What is our primary use case?
My job position is Cybersecurity Engineer. We use the solution as an EDR or endpoint detection response. As EDR is, it is not the primary endpoint protection as it can not control the risk. This product is working as behavior monitoring for the end users. These monitoring products are not controlling the endpoint. For controlling the endpoint, you can use EPP (Endpoint Protection) products like Symantec Endpoint Protection, Trend Micro Endpoint Protection, one that was called OfficeScan — now the updated one is called Apex One — or other strong endpoint protection solutions like Sophos Intercept X and so on. But Malwarebytes is just EDR. EDR is mainly for detecting usage behaviors. It is evaluation and it is not technically protection for the user environment.
What is most valuable?
The interface is not so bad. The dashboard actually is good. It is simple. But it is not able to produce simulated attacks.
What needs improvement?
I know of more than ten critical cases with clients which affect their use of the product adversely. We work with the Malwarebytes company a lot and have discussed the existing problems with the manager of Research and Development. He would not just say "You are right." But even though he knows that there are issues, there have been no changes in the results and improvements with the product even up until now.
I want to help secure the environments of the clients I work for. I want to benefit a lot of people, a lot of clients and a lot of users. I have specific things, technical details for each feature and each use case that I have worked on. But the company is not making the broader changes they need to in the product to make it an effective solution.
The most obvious problem is that basically the product comes up with a lot of false positives. This needs to be resolved.
There are other particular pain points with the current solution which have to do with the reporting and the problems with difficulty of installation. But these are still not the biggest problems for people using the product.
An additional feature I would like to see is a randsomeware roll back for 72 hours and for 100 GB of files. It is supposed to be a feature in the EDR to defend against randsomeware. But we cannot stop ransomware with EDR. We are supposed to be able to roll back the encrypted files. But it is a fact that, in production, we can not effectively roll back the ransomwares and encrypted files after this kind of attack. The company fails to say we can not go back. It is an important feature in these products and to the clients. But it is not effective.
For how long have I used the solution?
I have been implementing this solution as a technical consultant in IT and I have implemented this solution more and more over time starting one year ago.
What do I think about the stability of the solution?
The product is not stable. It is not broken all the time but the stability of this solution needs to be improved.
How are customer service and technical support?
They have not been receptive to our suggestions about the product and have not resolved the issues that we have reported in great detail.
Which solution did I use previously and why did I switch?
We are currently looking for a new solution because I am not satisfied with the product or the effort of the vendor to meet the needs of users. I have gone through the trouble of making a table for competition analysis between various vendors to see how they compare and that includes several vendors of EDR solutions including Malwarebyte, enSilo, CrowdStrike, Carbon Black and SentinelOne. I think we will end up working with Carbon Black or CloudStrike. But the current solution with malwarebytes does not perform well enough to properly protect our clients.
How was the initial setup?
I find that the setup and configuration are complex and difficult.
What about the implementation team?
We are the ones who do the installations and implementation.
What other advice do I have?
I have a lot of baggage with this product because of problems I have with the customers, the implementation, the configuration, the settings — it is very, very troublesome. There are various players on the course now. Some solutions may perform better.
I have had a bad experience with Malwarebyte in general. There are a lot of issues I have caught. I wrote these issues down to compile them and then I sent the information to Malwarebyte. Over some time, there was no improvement from the research and development or technical support from this vendor. I have only a few words about this product: It is not good yet. But they have also show almost no interest in improving it.
The proxy setting is a very nice feature. But, with that, you can not remove the proxy settings for the clients who are going out of the office for travel. You have to go to each laptop and write a manual cmd (command line) script to remove the proxy settings. It should not be done this way. It is just another example.
On a scale from one to ten with one being the worst and ten being the best, I would rate this product as a one-and-a-half. It is one of the worst products which I have ever used. If I have to choose a whole number it does not round up, it will round down to a one.
Which deployment model are you using for this solution?