Endpoint Detection and Response Features

Read what people say are the most valuable features of the solutions they use.
Karthik Balakrishnan says in a Carbon Black CB Defense review
Senior Security Consultant at a manufacturing company with 10,001+ employees
Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total, so it is out of like 65 vendors that are normally listed in virus total, if there are any kind of hits out of those, in that case, it is getting recognized as a known Malware or a suspected Malware. Under these categorizations, we are able to see a spike in the detection ratio. It is enlightening us with respect to what are the programs that are generally used in our environment and how they are compliant with our environment. View full review »
Jayandra Wickramasinghe says in a Carbon Black CB Defense review
Senior Systems engineer at a tech services company
Carbon Black Cb Defense has a nice component called Alert Triage. It has helped to detect threats across the data. It contains full details of the process execution "kill chain" and "go live" for immediate remediation. View full review »
Leonardo Meneses says in a Carbon Black CB Defense review
Incident Response Analyst at a security firm with 51-200 employees
The go live, because it is possible to answer incidents while they are still occurring and minimize the effects. View full review »
Brody Wright says in a Carbon Black CB Defense review
System Analyst at a hospitality company with 1,001-5,000 employees
* The software uses very few resources; it is almost invisible to the end user. * Behavioral Monitoring stops known malicious events before they even begin. * The whitelist: Being a Casino, we have some odd software packages. Being able to whitelist them is a must. * The option to quarantine a device and use the cloud-based portal to gain a “shell” on the infected machine. With this, we can dump the entire system memory to a machine in our lab, then run analysis. View full review »
Mark Adams says in a Carbon Black CB Defense review
Senior Manager, IT Security and Compliance / CISO at a construction company with 5,001-10,000 employees
The most valuable feature is that it detects and stops malicious executables. Admins can use the portal to obtain a command shell on an endpoint to perform further investigation. View full review »
Tony Tuite says in a SentinelOne review
Consultant with 51-200 employees
The fact that this runs using AI instead of heuristics provides the best protection I've seen. It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting. I tested this by deliberately infecting an unpatched test machine with WanaCry. First of all, SentinalOne blocked the initial infection attempt. I had to put S1 into "notify only" mode on that system to actually infect the machine. Once infected, WanaCry did what it does... encrypted all the documents I had copied to the test machine and put up the background. We immediately got a notification on our dashboard that a system was infected. At the same time, we got a popup on the client machine notifying us of the infection, with the option to auto-repair the damage. It took less than a minute (granted, we only had about 200 MB of files on the test system) for S1 to repair the damage and put the machine back to normal with no evidence of the infection. You also can't remove the client from the local machine without approving it within the dashboard. This is a nice feature to prevent tampering by either hapless users or even skilled threat actors. View full review »
RajaeAl Najjar says in a Carbon Black CB Defense review
Solutions Manager at Samir Group
The offline networking is the most important feature. Some of our users are engineers that work offsite, and they can still be on the solution, which is also great. View full review »
reviewer1175688 says in a Cynet review
CEO with 201-500 employees
The feature I find most valuable is the reality graphical user interface, which I think is really different from the others on the market. I also like the audit function that is included in the standard version. View full review »
Massimiliano De Cò says in a SentinelOne review
Socio Fondatore e Proprietario at 2DC srl
The solution offers very rich details surrounding threats or attacks. View full review »
Zaul Hug says in a SentinelOne review
IT Manager at apex
We have a preference for their receptor. It's good at finding many EFC files. Normally, EFC files could have a virus, but we need to exclude some of them. View full review »
Muhanad Khader says in a FireEye Endpoint Security review
IT Security Engineer at Miltec
The most valuable feature is the integration between environments. View full review »
Technicalconsult568 says in a FireEye Endpoint Security review
Technical Consultant at MCS
The most valuable network security feature is the network sandbox solution. This sandbox feature works on traffic flow. Detects multi stages attacks based on MVX analytics engine which detects zero-day, multi-flow and other evasive attacks with dynamic, signature-less analysis in a safe, virtual environment. It stops infection and compromise phases of the cyber-attack kill chain by identifying never-before-seen exploits and malware. It has capabilities like machine learning and endpoint protection as an antivirus. The investigation and forensic analysis have been most helpful. View full review »
Mgingpart67 says in a SentinelOne review
Managing Partner at a tech services company with 11-50 employees
The most valuable feature of this solution is the user-friendly interface. Our customers ask for something that is easy to use, easy to manipulate and doesn't require too much intervention. This is where SentinelOne scored big against CrowdStrike and Carbon Black. This solution is easy to install. View full review »
ITopsmngr67 says in a SentinelOne review
IT Operations Manager at a retailer with 1,001-5,000 employees
All of the features are valuable. The way that it integrates into management with fault correction capabilities over is especially valuable. Any of the full gamut of the features that it provides are useful to us. View full review »
Imad Taha says in a Carbon Black CB Defense review
Group CIO at a construction company with 10,001+ employees
The deep analysis is the most valuable part of the solution. The number of false-positives is very, very low compared to other products using AI. View full review »
Amgad Yousry says in a Fidelis Elevate review
Senior Digital Forensics Engineer at Infort
ADR is the most valuable part of the solution. View full review »
Hubert Luberek says in a FireEye Endpoint Security review
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
The most valuable feature of this solution is its simplicity. The triage process is quite effective, and it is compatible with many different systems. View full review »
Trust Mapoka says in a RSA NetWitness Endpoint review
Managing Director at CIA Botswana
This solution comes with the packages, which is the endpoint and detection response. So the reason why I like RSA NetWitness Suite is that, compared to IBM Curator, it offers endpoint detection and response. When we used other solutions, we had to solve it from another vendor and sometimes integration became a problem. It makes it easier to review. View full review »
Ernesto Martinez says in a Digital Guardian review
Principal Consultant at a tech services company with 51-200 employees
What our customers find most valuable in Digital Guardian is the rule sets that they have for data classification. They are already set up to search for PII data, which is basically the personal identifying information for our customers. So you can quickly use their classification engine, or rule set, to set up inspection rules to determine whether data has PII, like social security numbers, date of birth, addresses and things like that. View full review »
Technical Consultant
The sensors run within the endpoints, where it is lightweight and runs seamlessly in the background. It does not disrupt the work or activities of the end users, yet is able to detect almost any malicious activity running on the spot. Adding to that, features like the canary files work like bait to any lateral movement case, where the threat actor is lured to "touch" those files. This, in turn, triggers the Malop engine, and immediately sends the alert to the SOC team to take action. View full review »
SeniorAsd84b says in a CrowdStrike review
Senior Associate - IT at a financial services firm with 51-200 employees
The most valuable feature is that our systems are monitored and we are alerted to any unusual behavior. View full review »
Murad Gurbanov says in a Digital Guardian review
Presales Specialist at bc solutions
Digital Guardian has cloud correlation servers which give you visibility. Works like EDR and the correlation servers are like a perfect instrument for security analysts. The agent is a powerful thing because it is powered on the kernel site. You can control applications and data flow. You can use it with EDR solutions. View full review »
Darrick Kristich says in a Carbon Black CB Defense review
Founder/CEO at Sedara
The biggest feature out of Carbon Black is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment. It also helps us determine what other things may have been impacted along with it, from an asset standpoint. It allows us to go into more depth than a more traditional antivirus, like Symantec. Symantec is more of a traditional antivirus. A lot of it is signature-based. It works quite well for normal protection. It is pretty stable and consistent. It seems to work across the board. There are no real issues to speak of it, which is a definitely a positive thing. One of the more beneficial things is that it does include the active endpoint firewall with it, which allows your endpoints to have a bit more above the standard Windows firewall, then collect all the logs from that. This is a good feature from their firewall piece. Also, the logging out of Symantec is quite good, as you put a lot of great logs into a SIEM or any other log collector from the platform. The difference between the two products is the level of visibility and depth that you get when investigating alarms or issues. You can go a bit deeper with Carbon Black. Symantec does have an additional add-on, which we have not seen since it is a relatively new component. They call it Advanced Threat Protection. It uses the same endpoint, but has a separate license with additional costs, which is meant to allow you to go a little deeper in terms of endpoint and incident investigations. However, it doesn't provide the interactive drill down, prevention, and response capabilities that you need to be able to isolate a system, delete files, or actively kill processes which have been helpful with Carbon Black. View full review »
Zed Burnett says in a SentinelOne review
Field Technician at Sonrise Technology Solutions
I have found the activity timeline and threat analysis to be particularly useful. View full review »
Secu8765 says in a CrowdStrike review
Security Engineer at a tech services company with 11-50 employees
When something is detected you can log into the GUI and you can get very specific details about what happened. It's very helpful for investigating incidents and this sort of thing. View full review »
Sign Up with Email