What is most valuable?
I like the fact that it works pretty well. It can be a little aggressive at times, but I'd rather have it be a little bit aggressive than not catch what it's supposed to catch. We've been running that platform for about five years, and we've not really had any viruses or malware get through. It's also easy to set up, and it's easy to manage.
What needs improvement?
It would be better if there were real-time alerts. Unlike most anti-virus consoles that ping you when there's an infection or something, for some inexplicable reason, Bitdefender doesn't do that. The most you could do is get an hourly email, or maybe if there's an outbreak that affects X% of our machines, it can send me an email. There's no real-time alert to say, "Hey, so-and-so literally 30 seconds ago just had this happen on their machine." Real-time reporting would be a huge improvement.
All in all, it's a pretty nice product, generally speaking. They do a pretty good job. They can pretty much go toe to toe with just about anybody.
I've not had occasion to use the EDR portion to try and do any kind of custom scripting to drill into things that are going on at the endpoints. But my understanding from reading comments of others is that it's not as flexible in that regard as some other platforms.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
It's a scalable solution.
How are customer service and technical support?
I've had a couple, probably two or three interactions with their tech support. Suppose I were to give them a grade, probably about a seven. They're not great. They're not terrible. I think that the biggest challenge for Bitdefender is to move out of the SMB mom-and-pop space and really become kind of an enterprise platform.
Which solution did I use previously and why did I switch?
Honestly, we've had a number of anti-virus solutions, and we used Sophos and ESET most recently and liked both for different reasons but chose to move on for both manageability and for increased detection rates.
Bitdefender has been pretty reliable. There are a few key things I always look for in an endpoint security platform. One of them is how much burden does it put on the endpoint? Is it basically a heavy client, or is it pretty thin? Does it suck more than 10% of the system resources in order to do its job? And the answer is no. It's a pretty well-balanced client. It doesn't eat a lot of system resources, allows the systems to continue to perform at the appropriate level.
It catches a very high percentage of the stuff that you throw at it. So it's doing what you're actually buying it to do and it doesn't give off a lot of false positives. In the EDR portion, you'll get more false positives, but the actual client itself, in terms of viruses and malware and stuff outside of the EDR component, there are very few false positives there.
How was the initial setup?
The initial setup is pretty straightforward, pretty simple to get your head around. It's actually a pretty nice product where all things are equal.
What's my experience with pricing, setup cost, and licensing?
I think it's probably less expensive than something like CrowdStrike. We got a really good deal because it was literally their year-end, and they were trying to close all the sales for the week. So we bought a three-year contract from them. It roughly ended up costing me somewhere around $17 for an endpoint per year. It was really quite a nice pricing. I've talked to other folks where they got CrowdStrike, and it's like $60 for an endpoint for a year.
Which other solutions did I evaluate?
I put a lot of stock in third-party benchmark reviews, and Bitdefender always reviews well pretty much across the spectrum. It's always funny to me that they actually review better that many of the "next gen" solutions. NSS Labs, MITRE, AV-Comparatives and others. usually score them pretty highly. Bitdefender and Kaspersky, both typically, month in and month out, are two of the top platforms.
The other "next gen" EDR solutions like SentinelOne, CrowdStrike, and Cylance have been much harder to get independent confirmation of the efficacy than it has been to get the efficacy of the "traditional" endpoint products. This being said, I am actually considering moving to CrowdStrike once our Bitdefender contract is done.
What other advice do I have?
They have done a decent job with the way they have their policies constructed and the ability to manage them. It's reporting and alerting me when a user gets a virus. I don't want the solution to make me wait an hour or until I get my email the next day in order to alert me of an outbreak.
I don't want an email every hour to tell me I have an infection or not, just send me one when it happens. Don't flood my inbox with emails saying nothing happened. This is probably my biggest complaint about the product. Real-time alerts are important!
This being said, I would tell potential users that it's definitely worth putting on your shortlist and testing.
On a scale from one to ten, I would give Bitdefender Sandbox Analyzer an eight.
Which version of this solution are you currently using?