Endpoint Protection (EPP) for Business Forum
May 19 2020
Which EPP provider does the best job at ransomware protection? Which provider is best at proactively defending against unknown threats?
Paresh MakwanaCylance: One of the fastest growing vendors in the Endpoint Security market, Cylance has built its reputation on the back of proactive and preventive antivirus technology based on artificial intelligence, machine learning, and algorithmic science. Headquartered in Irvine, California and with offices around the world, Cylance was founded by a team of security industry professionals and scientists with the goal to “redefine the endpoint standard of protection by preventing threats from ever executing.” Bottom Line: Cylance’s signatureless anti-malware provides an alternative to traditional, signature-based technology, and benefits from easy deployment and management, low-performance impact, and high detection rates against new threat variants. The company is a good pick for companies of all sizes looking to shore-up existing defenses, or for an alternative to traditional anti-malware. The most valuable feature is the ability to respond to zero-day and unknown threats. Cylance’s AI and Machine Learning ensures that all types of malware and PUP (Potential Unwanted Programs) are detected and your endpoint devices are fully protected, even with day zero threats.
reviewer1272021There are several good ones and it depends on budget, integrations needed, staff levels, etc. Crowdstrike Falcon is great if you can afford it. Price reflects "set it and forget it" type of EPP. No need to hire FTE to manage it and comes with 24x7x365 SOC. If you can manage, SentinelOne offers great detections and incident response capabilities (it is really an EDR). S1 has a ransomware rollback feature in case it gets through initial detections (can restore encrypted files if needed) and provides up to 1 million in ransom costs to back up their confidence. If you are a Checkpoint shop and want to leverage some of their other features (Cloudguard SaaS, Endpoint Encryption, etc.) then their Sandblast agent also offers great detections and a rollback feature of their own. Palo Alto traps is decent if you are a PAN shop but can get heavy on admin overhead. Same with Cisco AMP. We do not sell traditional A/V anymore because of polymorphic threats and zero day. Must have behavioral analytics and anomaly detection capabilities.
RicardoGranadosCortex XDR de Palo Alto Networks is the best solution in the market, because it has protection methods multiples, like are Local Machine Learning/IA, Static Analysis, Dynamic Analysis, Network Profiling, Baremetal, Exploits Protection (By technical or method, no by exploit), Kernel Protection, Behavior Anomaly Protection, etc. Best score in the Mitre att&ck Evaluation.
Mar 22 2020
I work at a tech services company with 5,000 - 10,000+ employees. We are currently researching EPP and EDR solutions. What are the main differences between EPP and EDR? Thanks! I appreciate the help.
Om SalamkayalaI think most of the comments cover all the key points. EDR-End point Detection and Response. Its main functions are: To monitor, record activity on endpoints, detect suspicious behaviour, security risks and respond to internal external threats. Which further includes- Providing Authenticating log-ins, Monitoring network activities, and deploying updates. Its Capabilities: 1. Continuous endpoint data collection. 2. Detection engine 3. Data recording. It is considered as next layer of security Its limitation: No in depth visibility IR team needs to deal with false alarm and have to handle restoring process. Struggle to find the attackers who infiltrated for the damanage caused. Not an holistic approach EPP-End point protection platform. Its functionality covers: Antivirus Anti-malware Data encryption Personal firewalls IPS DLP It works mainly on signature based approach and more broader detection techniques. It is considered as first line defence. Keeping in view of the above points currently Holistic Endpoints Security solutions approach is emerging ie EDR providers are incorporating aspects of EPP and vice versa resulting in considering EDR as a subset of EPP. Examples of such products or tools Symantec and Cynet. I hope the above points cover the difference between EDR & EPP.
Neil RerupThe biggest difference is time frames. EPP is meant to PREVENT infection. EDR is meant to deal with endpoints once they ARE infected.
Jehyun ShimEPP is focused on detecting malware, but EDR is focused on logging endpoint an event and this event is used for threat hunting or incident response. So you need advanced security analysts to get the desired effect. EPP and EDR are not a completely separate solution. EDR is a core component of an EPP product. And many EPP vendors add EDR features to their EPP solution.
Mar 22 2020
What is the best for ransomware infection?
Siddharth NarayananIPS & Blocking unwanted extensions at gateway level.
Nadeem Syedthere are different solutions for ransomware these days. Best i have found is trendmicro end point protection for end users since it has a feature of stopping the attack or as soon as it says changes in files , it starts making a back up copy of it , so even if you get infected by ransomware, you still have a good chance to recover your data.