What is our primary use case?
Originally, we were looking for endpoint protection for our workstations as well as our servers. The fact that endpoints would be monitored 24/7 with the Respond agent, and that each threat is being verified, is what really sold it for us.
We have since expanded to include detection and hunt in our environments, and that really helps to protect us from an attack. We have since expanded to include our SCADA environments to make sure those are also protected at the same level.
We are extremely satisfied customers.
How has it helped my organization?
Having all incidents validated and monitored 24/7 has helped to improve the way we function. Knowing that our company is being protected by extremely skilled and knowledgeable analysts around the clock really gives us peace of mind.
At any time, we can reach out to them for assistance in validating threats or help with any forensics that we may need. Having the ability to expand our footprint to include our SCADA environments has really proven to be a great addition.
Our OT counterparts have been extremely grateful that we were able to include them and their endpoints.
What is most valuable?
I would say that fact that incidents are validated before we are notified is the most valuable feature. This really keeps the number of false positives to zero.
Hunt has also been great. The fact that it's constantly hunting, looking for anomalies, and can evict without any intervention is really incredible.
Not necessarily a feature, but I would like to include their staff as valuable. Finding security analysts that are this knowledgeable, is not very easy. Knowing that these analysts are looking over our environments really helps us all sleep a little better at night.
What needs improvement?
In the beginning, we were having issues with the LMNTRIX respond agent not playing nice with Cisco AMP. We had PCs that were crashing because resources would peg and the box would be unusable.
We understood that running both endpoint protections was not the best thing to do, but we went through the exercise anyway. We wanted to verify that it was working as well as promised before removing Cisco AMP from our PCs. After much testing, we were thoroughly convinced that it was a superior product for us and what we needed.
For how long have I used the solution?
We have been an LMNTRIX customer for about two years.
In those two years, we have expanded the products we are using, as well as implementing them in more environments.
What do I think about the stability of the solution?
The product has been very stable. We are able to run our Server endpoint protection first in detect mode so that we can correctly whitelist what we need without breaking anything. Once we are ready, we can change to protect mode which then starts blocking threats.
What do I think about the scalability of the solution?
This solution is easily scalable. We started out small and added both products and additional endpoints in several environments without issue.
How are customer service and technical support?
Customer service has been outstanding. We have a monthly check-in call with their team to make sure everything is working well and to discuss any incidents that were found in the last month.
Which solution did I use previously and why did I switch?
We were using Cisco AMP on all of our endpoints. AMP worked very well, but we weren't getting the 24/7 monitoring and validation that we were looking for.
How was the initial setup?
Setup is extremely simple. We are able to push out the respond-agent to endpoints using SCCM. Hunt and Decoys come as OVAs that easily deployed in our virtual environments.
Overall, the initial setup was very straightforward. The LMNTRIX engineers worked with us to make sure the setup went smoothly.
What about the implementation team?
We went through a VAR. When we implemented, we used the VAR's, LMNTRIX, and our engineers to make sure we were fully covered.
What was our ROI?
Our ROI is hard to say, although I do know that our investment is much cheaper than a security breach. Being that we are providing drinking water to customers, we need to take every precaution to keep all systems safe.
What's my experience with pricing, setup cost, and licensing?
The cost is going to be a little higher than traditional endpoint protection, but you are getting the 24/7 monitoring and validation by highly skilled analysts and that makes it worth it.
Which other solutions did I evaluate?
We had previously looked at Sophos, Trend Micro, Cylance, and the endpoint protection from Palo Alto.
What other advice do I have?
For companies like us that couldn't afford to setup and staff a 24/7 SOC, LMNTRIX is the perfect solution. Have them setup a proof of concept and show you want it can do for you.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?