Endpoint Detection and Response Features

Read what people say are the most valuable features of the solutions they use.
Karthik Balakrishnan says in a Carbon Black CB Defense review
Senior Security Consultant at a manufacturing company with 10,001+ employees
Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total, so it is out of like 65 vendors that are normally listed in virus total, if there are any kind of hits out of those, in that case, it is getting recognized as a known Malware or a suspected Malware. Under these categorizations, we are able to see a spike in the detection ratio. It is enlightening us with respect to what are the programs that are generally used in our environment and how they are compliant with our environment. View full review »
Jayandra Wickramasinghe says in a Carbon Black CB Defense review
Senior Systems engineer at a tech services company
Carbon Black Cb Defense has a nice component called Alert Triage. It has helped to detect threats across the data. It contains full details of the process execution "kill chain" and "go live" for immediate remediation. View full review »
Leonardo Meneses says in a Carbon Black CB Defense review
Incident Response Analyst at a security firm with 51-200 employees
The go live, because it is possible to answer incidents while they are still occurring and minimize the effects. View full review »
Brody Wright says in a Carbon Black CB Defense review
System Analyst at a hospitality company with 1,001-5,000 employees
* The software uses very few resources; it is almost invisible to the end user. * Behavioral Monitoring stops known malicious events before they even begin. * The whitelist: Being a Casino, we have some odd software packages. Being able to whitelist them is a must. * The option to quarantine a device and use the cloud-based portal to gain a “shell” on the infected machine. With this, we can dump the entire system memory to a machine in our lab, then run analysis. View full review »
Amit Lavi עמית לביא says in a SECDO Platform review
Co-Founder & CEO at a marketing services firm with 1-10 employees
* Full endpoint visibility * Records everything! Every endpoint. * IOC/BIOC rules * It basically automates the entire alert investigation process. View full review »
Kurt Miller says in a Code42 Next-Gen DLP review
Senior IT Manager at a marketing services firm
Low system overhead, setting retention policies, ease of use View full review »
Ahmad Hasan says in a CrowdStrike review
Electrical Engineer at a energy/utilities company with 1,001-5,000 employees
The features that we have found most valuable are the detection functions. You cannot rely on the signature based detections anymore. You need something to look after signature-less attacks. View full review »
SeniorAsd84b says in a CrowdStrike review
Senior Associate - IT at a financial services firm with 51-200 employees
The most valuable feature is that our systems are monitored and we are alerted to any unusual behavior. View full review »
Darrick Kristich says in a Carbon Black CB Defense review
Founder/CEO at Sedara
The biggest feature out of Carbon Black is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment. It also helps us determine what other things may have been impacted along with it, from an asset standpoint. It allows us to go into more depth than a more traditional antivirus, like Symantec. Symantec is more of a traditional antivirus. A lot of it is signature-based. It works quite well for normal protection. It is pretty stable and consistent. It seems to work across the board. There are no real issues to speak of it, which is a definitely a positive thing. One of the more beneficial things is that it does include the active endpoint firewall with it, which allows your endpoints to have a bit more above the standard Windows firewall, then collect all the logs from that. This is a good feature from their firewall piece. Also, the logging out of Symantec is quite good, as you put a lot of great logs into a SIEM or any other log collector from the platform. The difference between the two products is the level of visibility and depth that you get when investigating alarms or issues. You can go a bit deeper with Carbon Black. Symantec does have an additional add-on, which we have not seen since it is a relatively new component. They call it Advanced Threat Protection. It uses the same endpoint, but has a separate license with additional costs, which is meant to allow you to go a little deeper in terms of endpoint and incident investigations. However, it doesn't provide the interactive drill down, prevention, and response capabilities that you need to be able to isolate a system, delete files, or actively kill processes which have been helpful with Carbon Black. View full review »
Murad Gurbanov says in a Digital Guardian review
Presales Specialist at bc solutions
Digital Guardian has the cloud correlation servers that give you visibility. Works like EDR and the correlation servers are like a perfect instrument for security analysts. View full review »
Zed Burnett says in a SentinelOne review
Field Technician at Sonrise Technology Solutions
I have found the activity timeline and threat analysis to be particularly useful. View full review »
Secu8765 says in a CrowdStrike review
Security Engineer at a tech services company with 11-50 employees
When something is detected you can log into the GUI and you can get very specific details about what happened. It's very helpful for investigating incidents and this sort of thing. View full review »
Executiv435c says in a FireEye Endpoint Security review
Executive Officer at a tech services company with 10,001+ employees
It is very valuable in finding out unknown malware. View full review »
ThreatIn8e74 says in a Tanium review
Threat Intelligence at a university with 10,001+ employees
Being able to go as granular while looking at our network and users. Also, getting as much detailed information on analytics, which is good. View full review »
Erik Sobel says in a CrowdStrike review
Director of Security at a insurance company with 51-200 employees
The most valuable feature is its forensics capability. View full review »
ITgov9887 says in a SentinelOne review
IT Security Manager at a tech company with 1,001-5,000 employees
The machine learning module is the most valuable feature. View full review »
Lindsay Mieth says in a SentinelOne review
CISO with 1-10 employees
The forensics analysis feature provides substantial help in determining the extent of the problem and how it affects the machines. View full review »
Jitu Mani Das says in a FireEye Endpoint Security review
Information Security Manager at a tech services company
All the features of HX give the administrator control over the managed devices: * Managing is easy * The different threat actor based signature * Behavioural analysis * Malware protection * Zero-day protection IOC based detections are really the best ones. However, the enterprise search option is a hunting option given to the admin. View full review »
Kunal Gupta says in a CrowdStrike review
Security Engineer at a tech services company with 10,001+ employees
* It can connect to host and isolate it from the network if needed; this feature helps us to investigate the endpoint without visiting the endpoint and then testing. * It saves time and helps to contain the threat in less time. * complete visibility into the endpoint View full review »
Parikshit Goutam says in a CrowdStrike review
IT Manager at a consultancy with 5,001-10,000 employees
Because it is security product and acts like an AIML smart product, not merely based on daily/weekly updates and signatures. View full review »
Director916d says in a CrowdStrike review
Director of Cloud Architecture at a energy/utilities company with 10,001+ employees
I noticed that the performance hits on our operating systems are a more minimal than they were on McAfee. View full review »
Fadhullah Iskandar Roy says in a CrowdStrike review
Solution Architect at a comms service provider with 1,001-5,000 employees
The most valuable feature is its threat analysis. View full review »
Nachiket Sathaye says in a CrowdStrike review
Information Security Consultant with 201-500 employees
The EDR feature of CrowdStrike is fantastic. Also, in comparison to other solutions, it can connect remotely, so our security analysts can get into the system directly and do manual analysis as well. I also like the overall reports. They are crisp and to the point. View full review »
it_user629541 says in a RSA NetWitness Endpoint review
Security Consultant at a tech services company with 10,001+ employees
One of the most valuable features is the Orchestrator. View full review »
Mehedi Hassan says in an ESET Enterprise Inspector review
Senior ICT Specialist at a non-profit with 1,001-5,000 employees
I find the multilayered endpoint security to be the most valuable feature. It prevents malicious modules from being executed in the organization's network. ESET Enterprise Inspector's open architecture gives the flexibility to detect violations of policies about using specific software like torrent applications, cloud storages, Tor browsing or other unwanted software. View full review »

Sign Up with Email