Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.
$2.50
per user/per month
ServiceNow IT Service Management
Score 8.4 out of 10
N/A
Built on the ServiceNow Now Platform, the IT Service Management bundle provides an agent workspace with knowledge management, and modules supporting issue tracking and problem resolution, change, release and configuration management.
N/A
Pricing
Microsoft Defender for Endpoint
ServiceNow IT Service Management
Editions & Modules
Academic
$2.50
per user/per month
Standalone
$5.20
per user/per month
ITSM Standard
Custom Quote
ITSM Pro
Custom Quote
ITSM Enterprise
Custom Quote
Offerings
Pricing Offerings
Microsoft Defender for Endpoint
ServiceNow IT Service Management
Free Trial
Yes
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
ITSM Pro and ITSM Enterprise also are available with optional "Plus" add-ons. These include AI Agents, an AI Agent Studio, and other features that augment the capabilities of the platform using AI Virtual Agents to automate tasks.
Because of its integration with Windows, it is very easy to deploy and manage. Any IT department should be able to leverage the software and interface. The admin portal provides weighted recommendations that comprise the Secure Store, offering admins, security teams, and business owners valuable insights into their security footprint without requiring a strong security background. The software would be ideal for small and mid-sized businesses that cannot dedicate resources to security. Larger enterprises would also benefit, but may require the enhanced license.
In our organization, we are using ServiceNow extensively. Change Management, Incident Management, Problem Management, Time tracking are few modules which we use extensively. This sort of model will work for any product or service based companies as the product is built on ITIL framework. So this product will be suited for small or large scale companies to better organize and add controls and track SLA's for technology or business process.
One, it's crazy lightweight, so compared to some of the competitors that we also have used with our security services, it's really lightweight and so I don't have a lot of overhead on the system that it's running on.
When I have a number of requests to make, for example a request to add a dozen or so user accounts to more than one group account in Active Directory , I can put all the needed information into the initial form, add it to my "shopping cart" and all of that information remains on the screen for the next item for which I only need to edit a few items (like the AD group name in this example), and keep adding them to the shopping cart until I have them all. When I "Check Out" each of those items is generated as a separate task under the one request. It simplifies and expedites the creation and tracking of these kinds of requests.
I can easily and quickly see what tickets are currently assigned to me in order to prioritize them and remain aware of my workload.
Numerous fields for CIs can be used when trying to find the entry for a particular item. For example, IP Address, server name, raw text, classification, and so on.
To help with making sense out of related tasks, when a task is assigned to me and I need to open another task for a different team to work in order to complete my task, I can open a sub-task from my ticket so that the relationship between the two can be pulled up later into reports. For example, I may have a task to build a new vm, and need to open tasks for networking, security accounts, software installation and so on. By opening sub-tasks from my assignment, the time spent by all parties concerned is tied together for more meaningful cost accounting.
So the fact that Defender for Endpoint still works with signatures is actually, I don't know, a little difficult for us because, I mean, since Microsoft trusts those signatures, you can easily inject code. And we've done it many times. To show that you can inject code through vulnerabilities like CV 2013, 99, and 33 but still keep the signature. So because of the trust of those signatures, the malware just kind of slides into the environment without Defender knowing. That's the first part. The second part is that the behavioral analysis is not precisely its Prime. It's not Defender's best capability for endpoints. So, Defender does not identify all behaviors considered by other EDRs in the market.
It is hard to find areas for improvement, the tool is very powerful. That said, building the CMDB still involves some manual interaction which was not how it was presented in demos.
The CMDB data is almost too deep and detailed. When you build the relationship map it can be so large that it is overwhelming. You can limit this, but the default maps are massive if you are discovering lots of device classes.
The product is expensive. Since they are the leader in the industry and the product has tons of features, they definitely charge for it!
Cost add-ons for Security features is nickel and diming the process to keep pace with cybercrime. Limited Education budgets require us to be more pro-active in finding cost-effective measures to protect our devices, staff and students. Defender is a strong, well-featured product that is pricing itself out of the education market
To be completely honest setting up a new ticketing system can be a pain in the ass. Once you have it setup and customized the way you want it, you don't want to switch unless you're unhappy with the product. Unless future releases and updates really muck the system up, I wouldn't change.
It offers multiple security features and integrates well with Microsoft ecosystems. A workflow for threat detection, investigation, automated remediation, and a centralized dashboard is an added advantage. This application is mainly designed for experienced users; new users may feel challenged.
The dashboard is so confusing, [there are] many clicks to open a task and search by a ticket. The Enterprise customisation [we did] has finished to kill the software and creates a really bad experience on a daily basis. [It is] So slow, and so many clicks to process a ticket. Works only on IE so, that [should] make you realize that [it] is a bad idea.
Microsoft Defender for Endpoint chugs along just fine no matter what we throw at it and what systems it's running on. It doesn't take up a lot of resources either, so that's welcomed.
The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session
I would give it this rating because we have had no major issues with the support for ServiceNow after we implemented it at our organization. They seem to respond promptly and efficiently if we ever do need to open a support case with them about an issue we are having.
To type in what should be a text box, you have to click an empty cell, a tiny text box pop up opens with a check box and an X. You the. Type in the text box and have to click the check mark. If you have a bunch of fields to fill out, doing this is very annoying. Absolutely know thought went in to this. I'm sure somebody in marketing thought it was a good idea. It wasn't.
Deployment was handled by our team here and everything went pretty smoothly. We did have a few hiccups in our test group, but that only took a bit to get ironed out.
Without exception, every client I have worked with has been very happy with their resulting product. While this is partly due to my work, I must point out that the platform is the winning decision, not the implementer.
Cylance's policy is to block everything and requires an active person to monitor and unblock legitimate processes. As updates and software continue to evolve, it is a full-time job to be a Cylance administrator. Microsoft Defender for Endpoint is a set-and-forget solution that catches threats when they occur and leaves you to focus on your work unimpeded.
We used to use Jira to handle service tickets but it's way too robust for something this straightforward. Due to the nature of Jira, you needed to already have a lot of documentation and knowledge about who should be assigned the ticket, so the lift of creating a ticket was time consuming.
Overall ServiceNow has a positive impact on getting the SLA of tickets down in supporting our customers.
One negative impact has been the amount of time to get the product to produce an ROI, it's almost too big to fail and too big to replace. You almost become committed to the product. Good or bad.
Another negative impact would be if you track metrics of employees and time tracking, there is a lot of scenarios where engineers will track time on tickets but not get credit for closing them as the assignee function of tickets can only be tied to one user and credits only the engineer who closes the ticket.
Another positive impact would be the level of security for permissions and scaling the workloads is robust and you will get out of the system what your team is willing to put in.
