Endpoint Protection (EPP) for Business Features

Read what people say are the most valuable features of the solutions they use.
Karthik Balakrishnan says in a Carbon Black CB Defense review
Senior Security Consultant at a manufacturing company with 10,001+ employees
Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total, so it is out of like 65 vendors that are normally listed in virus total, if there are any kind of hits out of those, in that case, it is getting recognized as a known Malware or a suspected Malware. Under these categorizations, we are able to see a spike in the detection ratio. It is enlightening us with respect to what are the programs that are generally used in our environment and how they are compliant with our environment. View full review »
reviewer1275819 says in a SentinelOne review
Director - Global Information Security at a manufacturing company with 10,001+ employees
The strength of SentinelOne is that it has an automated, active EDR. It does that first level of what a SOC analyst would do, automatically, using artificial intelligence, so we can focus on other things. Active EDR not only notifies you, but it actually fixes that first level. That is unheard of. Very few, if any, companies do that. The reason we went into this whole selection process and selected SentinelOne is that their strategy is "defense-in-depth." They do not only do what the traditional AV endpoint security solutions used to do, but they go further by looking at behaviors and patterns. Additionally, their big differentiators are in the dept of behavior analysis. There are other companies that claim this - albeit in a lighter flavor. The whole behavioral analysis helps us get to the root causes. We can understand and pictorially see the "patient zero" of any threat. It shows the first one who got whatever that threat is. When you look at their console and you see a threat, you can not only pick up the raw data to do forensics on it, but it can actually tell you a storyline: who patient zero was and how this whole threat has spread through your environment or on that machine itself; how it happened. Then, you can check on these things yourself. That's crazy good. In addition, there is no dependency on the cloud to fully protect. Many products you see today, especially those called next-generation, depend on getting some information from the cloud. With this solution, you don't need to connect. It has the intelligence on the endpoint itself. That's useful because you're not always connected to the cloud. You could be in a lab. We've got laboratories where they aren't necessarily connected to the internet, but you want to have the latest intelligence of machine learning to see that you're doing the right thing. SentinelOne doesn't have to be connected. It's already got that behavioral stuff built-in. They have a rollback and remediation facility as well. If you've got a virus or some malware on a machine, it's going to detect it and it can actually just clean up that part of that malware. You don't have to do anything else. And if you have ransomware, for example, it will pick it up before it causes a problem. And if it didn't, you can actually roll back and get it to the previous good version. It integrates well with other products. We've got other cloud services that we use for security, and the intelligence is shared between SentinelOne and the CASB that we have. And with the threat-hunting, you can validate what it's telling you: Is it a real threat or is it just something that is suspicious? It can tell you everything that's running on an endpoint: What applications are running there and which of those applications are weak and that you have to watch out for. That's one of their free add-ons. You can do queries, you analyze, you can see who touched what and when. You can check the activities, settings, and policies. Another advantage is that you can break up consoles. You can have them all in the cloud, or you can have some available physically. You may want to keep certain logs local and not share them because of GDPR. You can do those kinds of things. It's very adaptable and malleable. If you have an agent on your machine, it will find out what things are neighbors to your machine. You can control machines at different levels. You can even control a device on your machine. If there is, for example, a USB device on your machine, I can control it and not let you use that USB device. I can actually get into your console and do stuff. The other strength of SentinelOne is that you get almost all these features out-of-the-box. They add many features as a default, you don't pay extra, unlike many other companies. There are services you do pay extra for. I mentioned that SentinelOne handles that first level SOC security analyst-type work. But if you need a deeper understanding, with research, they've got a service for that and it's one that we're using. I was convinced that our current team wasn't good enough, so we had to get that service. It's actually very cost-effective, even cheaper than other ways of getting that level of understanding. They are already reporting on application vulnerabilities in the landscape and working on providing remediation - another big win. Regarding the IoT feature, it's on the fence whether they're going to charge for it but that's an add-on module. However, it's not like you have to do anything to install it. You just have to click something in the solution. View full review »
Tony Tuite says in a SentinelOne review
Consultant at NFC/IT
The fact that this runs using AI instead of heuristics provides the best protection I've seen. It has the ability to rollback a ransomware infection instantly and with minimal disruption to the user & provides robust reporting. I tested this by deliberately infecting an unpatched test machine with WanaCry. First of all, SentinalOne blocked the initial infection attempt. I had to put S1 into "notify only" mode on that system to actually infect the machine. Once infected, WanaCry did what it does... encrypted all the documents I had copied to the test machine and put up the background. We immediately got a notification on our dashboard that a system was infected. At the same time, we got a popup on the client machine notifying us of the infection, with the option to auto-repair the damage. It took less than a minute (granted, we only had about 200 MB of files on the test system) for S1 to repair the damage and put the machine back to normal with no evidence of the infection. You also can't remove the client from the local machine without approving it within the dashboard. This is a nice feature to prevent tampering by either hapless users or even skilled threat actors. View full review »
Augusto Jose Garcia says in a Cortex XDR by Palo Alto Networks review
SOC Analyst at a tech services company with 201-500 employees
The integration with other products, the firewall, and the IPS are good features. View full review »
C.J. Oosthuizen says in a CylancePROTECT review
Head of Cloud Services and Projects at Grove Group
The protection, specifically for endpoint protection, has been the most valuable. With Cylance AI and Machine Learning, it's ensuring that all types of malware, PUP (Potential Unwanted Programs) and Memory Protection your endpoint devices are fully protected, even with day zero threats. Cylance also got the optics add-on for advance scanning and reporting, but most of the clients are more interested in the protection as this is all you need for your endpoint security. View full review »
Malware Hunter and Incident Responder at Computer Network Systems
In Symantec Endpoint Protection, the most valuable feature I like is the good performance. With Symantec, I always know this tool will be reliable and with the latest protection. View full review »
General Manager at a tech services company with 11-50 employees
I find QRadar and the Active Threat Defense the most valuable. The ATP, Active Theft Protection, is very good. They've got very solid detection rates from P2. Those and some of the other programs are very valuable. View full review »
Sven Aurich says in a CylancePROTECT review
Wirtschaftspr├╝fer, CPA, Steuerberater at a financial services firm with 11-50 employees
The most valuable feature is that it's quite small, and does not consume too many system resources. View full review »
CoFoundef9b2 says in a CylancePROTECT review
Co-Founder, CEO at a tech services company with 11-50 employees
On the management side, we liked the way it displays things. View full review »
Enterprise Architect at Aurenav Sweden AB
If you open up an application or a web browser, it runs within a container (sandbox). So if there's some malicious code, it' will be contained within the sandbox. Ransomware prevention and zero-day exploits were a driver for adopting Comodo. From our research lab results working with live ransomware, Comodo has been very effective in preventing infection. We've done a lot of tests with numerous types of live malware, and it works really well. View full review »
Software4704 says in a CylancePROTECT review
Software Engineer at a tech services company with 1-10 employees
The vulnerability management is the most valuable feature of this solution. View full review »
Securityabc9 says in a BigFix review
Security
The most valuable feature is the patching. It's much more flexible than SCCM. There are more things we can do and especially the cross-platform support is better. View full review »
John Livinston says in a BigFix review
CEO at Verve
The ability for the agent to be customized, to both, run the fix list and the relevant language, but also to be able to be designed so that it only allows for outbound ports rather than inbound is the most valuable feature. We work in a lot of environments where there are segmented networks and we have to have an agent and a communication where we don't have any inbound ports into that environment. Having that agent be really small, and the ability to not have to have any open inbound ports into that environment is wonderful. View full review »
Andrew Laurence says in a BigFix review
Systems Analyst at a university with 10,001+ employees
The ability to build custom content and scale to additional endpoints without increasing staff time is the most valuable feature. View full review »
Manager of InfoSec at Joann Fabrics
Wildfire, advanced detection capabilities, and whitelist/blacklist features. These features have provided us an easy way to lock down our systems to prevent execution of unknown code and scripts and to prevent launching of code from end user writable directories. View full review »
Ilan Amir says in a Nyotron PARANOID review
Global IT Manager at a pharma/biotech company with 501-1,000 employees
First of all, it does the job. It prevents harm to the operating system. Also, the visibility it gives to the user and to the administrator is very good, it provides visibility in a very convenient, easy way. View full review »
Ian Keller says in a Trend Micro Apex One review
CSO at SBV
From a technology point of view, it is very simple to install, it's not heavy on the endpoint in terms of the amount of processing cycles. It is simple to deploy and the interfaces are easy. You don't need to be a scientist to operate it. Then the other things that are really just as important as the technology like the people behind it. When you look at it from a support perspective, the Trend Micro people are exceptionally passionate about their business and their products. That translates into phenomenal service that you get, which I haven't experienced with any of the other vendors at this point in time. View full review »
Competitive Engineer at a tech vendor with 1,001-5,000 employees
It's very easy to deploy, we don't have any problem or issues with it. It's almost full automatic. It basically makes the assumption that everything is supposed to be suspicious; files, processes, URL accesses, and so on. Everything is checked once in the cloud and it's assessed as malware or safe. You're free to use it. It's simple enough to be used by a non-specialist, by regular users. You don't need a large security team to manage it. View full review »
reviewer1300794 says in a Trend Micro Apex One review
Presales & Implementation Engineer at a tech services company with 11-50 employees
I think this is the best solution in the category of endpoint protection, it's really excellent. It's better than McAfee. View full review »
reviewer1325922 says in a Trend Micro ServerProtect review
Cyber Security Engineer at a software R&D company with 51-200 employees
I like the fact that you can manage the solution from the cloud, so you don't have to be in the office to access the management console. View full review »
Cloud Solutions Architect at a tech services company with 1-10 employees
The most valuable feature is the web filter application control. This solution is very easy to implement. The granularity of security is very good because we can create different groups that are categorized, for example, by the department. There are policies in place to assist with this. The reports are good and help us to better manage our system. View full review »
ChandanMunshi says in a FortiEDR review
Chief Technical Officer at Provision Technologies LLP
The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration. The security is also very good and the firewall response is good. View full review »
Technology Consultant at 1ware
The configuration is easy. View full review »
reviewer1236738 says in a Carbon Black CB Defense review
Assistant Technical Manager at a tech services company with 11-50 employees
* The triage feature that shows you the whole kill chain of the attack/malware is useful. It shows how the malware get into the endpoints and show what it has been done * The solution is easy to use and easy to deploy as it is cloud solution, no appliance is needed to deploy on premise View full review »
Navision Consultant and user support at NCPD
Automatic scanning and cleaning of viruses is the best and most valuable feature helping this tool to thrive. If any viruses are found, they are cleaned automatically. Another feature is the ability to filter sites and block harmful ones, which makes it to enter sites with full protection. This ensures no harmful Trojans can be sent into our systems through those sites and are always blocked when detected. Another great feature is the ability to warn the system user, making it easier to know when a virus has been found on our system. It is easy to use and has a lot functionality to make systems safeguarded in the right manner. View full review »