1. leader badge
    It is a solid antivirus security product.The anti-virus and firewall policies are the most valuable features of this solution.
  2. leader badge
    The solution can scale easily.At this point what is most valuable is the interface, which is easy to navigate.
  3. Find out what your peers are saying about Broadcom, CrowdStrike, Microsoft and others in Endpoint Protection (EPP) for Business. Updated: August 2020.
    436,846 professionals have used our research since 2012.
  4. leader badge
    The patch management is very easy, as it can be done automatically or added to a schedule. The fact that it's from Microsoft, you don't have many false positives, unlike products from other vendors might have.
  5. leader badge
    The most valuable feature is patch management, a must have, even for Linux and iOS.BigFix makes our customer's enterprise assets very manageable by managing release schedules and things like that. It keeps everybody current on current revs of software. BigFix modules are pretty complex.
  6. leader badge
    The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems.
  7. leader badge
    Prevents ransomware getting through.The most valuable feature is that it just unintrusively works in the background to carry out the protection.
  8. report
    Use our free recommendation engine to learn which Endpoint Protection (EPP) for Business solutions are best for your needs.
    436,846 professionals have used our research since 2012.
  9. leader badge
    Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices.It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe.
  10. leader badge
    What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process.

Advice From The Community

Read answers to top Endpoint Protection (EPP) for Business questions. 436,846 professionals have gotten help from our community of experts.
Which EPP provider does the best job at ransomware protection? Which provider is best at proactively defending against unknown threats?
author avatarSteve Pender

SentinelOne is my recommended solution.

The SentinelOne Endpoint Protection Platform (EPP) unifies prevention, detection, and response in a single purpose-built agent, powered by machine learning and automation. It is not reliant on hash signatures or an internet connection. SentinelOne provides prevention and detection of attacks across all major vectors and rapid elimination of threats with a fully automated real-time response without human intervention.

SentinelOne can also detect and protect against zero-day, file less and lateral movement attacks.

SentinelOne has not been breached and offers upto $1,000,000 warranty if it cannot roll back a ransomware attack.

Please contact me at cybersec@global.co.za for more information, a demonstration, or a quote.

author avatarManoj Nair
Real User

OK a real tricky answer. There are so many out there now and all seem to have one or the other upper hand on the ransomware arena. It all depends on their back end system finally - How they analyse and how fast they analyse (even if in the wild) . And most importantly how fast u can get tech support - Try out Crowdstrike, Checkpoint, Sophos, McAfee, TrendMicro. Remember this - you need to be more specific with your actual physical scenario to get a better answer. This one is very generic in purpose.

author avatarRicardoGranados (Ingram Micro Inc.)

Cortex XDR de Palo Alto Networks is the best solution in the market, because it has protection methods multiples, like are Local Machine Learning/IA, Static Analysis, Dynamic Analysis, Network Profiling, Baremetal, Exploits Protection (By technical or method, no by exploit), Kernel Protection, Behavior Anomaly Protection, etc. Best score in the Mitre att&ck Evaluation.

author avatarreviewer1272021 (IT Security Architect at a tech vendor with 51-200 employees)

There are several good ones and it depends on budget, integrations needed, staff levels, etc. Crowdstrike Falcon is great if you can afford it. Price reflects "set it and forget it" type of EPP. No need to hire FTE to manage it and comes with 24x7x365 SOC. If you can manage, SentinelOne offers great detections and incident response capabilities (it is really an EDR). S1 has a ransomware rollback feature in case it gets through initial detections (can restore encrypted files if needed) and provides up to 1 million in ransom costs to back up their confidence. If you are a Checkpoint shop and want to leverage some of their other features (Cloudguard SaaS, Endpoint Encryption, etc.) then their Sandblast agent also offers great detections and a rollback feature of their own. Palo Alto traps is decent if you are a PAN shop but can get heavy on admin overhead. Same with Cisco AMP. We do not sell traditional A/V anymore because of polymorphic threats and zero day. Must have behavioral analytics and anomaly detection capabilities.

Menachem D Pritzker
On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass. Hacked accounts included Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Mike Bloomberg, Warren Buffett, Kim Kardashian, and Kanye West, Benjamin Netanyahu, and several high profile tech companies, including Apple and Uber. The hackers posted variation of a message asking follower to transfer thousands of dollars in Bitcoin, with the promise that double the donated amount would be returned. How could Twitter have been better prepared for this? How do you rate their response?
author avatarKen Shaurette
Real User

I like the potential for catching an unusual activity like that with our recently implemented endpoint detection tool, Cynet360.  It seems so far to have about the highest level of transparency into the endpoint with a 24x7x365 backing of monitoring.  

author avatarMenachem D Pritzker

@Ken Shaurette thanks! I missed it live, will catch the recording when I get a chance. What security platforms do you think would have done the best job at preventing the hack?

author avatarPrasanna VA
Real User

It's understood that internal tool probably shared by Internal Employee as RCA. The tool was used to reset associated Mail Address of account thereby Password Reset of Choice. In MFA of Identity related features, it's more secured on keeping it with associated Mobile Secure Pin or SoftCrypto Code in Future to avoid compromise at this moment is the lesson learned. 

author avatarreviewer989748 (Security Analyst at a financial services firm with 201-500 employees)
Real User

The use of two factor authentication by Twitter

author avatarParesh Makwana

This is one of the Identity theft issue, which means some one hack your password or account and do activity which he she is not suppose to do. basic reason of hack of your identity or password is Social engineering. second reason is system has week privilege access management. If you have less control on admin id or privilege id then enter firm has to suffer along with the customer of that firm. For me the take away of this event is to protect privilege ID and you good PAM PIM tool with two factor and UBA included.  

author avatarRussell Webster
Real User

Span of control, Solid RBAC, Privileged Access Management (PAM) 

Frank Yang
I work at a tech services company with 5,000 - 10,000+ employees.  We are currently researching EPP and EDR solutions. What are the main differences between EPP and EDR?  Thanks! I appreciate the help. 
author avatarOm Salamkayala
Real User

I think most of the comments cover all the key points.

EDR-End point Detection and Response.
Its main functions are: To monitor, record activity on endpoints, detect suspicious behaviour, security risks and respond to internal external threats.
Which further includes- Providing Authenticating log-ins, Monitoring network activities, and deploying updates.

Its Capabilities: 1. Continuous endpoint data collection.
2. Detection engine
3. Data recording.

It is considered as next layer of security

Its limitation:
No in depth visibility
IR team needs to deal with false alarm and have to handle restoring process.
Struggle to find the attackers who infiltrated for the damanage caused.
Not an holistic approach

EPP-End point protection platform.

Its functionality covers:
Data encryption
Personal firewalls
It works mainly on signature based approach and more broader detection techniques.
It is considered as first line defence.

Keeping in view of the above points currently Holistic Endpoints Security solutions approach is emerging ie EDR providers are incorporating aspects of EPP and vice versa resulting in considering EDR as a subset of EPP.

Examples of such products or tools
Symantec and Cynet.

I hope the above points cover the difference between EDR & EPP.

author avatarOwais Yousuf

Endpoint Detection and Response (EDR) is a category of security tools that are designed to monitor and record activity on endpoints, detect suspicious behavior, security risks, and respond to internal and external threats.

EDR tools consist of three main mechanisms to fulfill this function:
• Continuous endpoint data collection—aggregates data on events such as process execution, communication, and user logins. This involves continually monitoring all events at the endpoints.
• Detection engine—performs data analysis to discover anomalies and detect malicious activity on endpoints. This step is crucial for sifting through events to identify genuine security incidents.
• Data recording—provides security teams with real-time data about security incidents on endpoints, which they can then use for investigative purposes. This can help inform endpoint protection strategies.

Incident Report teams still need to deal with multiple platforms and false alarms and to handle the restoration process themselves. IR teams often struggle to find the attackers that infiltrated the protection layers before they cause damage. To deal with all potential risks, a more holistic approach is needed, a platform which can be a solution to all types of threats. EPP (Endpoint Protection Platform) is the platform to achieve this goal.

Endpoint protection platform provides essential security for many types of endpoints, from smart phones to printers. An endpoint protection platform (EPP) is an integrated suite of endpoint protection technologies, such as antivirus, data encryption, intrusion prevention, and data loss prevention, that detects and stops a variety of threats at the endpoint.
An endpoint protection platform provides a framework for data sharing between endpoint protection technologies.

It might seem like the distinction between EPP and EDR is straightforward, but it is not that simple. Traditionally, EPP is defined as a first-line defense mechanism, effective at blocking known threats. While EDR is defined as the next layer of security, providing additional tools to detect threats, analyze intrusions, and respond to attacks.

author avatarChi Wing Wong
Real User

Endpoint protection (EPP) usually means anti-malware, anti-spam, anti-phishing, etc. These are features prevent attacks without a detailed explanation of why EPP stops an action and how the attack is.

Endpoint detection and response (EDR) usually means how to record the attack in detail and provide certain remediation methods to recover the affected machines or files.

In other words. EPP shows “what and when”. EDR shows “why and how”.

author avatarManoj Nair
Real User

An EPP is a security platform WITHOUT the extended capabilities of fighting malware like a zero-day attack.

An EDR, on the other hand, is specifically built to handle this situation.

Almost all endpoint security manufacturers have this product capability today in their line and always the EDR component is an add on and is as or more expensive than the use system.

author avatarJehyun Shim

EPP is focused on detecting malware, but EDR is focused on logging endpoint an event and this event is used for threat hunting or incident response. So you need advanced security analysts to get the desired effect.

EPP and EDR are not a completely separate solution. EDR is a core component of an EPP product. And many EPP vendors add EDR features to their EPP solution.

author avatarNeil Rerup

The biggest difference is time frames. EPP is meant to PREVENT infection. EDR is meant to deal with endpoints once they ARE infected.

author avatarNathanael Hale

I believe the biggest difference between EPP and EDR solutions is directly in the names, and both are crucial to security. EPP sits on the device and works to repel attacks from various sectors based on known threats (malware, phishing, etc. – all external); EDR monitors the endpoint to detect when something is wrong either because EPP failed to thwart the attack/didn’t know the threat or the enterprise user/device user does something malicious (insider threat) and EDR is able to respond autonomously at lockdown the malware/behavior.

Does that make sense?

See more Endpoint Protection (EPP) for Business questions »

What is Endpoint Protection (EPP) for Business?

When evaluating endpoint security products, the IT Central Station users were clear on what aspects were most important. Proactive protection is a clear indication of superior quality in an EPP solution, since the days of reactive protection are gone. Another essential feature to look for is the capability to block a variety of attack vectors, since testing with known malware simply isn't sufficient. Additionally, our members want to see good customer support, easy installation and removal, and competitive pricing for the endpoint security product.

Find out what your peers are saying about Broadcom, CrowdStrike, Microsoft and others in Endpoint Protection (EPP) for Business. Updated: August 2020.
436,846 professionals have used our research since 2012.