Endpoint Detection and Response (EDR) Features

Read what people say are the most valuable features of the solutions they use.
Karthik Balakrishnan says in a Carbon Black CB Defense review
Senior Security Consultant at a manufacturing company with 10,001+ employees
Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total, so it is out of like 65 vendors that are normally listed in virus total, if there are any kind of hits out of those, in that case, it is getting recognized as a known Malware or a suspected Malware. Under these categorizations, we are able to see a spike in the detection ratio. It is enlightening us with respect to what are the programs that are generally used in our environment and how they are compliant with our environment. View full review »
reviewer1275819 says in a SentinelOne review
Director - Global Information Security at a manufacturing company with 10,001+ employees
The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that. The reason we went into this whole selection process and selected SentinelOne is that their strategy is "defense-in-depth." They do not only do what the traditional AV endpoint security solutions used to do, but they go further by looking at behaviors and patterns. Additionally, their big differentiators are in the dept of behavior analysis. There are other companies that claim this - albeit in a lighter flavor. The whole behavioral analysis helps us get to the root causes. We can understand and pictorially see the "patient zero" of any threat. It shows the first one who got whatever that threat is. When you look at their console and you see a threat, you can not only pick up the raw data to do forensics on it, but it can actually tell you a storyline: who patient zero was and how this whole threat has spread through your environment or on that machine itself; how it happened. Then, you can check on these things yourself. That's crazy good. In addition, there is no dependency on the cloud to fully protect. Many products you see today, especially those called next-generation, depend on getting some information from the cloud. With this solution, you don't need to connect. It has the intelligence on the endpoint itself. That's useful because you're not always connected to the cloud. You could be in a lab. We've got laboratories where they aren't necessarily connected to the internet, but you want to have the latest intelligence of machine learning to see that you're doing the right thing. SentinelOne doesn't have to be connected. It's already got that behavioral stuff built-in. They have a rollback and remediation facility as well. If you've got a virus or some malware on a machine, it's going to detect it and it can actually just clean up that part of that malware. You don't have to do anything else. And if you have ransomware, for example, it will pick it up before it causes a problem. And if it didn't, you can actually roll back and get it to the previous good version. It integrates well with other products. We've got other cloud services that we use for security, and the intelligence is shared between SentinelOne and the CASB that we have. And with the threat-hunting, you can validate what it's telling you: Is it a real threat or is it just something that is suspicious? It can tell you everything that's running on an endpoint: What applications are running there and which of those applications are weak and that you have to watch out for. That's one of their free add-ons. You can do queries, you analyze, you can see who touched what and when. You can check the activities, settings, and policies. Another advantage is that you can break up consoles. You can have them all in the cloud, or you can have some available physically. You may want to keep certain logs local and not share them because of GDPR. You can do those kinds of things. It's very adaptable and malleable. If you have an agent on your machine, it will find out what things are neighbors to your machine. You can control machines at different levels. You can even control a device on your machine. If there is, for example, a USB device on your machine, I can control it and not let you use that USB device. I can actually get into your console and do stuff. The other strength of SentinelOne is that you get almost all these features out-of-the-box. They add many features as a default, you don't pay extra, unlike many other companies. There are services you do pay extra for. I mentioned that SentinelOne handles that first level SOC security analyst-type work. But if you need a deeper understanding, with research, they've got a service for that and it's one that we're using. I was convinced that our current team wasn't good enough, so we had to get that service. It's actually very cost-effective, even cheaper than other ways of getting that level of understanding. They are already reporting on application vulnerabilities in the landscape and working on providing remediation - another big win. Regarding the IoT feature, it's on the fence whether they're going to charge for it but that's an add-on module. However, it's not like you have to do anything to install it. You just have to click something in the solution. View full review »
Tony Tuite says in a SentinelOne review
Consultant at NFC/IT
The fact that this runs using AI instead of heuristics provides the best protection I've seen. It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting. I tested this by deliberately infecting an unpatched test machine with WanaCry. First of all, SentinalOne blocked the initial infection attempt. I had to put S1 into "notify only" mode on that system to actually infect the machine. Once infected, WanaCry did what it does... encrypted all the documents I had copied to the test machine and put up the background. We immediately got a notification on our dashboard that a system was infected. At the same time, we got a popup on the client machine notifying us of the infection, with the option to auto-repair the damage. It took less than a minute (granted, we only had about 200 MB of files on the test system) for S1 to repair the damage and put the machine back to normal with no evidence of the infection. You also can't remove the client from the local machine without approving it within the dashboard. This is a nice feature to prevent tampering by either hapless users or even skilled threat actors. View full review »
ManegeiT677 says in a Bitdefender GravityZone review
IT Manager at voluntis
The features that are most useful are the simplicity of deploying the package and the cryptosystem for managing all the situations on the computer. View full review »
Augusto Jose Garcia says in a Cortex XDR by Palo Alto Networks review
SOC Analyst at a tech services company with 201-500 employees
The integration with other products, the firewall, and the IPS are good features. View full review »
Manager of InfoSec at Joann Fabrics
Wildfire, advanced detection capabilities, and whitelist/blacklist features. These features have provided us an easy way to lock down our systems to prevent execution of unknown code and scripts and to prevent launching of code from end user writable directories. View full review »
reviewer1340322 says in a SECDO Platform review
Technical Services Consultant at a tech vendor with 1,001-5,000 employees
This is a mature product in terms of threat detection. The ease of deployment is a valuable feature. The cloud-based management and the dashboard are really good. You can easily see the status in terms of malware detection and analysis. Having access to the educational portal makes it easy to operate. View full review »
ChandanMunshi says in a FortiEDR review
Chief Technical Officer at Provision Technologies LLP
The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration. The security is also very good and the firewall response is good. View full review »
reviewer1236738 says in a Carbon Black CB Defense review
Assistant Technical Manager at a tech services company with 11-50 employees
* The triage feature that shows you the whole kill chain of the attack/malware is useful. It shows how the malware get into the endpoints and show what it has been done * The solution is easy to use and easy to deploy as it is cloud solution, no appliance is needed to deploy on premise View full review »
Imad Taha says in a Carbon Black CB Defense review
Group CIO at a construction company with 10,001+ employees
Carbon Black works completely differently from other products. We tested different products and Carbon Black was selected because it does not remove a virus but it kills any suspect operations and it's up to the admin to check the scenario. It kills the "effect," if you will. If you receive ransomware or anything suspicious, it will kill the process unless you allow it, after receiving warnings. I cannot say it's pure AI, but the way it works is that it stops any suspicious activity, not based on signature-based attacks. It works in a way that it detects that a given effect is unusual. Also, you can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well. Because of COVID-19, we are all working from home. Imagine if the centralization and control provided by the product were not on the cloud. We would lose control of the people working from home. So the centralized cloud control is one of its more effective aspects. View full review »
Rajesh Gawde says in a Cynet review
Head Delivery & Co-founder at Vincacyber
We are using almost all of the features and we find it quite good overall. View full review »
Donald Dindial says in a CylanceOPTICS review
Owner at Terra Controls
The most valuable part of this solution is that it is advanced technology. Cylance is an engine, it is not a signature-based antivirus protection solution. It is based on the AI (Artificial Intelligence) and the ML (Machine Learning) models. Apart from the issue with the false positives — which is a known issue — the product could really not be more proactive in the way works. A signature-based protection solution goes out to a central server and picks up whatever the latest antivirus definition is that is out there and uses it as a blueprint to see if you have anything that is running that is included in the definition. This is a pre-defined list of malware processes and even if it is updated frequently, it is static. What Cylance does that is different than signature-based systems is that it is processor-powered monitoring. It remains on guard looking to see if there is something that is running that is out of the ordinary on your machine. It basically looks for anomalies. So if there is a behavior that raises a flag and that something is going on that should not be happening — it discovers an inconsistent behavior that does not look kosher — it will cancel the process. That is basically how it works. So, for example, if you can imagine if something malicious enters your system and it wants to read something from the registry. Maybe for you and me reading from the registry is fine, but for this other entity (or program or malware), Cylance detects the unusual behavior and makes a decision. In this case, it might decide this entity is not supposed to be reading the registry because it might want to change something inside of it. If it wants to change something, then it is a malware or some other type of intrusion. So Cylance stops the process as it is happening and blocks whatever is making the bad action. That is actively patrolling for malicious behavior. View full review »
reviewer1292046 says in a CylanceOPTICS review
Manager - Information Security & Projects at a insurance company with 201-500 employees
The most valuable feature is the sandboxing. View full review »
reviewer1278807 says in a CylanceOPTICS review
Cyber Security Consultant at a tech services company with 10,001+ employees
The most valuable feature is the ability to respond to zero-day and unknown threats. This is what is most often talked about by our customers. They want to pay to protect their endpoints. View full review »
Director at a tech vendor with 11-50 employees
The solution is very easy to use. It's very simple to find the information we need. WatchGuard offers something called DNSWatchGo. It also is a cybersecurity offering. It can be added to Threat Detection and Response to make both stronger. View full review »
ShreekumarNair says in a Cynet review
Chief Executive Officer at a tech services company with 11-50 employees
This solution requires less management and is very easy to use. Cynet can be controlled from a mobile device such as an iPad or an iPhone. View full review »
reviewer1259418 says in a RSA NetWitness Endpoint review
Senior Cyber Security Analyst (SAFe Agile) at a transportation company with 1,001-5,000 employees
The detection rate and tracking features including historical tracking, tracking of the fires on the desk, and tracking of the file last monitored are all quite valuable for us. View full review »
reviewer1261773 says in a SentinelOne review
Engineer II, Enterprise Client Support at a media company with 10,001+ employees
We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access. The agent will now also report the location in AD. This allows you to create dynamic collections of machines in the cloud console based on their location in local AD. You can replicate your AD OU structure into the console and run deployments and reporting based on OU. It's a very powerful feature and something that was missing in our last product. View full review »
Global IT Project Manager at a manufacturing company with 10,001+ employees
The most valuable feature is the EPP part. View full review »
reviewer1222155 says in an Elastic Security review
Manager- Information Security at a tech services company with 51-200 employees
The best feature would be the threat hunting and its AI chat-related queries. It's simple. You can just chat with the system so it can get you the report based on a chat rather than going through a configuration. It's got a built-in artificial solution, a chatbot. The interface of the solution is good. View full review »
Christopher Bell says in a Cortex XDR by Palo Alto Networks review
Senior System Administrator at Mississippi Department of Corrections
WildFire AI is the best option for this product. View full review »
Mark Adams says in a Carbon Black CB Defense review
Senior Manager, IT Security and Compliance / CISO at Superior Energy Services, Inc.
The most valuable feature is that it detects and stops malicious executables. Admins can use the portal to obtain a command shell on an endpoint to perform further investigation. View full review »
RajaeAl Najjar says in a Carbon Black CB Defense review
Solutions Manager at Samir Group
The offline networking is the most important feature. Some of our users are engineers that work offsite, and they can still be on the solution, which is also great. View full review »
reviewer1175688 says in a Cynet review
CEO with 201-500 employees
The feature I find most valuable is the reality graphical user interface, which I think is really different from the others on the market. I also like the audit function that is included in the standard version. View full review »
Massimiliano De Cò says in a SentinelOne review
Socio Fondatore e Proprietario at 2DC srl
The solution offers very rich details surrounding threats or attacks. View full review »