantine the system from the Dashboard. With these type of tools, pulling the power and running a hard drive image is not needed. Put the system in quarantine, start the analysis. A year ago, the network engineer might move the system into a VLAN that has no access to anything, except the system performing the remote analysis... Now I do not have to rely on anyone to move a system, power it down, pull the drive, or image the drive. I can just start the analysis right from my workstation.
The Live Response, again goes hand in hand with the quarantine feature.
By now, I am sure you see a process. Its simple, and easy and all done from a cloud-based console, called the dashboard. .. deploy the agent, create the policy, and active live response, set up email alerts, and monitor your endpoints... you are now ready to perform a triage in the event of an infection. We have step 1, step 2, step 3... but, just remember, things do happen, nothing is perfect, but this product has its advantages.
Policy management can be cumbersome. It is simple to set up a single policy but you have no way to apply the rules to multiple groups. If you need to set up the same rule to multiple policies, you need to type it over again.
Agent updates can be very slow to deploy. We use a mix of rolling out updates via the web console and our management appliance. It can take several weeks to update all agents.
We can be confused on why a rule will apply to a file. Sometimes something is blocked but we don't understand why.
The ease of use, pricing, support, reliability, and quality of the product. Panda / WatchGuard products are highly rated, priced right and easy to maintain. All of this make it very easy to renew and purchase new licenses for us and our clients.
The console of the product is very easy to use. It provides great detailed information about all aspects of things occurring on the endpoint. It was easy to deploy and set up. The centralized cloud-based interface has made it easy to add two domains and manage them under a single pane with multiple admins. The only reason I wouldn't give it a higher score is a little bit of lag between updated info from the clients and also the lack of accountability in the deployment process. You set the deployment up for multiple machines and can't easily see if it was successful and/or it takes a while to see if it succeeded or failed.
Easy and intuitive MSP management portal to manage all of your clients from a single pane of glass. Policies can be pushed down globally or individually based on needs. The client portal allows access to their tenant information and installs only which is nice if you are working with clients who might have an internal person or an IT team that also wants access to things to manage themself.
The software is 100% managed on a cloud platform that can be managed via an account even if they are not present within the company network where the software is installed, I even always opened the control panel on the browser of my smartphone to monitor the situation.I have never experienced any abnormal software crashes
The only annoyance I complain, if we want to be picky, is the fact of the constant disconnections from the control panel.Every about 4 hours the account logs out even if I set the "remember this device" flag; having said that I have not noticed neither slowdowns nor conflicts with other software
First, I need to disclose that our support is provided by SecureWorks. We purchased CB Defense from them, and they provide 24x7 monitoring and notification services for the solution and its deployment on our endpoints. To date, we are very pleased with this arrangement
I gave it a 10 because I compare it to air conditioning. I need it to work every day, 24/7. I need it to be reliable and not something that requires a ton of interaction from staff to make sure it works every day. In addition, I should be able to run other things at my house when the AC is on. Panda fits that description.
The training was very helpful. It demonstrated how to configure the service for initial install, items to monitor, and how to set up for ongoing protection. Hands on training is more helpful but this is a good starting point
Implementation shouldn't present any problems in standard office environments. In environments with development teams, however, caution is needed. If zero trust is enabled, mechanisms must be in place to ensure that internal software isn't classified as a false positive (software certificate, exception folder, etc.)
Cb is cloud-based and has a more advanced policy management. It also has better forensics information. Cost was similar, but Cb added cost savings in terms of IT management resources. We also have the ability to talk directly with engineers and have input on feature updates.
Despite offering great value for money, comparing Sophos' offering to WatchGuard Endpoint Security we find Sophos' offering is far superiour due to it's support system, the distributors it uses (apart from Arrow), it's management console, the resource-light application and, primarily, it's ability as an Endpoint Security program. Though the fact we offer both solution proves that WatchGuard Endpoint Security has it's place in an MSP's portfolio.
With the implementation of watchguard (at the beginning Panda Endpoint, but it is the same) I was able to insert in the control panel all the unauthorized software previously installed by colleagues without any authorization from the various department heads.Now any licensed software goes into lockdown and can be unlocked from the control panel
It has allowed me to add clients without increasing IT staffing
Its price point is very competitive for my company and my client's companies
Its ability to prevent ALL successful attacks on my company and that of my clients over the last 23+ years has immeasurable value in both confidence and dollars
