Forcepoint Data Loss Prevention (DLP) protects sensitive data everywhere it resides and moves, across endpoints, cloud apps, web, email, and on-premises environments. It delivers unified policy management and centralized control from a single console.
N/A
Kaspersky Endpoint Security Cloud
Score 8.1 out of 10
Small Businesses (1-50 employees)
Kaspersky Endpoint Security Cloud provides a solution for organizations' IT security needs, blocking ransomware, file-less malware, zero-day attacks and other emerging threats. Kaspersky’s cloud-based approach helps users to work securely on any device, and collaborate safely online, at work or at home, from remote offices and in the field. The cloud-native console means the organization's security can be managed from anywhere, any time.
$215
LevelBlue USM Anywhere
Score 7.6 out of 10
N/A
The LevelBlue USM Anywhere XDR platform (replacing the former AlienVault USM) delivers threat detection, incident response, and compliance management.
Netskope, Digital Guardian. We've stuck with Forcepoint to limit the number of major architectural changes in a given year. If we achieved diminishing marginal returns on its ROI, then we'd change because the prevention is good, but the headache has to be less than the …
-Where companies need to secure their attachment, which goes outside, means from their company to outside -Where companies need to ensure their client's personal information -Where companies need DLP. They need to look for Forcepoint only, as they have the upper hand over the rest of their competitors.
Well-Suited Scenarios:Small to Medium-sized Businesses (SMBs): Kaspersky Endpoint Security Cloud is well-suited for SMBs with limited IT resources. Its cloud-based management simplifies deployment and ongoing security administration, allowing smaller businesses to benefit from enterprise-grade protection without the complexity.Distributed Workforces: In scenarios where employees work remotely or across multiple locations, the cloud-based nature of Kaspersky Endpoint Security Cloud is advantageous. It enables centralized management of security policies, ensuring consistent protection for all endpoints regardless of their physical location.Proactive Threat Detection: Organizations that prioritize proactive threat detection and response benefit from Kaspersky's advanced capabilities. The endpoint detection and response (EDR) features help identify and mitigate potential threats in real-time, crucial for industries handling sensitive data.Less Appropriate Scenarios:Highly Regulated Industries with Specific Compliance Requirements: In industries with stringent compliance regulations, organizations may require specialized solutions that offer more granular control and reporting features tailored to specific compliance standards. Kaspersky may need to enhance customization options to cater to these specific needs.Resource-Constrained Environments: While Kaspersky Endpoint Security Cloud is generally efficient, organizations with extremely resource-constrained environments, such as older hardware or limited bandwidth, might find the solution demanding in terms of system resources.
At this point I'm saying a 4. While the marketing material make it appear to be easy to use and it was relatively easy to set up, as previously mentioned, each event description is based upon the individual asset making it nearly impossible for the administrator to be a SME for each asset. For example, if one of the assets reporting is a router, the administrator monitoring alerts would need to know what the various events are that can be triggered as an event for the particular router; however, if the asset is a workstation, the administrator would need to know the various events that are triggered for workstations.
It has predominantly protected us from unauthorized parties and has provided us with better visibility and control over our data.
This software has also successfully prevented us from both malicious and accidental tasks, which are quite flexible actions when it comes to the violation of data loss prevention policies.
This product has been successful in improving compliance and even mitigating compliance violations, which further facilitated IT security.
I think there is room for improvement, as the user interface is slightly rough and difficult to adopt in the beginning. The software also hangs up at a few instances, which leads to some wasting of time and annoyance, but other than that, this software is good. The technical staff should work on the complexities for a better user experience.
Excellent Customer Service - Every time I need something from my main contact at Kaspersky I will get the fastest support within a day or two max, depending on the hour I call.
Excellent Performance - KES has been I can say a ghost on my company and my clients because of it's performance, since is light weight when processing and protecting.
Excellent Administration of Cloud Console - It's easy to navigate thru the KES Cloud Console having a quick help that orientates for any easy doubt to clear out, if needed to escalate I can always setup a Ticket and get a fast response.
AlienVault USM is simple and easy to deploy. Sensors can be deployed in as little as 15 minutes through the setup wizard.
The USM UI is easy to understand. I've trained multiple analysts who are able to perform their duties on their first day, in part because of USM Anywhere's ease of use.
Top-notch built-in compliance templates and reporting features.
Forcepoint technical support--specially for users who go with essential support--is challenging to get support on time. You need the ticket to be raised long beforehand to get support from TAC. However, in the case of enterprise support, its is not like this technical person will come on a priority basis.
However it comes with higher prices, especially for SMB, it is allowed to pay that amount for support only.
Though the Kaspersky Endpoint Security Cloud provides security from all the types of Cyber threat but it will be great to have the protection from the attacks which occurs from inside of an organization.
As Kaspersky Endpoint Security Cloud provides the Cyber security training to it's users in only Kaspersky Endpoint Security Cloud Pro which should be included in it's all versions so that the users will be aware of the Cyber threats.
The feature of root cause analysis is a great feature of Kaspersky Endpoint Security Cloud but I feel there is a scope for improvement in it.
Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
Some of the filters when looking for a specific alert aren't that easy to use.
We have been fairly happy with the product and how it has worked. We have looked at other vendors for url filter and such and have not found one that meets our needs or does what we have been doing with Websense. The product has been fairly stable and we have only had a few issues in the past. We have all seen that it was one of the highest leaders from the Gartner Group Magic Quadrant for Web Gateways.
We have been using Kaspersky Endpoint Security products for several years and the jump to the console cloud has been very comfortable for us since we do not have to dedicate a server to the Kaspersky Endpoint Security console but rather the console is in the cloud so that we save the server and its financial amount, electrical expense, cost of its housing in the CPD.
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
For us, Forcepoint Data Loss Prevention was difficult to administer, did not work well when it did work, was incredibly expensive for the feature set you get, and was difficult to uninstall when we moved on from the software. Once it was fully set up, it worked occasionally for us.
It allows us to roll out endpoint protection quickly from a cloud interface to hundreds of users within seconds and keep those devices secure. From deployment of BitLocker and keeping track of the keys from the interface has saves many users from stolen laptops and devices since we used Kaspersky as our main device protection.
Once you are able to navigate the different panels, finding what you need is quite easily. Before getting used it it can be a bit of challenge . Each panel is quite well laid out and the filtering search capabilities are quite strong.
Kaspersky is a market leader company, so I had no doubt that I could trust their cloud services availability. As of now, I haven't experienced any downtime on their cloud portal or any issue in the agent itself. I would recommend it in terms of reliability.
We do have issues with maintenance on the AlienVault USM as the disk fills up from time to time with other data sources. Sources for scanning logs and net flow data isn't calculated in regular disk maintenance and can easily fill up our disk if we do not keep an eye on it with some custom Nagios plugins. The system does properly trim logging data from logging sources properly.
We have had no major issues with Kaspersky Endpoint Security Cloud. The product has a very low overhead. There have been issues in the past where web pages have been slow to load, as they are being processed by the Kaspersky Security Network. That said, when the issue was reported to technical support, they were quick to assess and provide a viable work around.
With the latest release of AlienVault USM overall performance has not been an issue. We have noticed single source events per second does not scale well with the overall system. 2,000eps on a vmware system with a single source produces delays of up to an hour for us. Pages, reporting and even raw log searches are rather quick though.
Support from Forcepoint has been lacking. When calling in with a high priority issue we rarely are able to work with a technician immediately. The queue waits are very long and when you get through there are no support engineers available and we need to wait for a call back for hours it seems.
We only had to send a query to Kaspersky Endpoint Security Cloud support. We had a problem accessing the cloud console and we opened a case with them. They assisted us quickly and gave us precise and concise instructions to access the Kaspersky Endpoint Security cloud console.After completing the steps indicated we were able to access the console
The support we received from alienvault was excellent. They went above and beyond in making sure everything was working as it needed to be. They REALLY want their product implementation to be a success and our security goals be achieved. They are like a member of our security team.
The Kaspersky Endpoint Security Cloud online training was very complete and access to the console and the main administration tasks were explained to us.Also how to view security events, customer inventories and reports.In addition, Kaspersky provides a large number of manuals, web help, and videos to refresh your knowledge in the future.
I did not have any experience with "in person" training directly. The free online classes offered for a half a day are based on the actual training offered. These little teasers are very good and well worth your time to learn a few quick and dirty ways of getting more information from your SIEM
The Kaspersky Endpoint Security Cloud online training was very complete and access to the console and the main administration tasks were explained to us.Also how to view security events, customer inventories and reports.In addition, Kaspersky provides a large number of manuals, web help, and videos to refresh your knowledge in the future.
It was very well organized and helpful in using the product to the fullest extent. The instructor allowed time for folks who were involved with managed services to receive tuning tips in order to better support their customers. In addition, the course materials were automatically updated when the new version came out.
The implementation of this product is easy, the console is mounted and from it the client is distributed to the rest of the computers. In this way, the Kaspersky Endpoint Security client is installed on all the computers in the company's IT park and its servers.The installation of clients requires that they have visibility with the console that is in the cloud.
AlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely easy to convert over to a full license once we started with a paid version.
User friendly solution that makes it easy to deploy and manage. Forcepoint Data Loss Prevention very effective to protecting our valuable data on endpoints and where data lives like in the Cloud, server and on-premises disk drives and its valuable to just set policies once and start utilizing Forcepoint Data Loss Prevention solution.
Comparison: Scope and Sophistication: Kaspersky Endpoint Security Cloud offers a comprehensive security suite with a focus on simplicity and cloud-based management.Kaspersky EDR Expert is specialized in advanced threat detection and response, suited for organizations with a higher level of cybersecurity maturity and a need for proactive threat hunting.Target Audience:Kaspersky Endpoint Security Cloud is ideal for SMBs seeking a user-friendly, all-in-one security solution.Kaspersky EDR Expert caters to larger enterprises with a focus on in-depth threat analysis, incident response, and continuous monitoring.Deployment Options:Kaspersky Endpoint Security Cloud is cloud-centric, simplifying deployment and management.Kaspersky EDR Expert provides flexibility with on-premises or hybrid deployment, accommodating diverse IT infrastructures.Ultimately, the choice between the two depends on the organization's size, cybersecurity maturity, and specific requirements. Kaspersky Endpoint Security Cloud is a versatile and accessible solution, while Kaspersky EDR Expert is tailored for organizations with a heightened focus on advanced threat detection and response capabilities.
Splunk's ES is a paid add-on on top of an already pricey product. Finding a MSSP that supports Splunk and isn't a 6 figure annual commitment seems unlikely. LogRhythm did not have a cloud-based solution when we were considering SIEMs. Fantastic product though and have a good MSSP base. Devo did not have a MSSP partner base when we looked. Their product is fantastic too. AlienVault USM has good partners to choose from as well as an affordable cloud model, that's why we chose it.
The manufacturer Kaspersky was very flexible with the terms of the contract for the Kaspersky Endpoint Security Cloud product since it has prices by number of licenses, offering discounts for the volume of licenses to be contracted as well as for the duration of the contract. They show a very empathetic attitude with the client, trying to adapt to what the client needs.
Kaspersky Endpoint Security Cloud is a distributed product, you connect to the console and the client is installed on the computers and servers and the only configuration it needs is the console address. Then they connect and the console downloads the virus definitions and defined policies.There are no client limitations, you can even have multiple consoles if you want to have "separate" clients.
The AlienVault USM is not very scalable. Some scalability can be achieved by installing additional sensors, but this only offers 500eps per sensor and is still overall limited by the installation type of VM or physical. We have also noticed the EPS (events per second) is rated overall and not towards a single source. A single source on a very healthy VMware partition tops out at 2,000eps for us, no matter how we configure it. Maybe this is a problem of the 5.2 release?
The exchange of financial documents with customers creates extreme risk as data loss could result in financial and reputation damage to the customer. The cost of deploying Forcepoint is fractions of pennies compared to the potential financial impact of data loss.
There is some administrative overhead associated as false positives are inevitable, requiring a manual review and a potential loss of productivity.
KES Cloud is the next step on security, where clients did not believe on Cloud solutions, now with this approach of not having servers onsite they are Hapy with the solution, less asset management and updates of hardware is one of the best. At least per Year Min a 6-10K up to 20-30K per year saving with KES Cloud.
Cloud Console has been a great change due to de easiness to manage it ad reporting as well.
Once you hit the 150 asset mark, you have to jump to their unlimited license. There is no middle ground. We were only 10 or so assets above the 150 so we had to chose to either not monitor those assets or pay the price of the upgrade.
AlienVault brings all the information to one place which makes it much quicker to track down problems.
