Top 8 Endpoint Protection for Business (EPP) Tools

CrowdStrike FalconSentinelOneSymantec End-User Endpoint SecurityCisco AMP for EndpointsCarbon Black CB DefenseCortex XDR by Palo Alto NetworksSophos Intercept XMicrosoft Defender for Endpoint
  1. leader badge
    As long as the machine is connected to the Internet, and CrowdStrike is running, then it will be on and we will have visibility; no VPNing in or making some type of network connection. CrowdStrike always there and running in the background; for us, that is big. We wanted something that could give us data as long as the machines connected to the Internet and be almost invisible to the employees.
  2. leader badge
    The Storyline feature has significantly affected our incident response time. Originally, what would take us hours, now it takes us several minutes.When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help.
  3. Find out what your peers are saying about CrowdStrike, SentinelOne, Broadcom and others in Endpoint Protection for Business (EPP). Updated: June 2021.
    521,817 professionals have used our research since 2012.
  4. leader badge
    The solution is easy to manage.The installation was very easy.
  5. leader badge
    The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great.The most valuable feature is signature-based malware detection.
  6. leader badge
    The visibility provided has been great.We can access computers remotely if we need to.
  7. The user interface of the solution is sophisticated and straightforward.I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable.
  8. report
    Use our free recommendation engine to learn which Endpoint Protection for Business (EPP) solutions are best for your needs.
    521,817 professionals have used our research since 2012.
  9. We have found the overall features and technology of the solution to be beneficial.Sophos Intercept X is a complete endpoint solution.
  10. We have just started to implement it. It is useful for protection from malware and ransomware. It depends on the licensing. Most of the customers have got at least a 365 E3 license, and they can use most of the features of Windows 10 Defender. So, anyone who has got an enterprise license can start using those features. Some of the customers have got E5 licenses, and they can use all advanced features. Customers with E5 licenses use the advanced site protection (ATP) features and web content filtering without going via a proxy, which gives the benefit of replacing the proxy. They can get the benefit of MCAS and integration with Intune and the endpoint manager. It is a kind of single platform for all 365 technologies. It helps customers in managing everything through a unified portal.

Advice From The Community

Read answers to top Endpoint Protection for Business (EPP) questions. 521,817 professionals have gotten help from our community of experts.
Rony_Sklar
There are many cybersecurity tools available, but some aren't doing the job that they should be doing.  What are some of the threats that may be associated with using 'fake' cybersecurity tools? What can people do to ensure that they're using a tool that actually does what it says it does?
author avatarSimonClark
Real User


Dan Doggendorf gave sound advice.


Whilst some of the free or cheap platforms will provide valuable information and protection, your security strategy has to be layered. Understand what you want to protect and from whom. At some point you will need to spend money but how do you know where to spend it? There are over 5,000 security vendors to choose from.


There is no silver bullet and throwing money at it won’t necessarily fix what you are at risk from but at the same time free products are free for a reason.


If your organisation doesn’t have a large team of security experts to research the market and build labs then you need to get outside advice. Good Cyber-advisors will understand your business and network architecture therefore will ask the right questions to help you to navigate the plethora of vendors and find the ones that are right for where your business is now and where you intend it to be in the future.


Large IT resellers will sell you what they have in their catalogues based on what you ask for and give a healthy discount too but that may not fix the specific risks your business is vulnerable to. A consultative approach is required for such critical decisions.


By the way, there are free security products and services that I recommend.


author avatarDanny Miller
User

Tools are not necessarily bogus. Sometimes they are just 'legacy' tools that have been around for too long and no longer fit the problem they were designed to solve, simply because IT infrastructure, organizational needs, and cybersecurity threat complexity have evolved. 

author avatarDoctor Mafuwafuwane (Altron Systems Integration )
Real User

Open Source or Free products need proper management. Based on my experience I have found that many people who uses open source don't bother to patch them and attackers then utilize such loopholes.



One of the great example one client was using free vulnerability management plus IP scanner. And they got hit with ransomware. During the investigation I realise the attacker utilized the same tool to affect other devices on the network. The attack took his time at least 2 months unnoticed. 

author avatarBasil Dange
Real User

One should 1st have details understanding of what he/she is looking to protect within environment as tool are specially designed for point solution. Single tool will not able to secure complete environment and you should not procure any solution without performing POC within your environment 


As there is possibility that tool which works for your peer organisation does not work in similar way for yours as each organisation has different components and workload/use case

author avatarJavier Medina
Real User

You should build a lab, try the tools and analyze the traffic and behavior with a traffic analizer like wireshark and any sandbox or edr that shows you what the tools do, but all this should be outside your production environment, use tools that has been released by the company provider and not third party downloads or unknown or untrusted sources.

author avatarCurtis Yanko (Shiftleft)
Vendor

I suppose it depends on just how 'bogus' they are. If they are truly 'bogus' then you are likely looking at a trojan. If, however, we are just talking about a 'bad' security tool then you are talking about trying to manage your security with bad or missing information.

author avatarreviewer1266459 (Network Security Engineer at a performing arts with 201-500 employees)
Real User

Refrain from free products


Delete products and traces of product after evaluation


Always know what you want from the cybersecurity solution. Can identify illegal operations of the products if different from its stipulated functions.


Work with recognised partners and solution providers


Download opensource from reputable sites


Mostafa
What is the best for ransomware infection? 
author avatarAlex Vakulov
User

Install all security updates, create an incident response plan, use whitelisting to the maximum.

author avatarJairo Willian Pereira
Real User

Proactive: Patch Mgmt Program, Continuos Vulnerability Scanner (search and fix), Monitoring by SOC/NOC or others secutiry tools (like a HIDS or NIDS components).
Reactive: Incident Mgmt Plans, BCP and, mainly, verified backups tapes/medias.

author avatarNadeem Syed
Real User

there are different solutions for ransomware these days. Best i have found is trendmicro end point protection for end users since it has a feature of stopping the attack or as soon as it says changes in files , it starts making a back up copy of it , so even if you get infected by ransomware, you still have a good chance to recover your data.

author avatarSiddharth Narayanan (XYZ)
Consultant

IPS & Blocking unwanted extensions at gateway level.

author avatarShreekumarNair
Real User

www.cynet.com

Rony_Sklar
With remote work having become the norm for many, what security should businesses have in place? Do you have suggestions of specific products that businesses should look at?
author avatarLetsogile Baloi
User

Security is a multi-layered problem and as always the human end is the weak layer


Increasingly I believe the human layer-layer8 needs more attention. This requires getting the basics right. How are we allowing external devices into our networks? DO we own these devices? VPN Tunnels?


Or are creating a virtual working place and focus on IAM? 


This is BYOD on steroids and multiplies the attack zone. A line has to be drawn and a Trust Zone created. Traditional devices have native encryption so we allow them as trusted devices and use their native encryption. Then other policies are made. Does the employee have access to good internet(In Africa this is an issue) or do they have to go to a coffee shop or some such place? A good behavioral endpoint product will help. In some cases a company intranet. Microsoft teams are proving very accessible in Africa.

author avatarPhilippe Panardie
Real User

There is not a single answer.


In our company, we use only company devices for workers at home and VPN appropriate clients to control the internet flows towards our company firewall.


A behavioral endpoint product is recommended. This product is likely to cooperate with your corporate signature-based antivirus.


Any good product could be used in that way. We chose well known Israel products, combined with our standard US products, at that time.

author avatarOmer Mohammed
Real User

Wearing a mask while accessing your service is not a joke hardening tunneling protocols and uses the most updated one it's kind of like wearing masks.

Rony_Sklar
Which EPP provider does the best job at ransomware protection? Which provider is best at proactively defending against unknown threats?
author avatarreviewer1231890 (Managing Member at a tech consulting company with 1-10 employees)
Real User

SentinelOne is my recommended solution.


The SentinelOne Endpoint Protection Platform (EPP) unifies prevention, detection, and response in a single purpose-built agent, powered by machine learning and automation. It is not reliant on hash signatures or an internet connection. SentinelOne provides prevention and detection of attacks across all major vectors and rapid elimination of threats with a fully automated real-time response without human intervention.


SentinelOne can also detect and protect against zero-day, file less and lateral movement attacks.


SentinelOne has not been breached and offers upto $1,000,000 warranty if it cannot roll back a ransomware attack.


Please contact me at cybersec@global.co.za for more information, a demonstration, or a quote.

author avatarManoj Nair
Real User

OK a real tricky answer. There are so many out there now and all seem to have one or the other upper hand on the ransomware arena. It all depends on their back end system finally - How they analyse and how fast they analyse (even if in the wild) . And most importantly how fast u can get tech support - Try out Crowdstrike, Checkpoint, Sophos, McAfee, TrendMicro. Remember this - you need to be more specific with your actual physical scenario to get a better answer. This one is very generic in purpose.

author avatarRicardoGranados (Ingram Micro Inc.)
Real User

Cortex XDR de Palo Alto Networks is the best solution in the market, because it has protection methods multiples, like are Local Machine Learning/IA, Static Analysis, Dynamic Analysis, Network Profiling, Baremetal, Exploits Protection (By technical or method, no by exploit), Kernel Protection, Behavior Anomaly Protection, etc. Best score in the Mitre att&ck Evaluation.

author avatarreviewer1272021 (IT Security Architect at a tech vendor with 51-200 employees)
User

There are several good ones and it depends on budget, integrations needed, staff levels, etc. Crowdstrike Falcon is great if you can afford it. Price reflects "set it and forget it" type of EPP. No need to hire FTE to manage it and comes with 24x7x365 SOC. If you can manage, SentinelOne offers great detections and incident response capabilities (it is really an EDR). S1 has a ransomware rollback feature in case it gets through initial detections (can restore encrypted files if needed) and provides up to 1 million in ransom costs to back up their confidence. If you are a Checkpoint shop and want to leverage some of their other features (Cloudguard SaaS, Endpoint Encryption, etc.) then their Sandblast agent also offers great detections and a rollback feature of their own. Palo Alto traps is decent if you are a PAN shop but can get heavy on admin overhead. Same with Cisco AMP. We do not sell traditional A/V anymore because of polymorphic threats and zero day. Must have behavioral analytics and anomaly detection capabilities.

Menachem D Pritzker
On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass. Hacked accounts included Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Mike Bloomberg, Warren Buffett, Kim Kardashian, and Kanye West, Benjamin Netanyahu, and several high profile tech companies, including Apple and Uber. The hackers posted variation of a message asking follower to transfer thousands of dollars in Bitcoin, with the promise that double the donated amount would be returned. How could Twitter have been better prepared for this? How do you rate their response?
author avatarKen Shaurette
Real User

I like the potential for catching an unusual activity like that with our recently implemented endpoint detection tool, Cynet360.  It seems so far to have about the highest level of transparency into the endpoint with a 24x7x365 backing of monitoring.  

author avatarPrasanna VA
Real User

It's understood that internal tool probably shared by Internal Employee as RCA. The tool was used to reset associated Mail Address of account thereby Password Reset of Choice. In MFA of Identity related features, it's more secured on keeping it with associated Mobile Secure Pin or SoftCrypto Code in Future to avoid compromise at this moment is the lesson learned. 

author avatarreviewer989748 (Security Analyst at a financial services firm with 201-500 employees)
Real User

The use of two factor authentication by Twitter

author avatarParesh Makwana
Reseller

This is one of the Identity theft issue, which means some one hack your password or account and do activity which he she is not suppose to do. basic reason of hack of your identity or password is Social engineering. second reason is system has week privilege access management. If you have less control on admin id or privilege id then enter firm has to suffer along with the customer of that firm. For me the take away of this event is to protect privilege ID and you good PAM PIM tool with two factor and UBA included.  

author avatarRussell Webster
Real User

Span of control, Solid RBAC, Privileged Access Management (PAM) 

See more Endpoint Protection for Business (EPP) questions »
Find out what your peers are saying about CrowdStrike, SentinelOne, Broadcom and others in Endpoint Protection for Business (EPP). Updated: June 2021.
521,817 professionals have used our research since 2012.