Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.
$2.50
per user/per month
Symantec Critical System Protection
Score 10.0 out of 10
N/A
Symantec Critical System Protection is a lightweight behavioral hardening engine purpose-built to protect legacy, EOL systems and embedded devices, by adding layers of defense at the kernel level to prevent unhygenic operations on IoT devices and machines.
I think it's well suited as a drop-in EDR, really an XDR, I guess if you want to go there. A platform for most organizations. I think it lacks some of the granularity in off-the-shelf rule sets that I want for defense Industrial base or financial services clients. For heavily targeted organizations, I think it requires a lot more customization than some of the competitor products off the shelf. So if you get there, it's not there day one.
Symantec Critical System Protection (CSP) is very well suited for environments that do not change such as point of sale systems and critical servers. This product is spectacular at protecting end of life operating systems when supporting legacy software prevents upgrades. When security updates are no longer available, CSP will prevent exploits and other malware from taking advantage. This product is not well suited for systems that require a lot of changes. For one, it does not notify when a change has been blocked by CSP, causing some server administrators to waste many hours chasing a phantom technical problem when turning off CSP could have solved it right away. Also, profiling takes time so systems that constantly change would need hundreds of exceptions made.
It integrates perfectly with Azure Sentinel. I mean, that's great. We can have a single pane of class with other platforms, like Defender for Cloud, Defender for endpoints, and Defender for servers, which is awesome as well. The ease of deployment is because Microsoft made sure around a year ago that every single workstation with Microsoft Windows came with Defender for Endpoints embedded.
While it's a very good product for auditing, it has a very hard time to distinguish what is malicious and is an attack, what is not. Very rarely we get indication of a real malicious attack. We got lots of hours for off the shelf malware that it cleans up automatically. So basically we never get to look at it, which is a positive thing, but threats are detected by the third party endpoint, so it will not be enough by itself.
Cost add-ons for Security features is nickel and diming the process to keep pace with cybercrime. Limited Education budgets require us to be more pro-active in finding cost-effective measures to protect our devices, staff and students. Defender is a strong, well-featured product that is pricing itself out of the education market
Because in terms of the usability is easy to understand, it's easy to manage, obviously you need to have specific skills to do that, but I would say that even the console and the product is walking through the flow that you are looking for on this console.
The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session
They respond quickly and efficiently without the need to reiterate the actual issue. Their backline support is amazing and always there for us when it is needed. They explain the troubleshooting steps taken and what they did to help us resolve the issue just incase it creeps up again we have the information to correct it ourselves.
I would say not to name specific company names, because I'm a partner with one of them and that's the account that I work with. But I use some competing solutions that I would say are pretty heavy from an overhead perspective with the agent that has to be installed in the machine. It can be too restrictive for permissions where it gets in the way of an employee doing their job and the ability for Defender to be secure in that, but still allow an employee to go about their day and do what they need to do is certainly a change maker there. But yeah, from the other products perspective across the years, whether it be business or personal, some other products I can name are other endpoint protections from Vera Avast, McAfee, of course as folks remember that. And some of the other major players too that I would say a large networking company that doubles in security as well. I'll name them that way.
We evaluated Bit 9 and you have more flexibility with the rule set and do not rely on the cloud to tell you what is approved and not approved. You build out the policies the way you need them to be and who better knows the environment that the people that work it daily.
