We just raised a $30M Series A: Read our story

Endpoint Protector OverviewUNIXBusinessApplication

Endpoint Protector is #1 ranked solution in top Data Loss Prevention (DLP) tools. IT Central Station users give Endpoint Protector an average rating of 8 out of 10. Endpoint Protector is most commonly compared to Symantec Data Loss Prevention:Endpoint Protector vs Symantec Data Loss Prevention. The top industry researching this solution are professionals from a comms service provider, accounting for 84% of all views.
What is Endpoint Protector?

Content Aware Protection
Scanning data in motion
Monitor, control and block file transfers. Detailed control through both content and context inspection.

Device Control
USB & peripheral port control
Lockdown, monitor and manage devices. Granular control based on Vendor ID, Product ID, Serial Number and more.

Enforced Encryption
Automatic USB encryption
Encrypt, manage and secure USB storage devices by safeguarding data in transit. Password-based, easy to use and very efficient.


eDiscovery
Scanning data at rest
Discover, encrypt and delete sensitive data. Detailed content and context inspection through manual or automatic scans

Endpoint Protector Buyer's Guide

Download the Endpoint Protector Buyer's Guide including reviews and more. Updated: November 2021

Endpoint Protector Customers

Samsung, Toyota, Philips, Zeppelin, Western Union, eBay

Endpoint Protector Video

Pricing Advice

What users are saying about Endpoint Protector pricing:
  • "Pricing is quite reasonable. For smaller organizations, it lets them get into the product domain, whereas a lot of vendors won't even talk to them. CoSoSys is just about at that sweet spot of being serious enough that you have to budget for it, but at the same time, affordable enough that the value is well worth it."
  • "For what it's doing, the cost is somewhat high for us, but it's the cost of doing business with the clients that we have."
  • "It has a fair price. They just changed recently from perpetual licensing. When I bought it, I bought it on perpetual license, then they changed the whole company policy to go to subscription. It was a bit of a shock to us because we haven't upgraded it that many times. However, after speaking to CoSoSys directly, they gave us a very good renewal price."
  • "We have a limited budget for our media section. When we purchased it last year, we migrated from a different solution to this solution, and at that time, they told us that the cost will remain the same, but this year, they increased the price by 20% or something like that. I am not sure about the exact price, but let's say from 8,000, it increased to 10,000. It was a huge gap, and we couldn't bear this cost because we have a limited budget. When we spoke to them, they understood our problem and reduced it to the same price that we had last year."
  • "I don't have any issue with the licensing and pricing. I would love for it to be cheaper, but at the same time I'm getting a lot from it."

Endpoint Protector Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
BL
Security Architect at a tech services company with 11-50 employees
Real User
Top 10
Enables us to search for keywords, a process which is a critical part of our security operations

Pros and Cons

  • "There are effectively two areas of DLP to look at from a technical perspective. One is how it performs the pickup of information traversing the system and the other is how the policy engine, which analyzes the data, works. On the first aspect, CoSoSys is probably best of breed for macOS because they're reasonably well-integrated into the operating system. They're looking at the file system operations level, not at the execution level."
  • "The policy engine could use a bit of work. They're definitely going in the right direction. We've been working with them over the last few weeks to try and optimize that. But it's reasonably clear that they're just not putting as much effort into the policy engine as into other things, like content discovery."

What is our primary use case?

We use it for detecting the traversal of data through endpoints. We keep a multi-tier isolated environment, so we have inner and outer cordons of access control. And over VPN, users could potentially be one of the exfil points, at least the privileged ones with access. Being able to identify when information enters the system and leaves, based on a number of complex criteria, because we work with medical information from all over the world, is the purpose of it in our organization.

The solution is all on-premises. We're a healthcare organization, and that's actually one of the reasons we use it. We can't have a lot of our security functionality in the cloud.

How has it helped my organization?

We operate a Waterfall scene mechanism. We trickle up data from a bunch of different endpoint and network solutions to a central event and processing correlation mechanism. We're able to detect when somebody accesses data internally and correlate that to a DLP event when a file lands on their system. It actually provides a data point within our global view. It's an ongoing operation.

We also use it to monitor all clipboard activity. When a detection occurs, we can generally identify it pretty quickly, but someone would have to be copying some pretty specific data to match the policies we've created. When it occurs, we know. Generally, it's also in the line of business. We have healthcare analysts here, and that's what they do all day.

What is most valuable?

There are effectively two areas of DLP to look at from a technical perspective. One is how it performs the pickup of information traversing the system and the other is how the policy engine, which analyzes the data, works. On the first aspect, CoSoSys is probably best of breed for macOS because they're reasonably well-integrated into the operating system. They're looking at the file system operations level, not at the execution level. Whereas things like Forcepoint are looking at the applications being run and they try to apply policy to that. The pickup paradigm is a lot better than their competitors.

The search for keywords, in our security operations, is critical and we use Endpoint Protector for that. We're a HITRUST-certified organization, and one of the things we need to do is be aware of the movement of personally identifiable health information. Since we work multi-nationally, we have to be able to identify PHI from across different countries and their different medical coding standards.

Another valuable feature is the  Content Aware Protection. We use the device thing to some degree, but it's the Content Aware Protection that's critical for us. That's the aspect of it which is DLP. The content protection engine is what detects the data when it's traversing, and the rest of it is other ways to lock down the system from being able to move data in and out. But the detection aspect of it, that's the really key part for us, because we have to be able to record that, even if it's completely legitimate.

It's quite easy to manage DLP in a hybrid environment because you have the centralized server that receives telemetry from all of the agents. And because that's what's forwarding the telemetry on to subsequent log ingests, you get a single data stream across all of the agents. We also have host intrusion detection, which is backing a lot of this stuff for us. We have full command execution logging in every machine. Every command that is run is recorded. We can cross-correlate very tightly between the DLP and what's being done on the machine itself. That way, we know execution and data movement.

We use the role-based access features, for the teams that administer it, to some degree, because we have an auditing agency that reviews our policy compliance. It's satisfactory. We don't have complex requirements for it. We've got a couple of internal admins with equal privileges and then we have an auditor role. It seems to work fine.

What needs improvement?

The policy engine could use a bit of work. They're definitely going in the right direction. We've been working with them over the last few weeks to try and optimize that. But it's reasonably clear that they're just not putting as much effort into the policy engine as into other things, like content discovery.

It's somewhat lacking in terms of the granularity of the policies that you can create. Because this is a Mac environment, you have slim pickings. You have really good detection mechanisms, like Code42, but a lot of those players don't operate at the medium business size. So, in terms of the market segment, CoSoSys is really the only player that will be able to still effectively pick up on it, so they're the only game in town on policy. They don't really have much competition in this segment.

For how long have I used the solution?

I've been using CoSoSys Endpoint Protector for two years.

What do I think about the stability of the solution?

The stability has been quite good. They did have one shaky patch cycle in the last two years, but compared to the ginormous mess in this industry right now, they're definitely doing better than most.

What do I think about the scalability of the solution?

The scalability works for our use case. It's actually quite resource-light for what it's doing. Being an OSSEC author, I'm writing a C application that does a lot of the same stuff for processing of live-streaming, textual telemetry. They did a lot of optimization work to make this efficient. It's an expensive operation, inherently. What they're doing is really CPU-costly. Most of the time they don't match on anything, and the worst thing that an expression engine can do is not find anything.

We are constantly growing. We're probably going to be growing by 30 or 40 percent again this year. We're going to have to bump up our license counts.

How are customer service and technical support?

Our experience with their technical support has been better over the last year. Initially it was a little bit shaky, but they've definitely gotten better. There's always room to improve, but on a scale of one to 10, they're probably at a six or seven. They're doing better than the rest of the industry, like Cisco for example, which is a one out of 10.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

We just used a Zen appliance, so it was incredibly straightforward; it was effectively drop-in.

Configurations are ongoing. As we get new data in, we do continue to configure. And, obviously, with updates and new features and features being removed, changes are made all the time, but the initial deployment took about half a day.

Our implementation strategy was to understand our data first. We do a lot of in-house software development, so we understand regular expressions, pattern matching, and mechanisms like that; what's expensive and what's cheap. We defined what was identifiable in our data, figured out an identification strategy and policy mechanism first, and then went to implement it across the board. We knew that the number of endpoints we had was relatively small.

In terms of the staff employed in the deployment, we're probably not typical. We hire top-tier talent. Everybody here starts out well into the six-figure range. So it takes one of us to deploy this. We're not your average shop.

In terms of maintenance, there's the occasional update. There is almost no downtime. The hypervisor is more unstable than the VM itself.

We have about 100 people using Endpoint Protector across our organization. It's literally everybody in the organization, including me and the CTO and the CEO. We're all beholden to this. There are no exceptions.

What was our ROI?

You get ROI in the first year. Endpoint Protector is a facet of our visibility into the environment, but it's a daily-use facet. It's like the passenger-side mirror on your car; you use it all the time. You could probably live without it, but you use it all the time. It's a necessity and it's a useful one. It's one that I endorse within our company to relicense every year.

What's my experience with pricing, setup cost, and licensing?

Pricing is quite reasonable. For smaller organizations, it lets them get into the product domain, whereas a lot of vendors won't even talk to them. Endpoint Protector is just about at that sweet spot of being serious enough that you have to budget for it, but at the same time, affordable enough that the value is well worth it.

Which other solutions did I evaluate?

I work across the industry. I've used just about every solution. In the Mac space, CoSoSys is probably the market leader, because of the level of detail that they've put into the platform is very significant. They really did bother to optimize it and to make it run efficiently. A lot of these tools are afterthoughts on Mac and, if they do run at all, they destroy the machine. When you have a bunch of engineers trying to code, they notice.

This solution is right up there with Forcepoint Data Loss Prevention and Digital Guardian, but Code42 Next-Gen DLP is probably the closest comparable thing. But that is not a data loss prevention tool, it's just an identification and tagging tool. But it has a very similar semantic of pickup and analysis. 

Endpoint Protector is in the same market space as Forcepoint, in terms of pricing, but it's an apples-to-oranges comparison. Forcepoint is pretty well-known for having a good policy engine, but their detection and pickup mechanism, especially on the Mac platform, is just not practical. I can walk around it in my sleep. Again, we hire highly-talented engineers who can do the same thing, so if one of them decided to go rogue on us, Forcepoint just wouldn't help.

What other advice do I have?

In my private practice, I work with a lot of other firms, including some design firms that are Mac-based and, as they start to ramp up their security—because they're now becoming vectors of attack into their own customer bases—this product is definitely something that's on the radar.

The ability to lock down a wide variety of USB devices is a secondary thing for us, because we do central policy management through another solution, so we have devices locked down through other policy engine mechanisms. But it is very convenient how CoSoSys has implemented it. That ability is definitely on the list for us but not at the top because for us, for policy regulatory compliance, we have to be able to tell when the data is moving in and out. That's the big thing we look at.

In terms of Endpoint Protector's support for Windows, macOS, and Linux, in our case, Linux is a non-starter. We operate big-data clusters. DLP just doesn't work in that context. The information is broken out into multiple pieces and spread all over the environment and traverses between the nodes as part of computation. DLP can't work in that kind of technique. As far as the Windows mechanisms go, we currently don't have Windows workstations or any Windows assets. I'm a red-teamer by trade, one of the people who gets paid to break into places, and Windows has a shared authentication model, meaning that if I compromise one of your servers or workstations, I can basically move unfettered throughout your network. Our environment is a mix, a heterogeneous environment, so that attackers would have to adapt to every different point they want to compromise.

Overall, Endpoint Protector really provides what you expect from it. There are no huge surprises one way or another. If you do your research, it's exactly what they say in their advertisements. They are not promising things they can't deliver. It does its job well.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
TB
Information Security Manager at a financial services firm with 5,001-10,000 employees
Real User
Enables us to block and blacklist all types of USB devices

Pros and Cons

  • "The versatility regarding the exit point Endpoint Protector supports in making sure that important data doesn't leave our organization is vital for us. In the industry that we're in, data breaches are a significant concern. While our staff is contractually required to maintain confidentiality and they're all very aware that they shouldn't try and transfer company data of different classifications elsewhere to non-company devices, there's a risk."
  • "Sometimes, it should try to focus on one thing rather than multiple things. Endpoint Protector does device control very well, which is why we use that particular function."

What is our primary use case?

I work for a financial services company. As a consequence, we work with multiple lenders and lender clients; essentially banks and building societies. There's a requirement in this industry for tight controls from an information security point of view. For many years we've had industry requirements to deploy a number of technical controls to secure things like device control.

Prior to using Endpoint Protector, we used Ivanti Device Control. However, from the UI point of view, it was a bit of a dated product, and some of the functionality wasn't brilliant. We also took a recommendation from our service provider, who had been using this product with other customers, and as such we deployed CoSoSys Endpoint Protector. We primarily have one single purpose, which is to secure all of our endpoints, mostly laptops. We have a very small number of client computers as well, but we primarily use it to block all removable media and all USB points on the laptops.

As a business, we don't enable and support the use of removable media. We do have a small number of use cases where that is allowed, primarily within our IT team, but they are the exception. As such, every single USB port is blocked across the business with Endpoint Protector to mitigate the risk of somebody intentionally, accidentally, or for whatever reason being tricked into inputting their USB drive into our network which would then cause potentially a risk to the confidentiality, integrity, and availability of our data.

We have a contractual requirement for us to have a tool like CoSoSys. It mitigates risk for us as a business by enabling us to be sure that no one can exfiltrate data from our company via USB media or be infected by malware by plugging a device into an endpoint.

We only use that one particular feature. I believe there are other features available but I don't believe we pay for the other elements of functionality of the software. There are other features like DLP within the software, however, we have a suite of additional tools within our business to control those other elements so we use CoSoSys exclusively for device control.

We only use it for a very small use case. It certainly has a wide range of functionality, although, we don't use the vast majority of the functionality because we don't pay for it or because we have other tools in place that are specific for a certain purpose.

What is most valuable?

The granularity of the policies that we can create is good. We block USB media. One of the reasons we left our previous provider is because of the lack of this functionality. We have built some custom rules to make exceptions for staff members that should be able to use USB media. Of course, the ability to amend and write policies is far more granular than the previous product that we used. Switches, disabling and blocking Bluetooth, weren't available with our previous supplier. 

The feature that locks down USB devices means that if you plug removable media into any of our USB drives, it blocks it. As we block, we blacklist all the types of USB devices, and the cloud running trail blocks that. If someone puts the USB drive in, it will block them from opening that drive or even registering that drive. If they want to make an exception, they have to make a formal request to do so, and that can be made either by email or through an application to our IT desk.

The versatility regarding the exit point Endpoint Protector supports in making sure that important data doesn't leave our organization is vital for us. In the industry that we're in, data breaches are a significant concern. While our staff is contractually required to maintain confidentiality and they're all very aware that they shouldn't try and transfer company data of different classifications elsewhere to non-company devices, there's a risk. If we didn't have Endpoint Protector in place, they could plug in a USB drive, copy a file onto the USB drive, and then take that onto their personal computer or share it externally, whether that be with the press or the public, etc. This tool stops that from happening. It means employees are unable to share files and exfiltrate data via that channel.

We have other controls to stop other channels. One of the biggest concerns for us as a business is employees sharing data via the internet, dragging files and confidential information from our computer drives into Dropbox or into Webmail, et cetera. We have other controls and tools to stop that. But Endpoint Protector is used exclusively to stop USB media.If we didn't have Endpoint Protector in place, they could plug in a USB drive, copy a file onto the USB drive, and then take that onto their personal computer or share it externally, whether that be with the press or the public, etc. This tool stops that from happening. It means employees are unable to share files and exfiltrate data via that channel.

We have other controls to stop other channels. One of the biggest concerns for us as a business is employees sharing data via the internet, dragging files and confidential information from our computer drives into Dropbox or into Webmail, et cetera. We have other controls and tools to stop that. But Endpoint Protector is used exclusively to stop USB media.

For how long have I used the solution?

I have been using Endpoint Protector for 18 months.

What do I think about the stability of the solution?

The stability is very comfortable. We have no qualms or concerns. There have not been any incidents or issues with it not working, or any problems that I'm aware of. Any kind of such problems would be raised to my attention and discussion review, and there haven't been any concerns raised by users or with our IT service desk. There has been no concern there.

What do I think about the scalability of the solution?

Scalability is about the policies. We could deploy it simply to larger groups of people as and when required. There's a procedure where we deploy using an RMM tool. It's easy to deploy.

At present, we don't have plans to increase usage. We have a number of different controls and requirements, and we have specialist tools for each of the different requirements. We're also trying to move towards a Microsoft stack where possible because we have so many different tools in use. Microsoft doesn't do device control. 

How are customer service and technical support?

I have never personally been involved with technical support. There was joint deployment with our MSP. There have been no problems, so I think it's fairly positive.

Which solution did I use previously and why did I switch?

We were previously using Ivanti.

How was the initial setup?

The setup was quite straightforward and didn't cause any issues. But I wasn't involved. Our IT system team deployed it around 18 months ago. I was quite new to the business at the time. It went relatively smoothly, there were no hiccups, and there were no deployment problems.

It took under a few weeks to implement. It was not a couple of weeks of solid work. We deployed it slowly within a UAT testing environment and only on a small number of laptops. Once we were comfortable that the config was working as expected, then we deployed our tool to other users. We deployed the end client to all endpoints using an RMM tool we use from SolarWinds.

What about the implementation team?

We have a managed service provider who we use to support some of our IT needs. They were the ones who recommended the products and they would have been the ones who actually implemented the product and do much of the actual deployment with our IT service desk.

The implementation required around 2-3 staff members. It was one person from the MSP and two people in-house who would have worked on that project to deploy it. It was a normal project team for the deployment of that size.

Day-to-day maintenance only requires one or two employees. We don't have somebody looking at it daily, but our service desk will review it, update it, and amend things within the tool as and when required. It really runs by itself, it's not a huge amount of maintenance, which is a good thing.

What was our ROI?

ROI is very hard to quantify but Endpoint Protector is ultimately priceless. If device control wasn't in place, any single data breach that could occur as a consequence of a USB device being able to transfer data externally could result, for us as a business, in considerable loss, and considerable fines. There are massive fines for data breaches in the UK.

Data breaches could have a very significant reputational impact on our business. It's very difficult to quantify, but we haven't had any of these breaches. If we didn't have Endpoint Protector in place, we would be at a higher risk.

What's my experience with pricing, setup cost, and licensing?

The pricing is very fair. No concerns. We don't have massive budgets, we're quite a small company, but we don't have small budgets either. I think it's quite competitive.

I don't believe there are additional costs in addition to standard licensing. 

Which other solutions did I evaluate?

We reviewed Ivanti Device Control, which is the previous tool we were using, and we compared it with Endpoint Protector's product set. Then we compared the prices and compared the features, and decided to go with Endpoint Protector over the previous supplier.

What other advice do I have?

We have a third-party that automatically encrypts confidential data transferred to USB storage devices. That's not a use case for us with Endpoint Protector.

We exclusively use Windows. We do have instances of Linux, but from an endpoint point of view, it is exclusively Windows. 

As a business, we're never going to move into a Mac OS environment, so the fact that it supports Windows, Mac, and Linux wouldn't be one of our prerequisites. We looked at Endpoint Protector to make sure it supported Windows but the fact that it supports all platforms wasn't that important to us. Obviously, if it didn't work with Windows we wouldn't have used it, but from that point of view, it's not important for us now.

We also don't use it to search for keywords that are important to our business. We have a third-party tool we've had in use for several years that classifies all our data and ensures that we have visibility of where data is and what type of data is at risk.

I would rate Endpoint Protector an eight out of ten. I'm by no means an expert on the tool, however, it does appear to offer quite a large range of different functions within the toolset. Sometimes, it should try to focus on one thing rather than multiple things. Endpoint Protector does device control very well, which is why we use that particular function.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Learn what your peers think about Endpoint Protector. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,305 professionals have used our research since 2012.
Ray Grau
Interactive Developer at Customer Communications Group, Inc.
Real User
Top 5
Good support that is responsive, stable with zero downtime, and the cloud-storage site blocking is helpful

Pros and Cons

  • "The most valuable features are the ability to prevent access to external devices, and also site blocking."
  • "This product provides zero-day protection for macOS, although I'm currently dealing with an issue on the most recent rollout of the Endpoint client that doesn't seem to be fully functioning."

What is our primary use case?

The main reason that we brought this solution into our ecosystem is that we work with a number of financial institutions who value all of their data, whether it's marketing material, all the way up to client data, which we don't really handle as data.

Because we do promotional stuff, we need to adhere to what our clients are asking us to do to lock down the ability to lose data. We use Endpoint Protector to limit our employees' access to removing data off of company computers.

We are running the current version of the server, which I updated recently. We are running different versions of the client on different machines because we're currently doing some testing to see whether our software has conflicts with theirs.

How has it helped my organization?

We are a smaller company and at this point, we don't have a whole lot of concern about losing data. So, in that sense, using Endpoint Protector has not really improved anything. On the other hand, we've had a couple of hiccups where some employees have had issues with operations like attaching documents. In this regard, it's given us a slight burden, although we've been able to resolve such issues fairly quickly.

As time goes on and we become more familiar with the system, this will change. For example, as we run tests, and as we've done certain implementations, we've discovered some bugs here and there in the process and we have resolved them.

Endpoint Protector absolutely gives us the ability to lock down a wide variety of USB devices and it is extremely important to us. We have multimedia machines, and these machines are used for editing video. We use external devices as caching services or caching drives, and giving certain people access to external devices like that is a risk. However, locking down other flash drives gives us flexibility. It means that our media department can use their external devices while other people cannot.

The versatility in terms of exit points and making sure that important data doesn't leave our organization is something that I find extremely useful. It's been able to do exactly what we needed to have done so that we're adhering to our clients' standards. It's extremely valuable because it's blocking everything that we need to have blocked.

Because we're a smaller company, most of us don't typically use flash drives or other external devices to move data. However, what we really enjoy is the ability to lock down different applications, such as a cloud storage app or even its related website. This means that nobody can move data from a machine to a cloud-based system, such as Dropbox, for example. We can lock down the Dropbox app and the website so it prevents people from moving data via the cloud to it. Another example is blocking FTP transfers and all of those types of situations.

This product has the ability to search for keywords to help make sure that specific data doesn't leave the organization, although we have not used it. At some point in the future, we may get to that level of granularity. However, from a business standpoint, this is not a significant concern at this point. This implementation is primarily in place so that we are satisfying our clients that specifically ask for this type of protection for their data. Thus far, this level of granularity has not been brought up.

What is most valuable?

The most valuable features are the ability to prevent access to external devices, and also site blocking. We have two of the main features that we enjoy the most, which are device control and then Content-Aware Protection (CAP).

In terms of policy creation, you can get extremely granular. The ability to have multiple departments and having the ability to assign computers on top of specific users is fantastic. We don't utilize that section, but if we had a centralized computer that multiple people would use, I really enjoy that I could specify which user gets which policy. It's the same computer, but it's based on a user-level granularity. It's not just global rights on the computer. I really do enjoy that, although I don't use it.

We are not currently using the functionality for the automatic encryption of confidential data transferred to USB storage devices, although it is on our to-do list. This is something that we need to test in the future.

Endpoint Protection provides a single platform to support Windows, macOS, and Linux, and so far, managing DLP in our hybrid environment has been seamless. I don't see much of a difference between the operating systems in terms of what can and cannot be done. This is extremely important to us because we are 95% Mac-based, with just a few Windows machines. Our Linux machines have just been retired since we've gone 100% remote.

With respect to the feature parity between Windows and Mac, they're identical. On the user side, I don't see a difference between Windows and Mac because what you can do on the client-side is quite limited. On the backend, or server-side, they're identical.

What needs improvement?

This product provides zero-day protection for macOS, although I'm currently dealing with an issue on the most recent rollout of the Endpoint client that doesn't seem to be fully functioning. It is absolutely important to me, but it has not been successful. This is something that they are definitely working on resolving. I've had multiple IT consults where we've brought on a couple of developers to try and figure out what's going on with the Mac's most recent update versus their most recent update.

For how long have I used the solution?

We have been using Endpoint Protector for between five and seven months.

What do I think about the stability of the solution?

Stability has been fantastic and I have had zero downtime. Once we solved the hardware issues, rolling out updates to the server has been flawless. So far, I've rolled out two updates and there has never been a software issue. The only problem was at the very beginning, and it was a hardware issue.

What do I think about the scalability of the solution?

We have not had to scale the system. The software needed a decent machine to run it, and that was it. There are three people who have access to the server-side. There is me on the technical side, one is the office admin, and the other is the VP of marketing.

We don't have plans to increase our usage at this time, but rather it will maintain where we're at right now.

How are customer service and technical support?

Technical support has been fantastic. They get back to me quickly. They're willing to schedule video conferencing so that I can share my screen. They're willing to bring on a level-two support technician to look at the details. They're able to supply everything for me support-wise.

Which solution did I use previously and why did I switch?

We did not have another DLP in place prior to this one.

How was the initial setup?

The initial setup was complex. I was not informed at the beginning of purchasing the software that they needed a cloud-based solution. They either hosted it at a cost or you needed your own dedicated server for it. I had been under the impression that they hosted the platform to then roll out updates, but didn't realize that it was a cost to it all.

It took more than a month to deploy because I had to source all of the equipment. They have a very good "how-to" document on deploying the software but once we got to that point, it was not the software causing a problem but rather, it was a hardware compatibility issue.

What about the implementation team?

It was just me in charge of deployment, so you don't need a dedicated implementation team, although I did ask the technical support team questions. During this, their support was amazing.

There are other people in the organization who use the product but technical-wise, it is just me.

What was our ROI?

As of right now, we don't see ROI explicitly. However, the value is that when our clients ask if we're doing specific things, we can answer and make sure that we're in compliance with what they want us to do, which is keeping their data safe.

What's my experience with pricing, setup cost, and licensing?

For what it's doing, the cost is somewhat high for us, but it's the cost of doing business with the clients that we have. Equivalent-wise, for what it can do, it's fairly close to the other competitors.

Which other solutions did I evaluate?

During the evaluation, we looked at Jamf and others. Jamf was a more Mac-based deployment software but they offered some of the things that we were looking for. There was a solution by Cisco but the price tag was so high that we didn't look at it further. We also looked at a Microsoft product, but they didn't offer anything on the Mac side.

What sets this system apart from everyone else is that it's one solution for multiple operating systems. Some products do really well in Mac environments but don't really have a good solution for Windows, and vice versa. This is one that covers the three operating systems that we need.

What other advice do I have?

The biggest lesson that we have learned from using this product is that it can keep our computers and data from leaving the organization. That's extremely valuable for us, and I can see how it would be so for other companies, as well.

My advice for anybody who is looking into implementing this product is to make sure that they understand the requirements for the environment ahead of time. Our biggest hurdle at the very beginning was that piece of hardware. You have to make sure that you have either the cost evaluated within the budget to have Endpoint host that solution, or alternatively, that extra piece of hardware to house an internal machine.

In summary, this is a good product and I don't have any suggestions for improvement. We're new to the software and it is quite detailed. I've been able to do everything that I need to have done.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Rene Wenger
Core Facilities & ICT Manager at MJB International LLC/ Al Masaood John Brown LLC
Real User
Top 5
Gives us control of what people can access, especially from external devices

Pros and Cons

  • "There are a lot of features, but the main feature is that I can use a device serial number to unlock any particular machine or for all machines. If I have a phone, like a Samsung phone, I can whitelist that specific phone for full access wherever it is plugged into any of our devices. This is the same with a USB, because most USBs come in bulk and have the same serial number. I can then whitelist that particular USB to be read-write with full access."
  • "When you want to uninstall and reinstall, there are a lot of issues. You have to do a lot of workarounds to reinstall Endpoint Protector. This is a major issue that we have constantly because we still have old systems with XP. While there are only very few, we need to run them because there are machines attached that only run on XP. When we need to uninstall and reinstall on XP or Windows 10, we have serious issues left in the Registry Editor everywhere. There is a lot of manual interference to get the reinstallation to work. For the uninstallation of Endpoint Protector, they need to work on this so it doesn't leave any leftovers behind."

What is our primary use case?

We use it to block USB and any external devices for read-write. We only allow people to read an external device, not to write to an external device, unless we approve it. Our main reason is that we have 30 percent of our workforce working globally around the world. In addition, a lot of them do not have WiFi access, as they are working in the desert. We needed an application that allows us to unblock or block something by giving a code and could be sent by WhatsApp or SMS.

It's hosted on the cloud, then deployed to workstations. This is a portal from the vendor that we have access to where we can see and remove the agent.

How has it helped my organization?

Once you put a policy in place, you can see if somebody is trying to access something, even if it's not allowed and will not go through. In IT, we need to make sure that we think first before applying the rules that we do want. We have different groups levels of access. Once you have done this correctly, then it definitely stops any misuse of data and leaks. However it is not the software. It's you, as the administrator, who has to make sure that the profiles are set up correctly.

Sometimes, we have engineers who are in the desert taking pictures with an external camera, etc., and they need to send these pictures ASAP to our online portal for reporting. These devices are normally blocked. We can then very quickly (within seconds) open up this device for a certain time to be fully accessible. Then, we do not have to worry about it because the policy will kick in after the period that we have given. This helps us a lot when people are onsite doing reviews of company sites and they need to send a report. It also gives us control of what people can access at that moment, because most of our field engineers have zero access to any external devices. They are only given the device once we decide, "Yes, they need it and for how long."

We are a pretty small company. We only have an IT engineer who administers everything along with myself. We don't have a big IT team; it's only one engineer and me. The access is great because we can do it from home. We don't need to be inside the company since all of it is cloud-based.

What is most valuable?

There are a lot of features, but the main feature is that I can use a device serial number to unlock any particular machine or for all machines. If I have a phone, like a Samsung phone, I can whitelist that specific phone for full access wherever it is plugged into any of our devices. This is the same with a USB, because most USBs come in bulk and have the same serial number. I can then whitelist that particular USB to be read-write with full access.

What needs improvement?

When you want to uninstall and reinstall, there are a lot of issues. You have to do a lot of workarounds to reinstall Endpoint Protector. This is a major issue that we have constantly because we still have old systems with XP. While there are only very few, we need to run them because there are machines attached that only run on XP. When we need to uninstall and reinstall on XP or Windows 10, we have serious issues left in the Registry Editor everywhere. There is a lot of manual interference to get the reinstallation to work. For the uninstallation of Endpoint Protector, they need to work on this so it doesn't leave any leftovers behind.

For how long have I used the solution?

We have been using it now for a little bit over one year.

What do I think about the stability of the solution?

The stability is very good. I had no downtime nor any other issues. It doesn't require a lot of maintenance from our side. We don't need to go, and make sure, "Is it running or is it not running?"

Even if people are not in our LAN, it's still protected. We have tested it in various locations.

What do I think about the scalability of the solution?

If you ever need more devices, it would be very easy to get more licenses within 24 to 48 hours.

We are using 162 licenses.

How are customer service and technical support?

If we have an issue, their support is great. They come back normally within the same day with either a solution or remote session to assist us.

We have rarely used Endpoint Protector support directly. We have very good connections with the reseller, who has a technical support that normally responds within the same day, or at least by the next day.

Which solution did I use previously and why did I switch?

We had GFI EndPointSecurity, which was a good solution. I can't say anything bad about it. However, GFI stopped developing the product. For our use of just blocking external devices, it was very good, but Endpoint Protector is quite a bit better and has many more features. Even if GFI would come back, I would not go back to them because I'm extremely happy with the functionality of Endpoint Protector.

How was the initial setup?

The initial setup is very straightforward.

Because our current system is from a different vendor, we needed to have minimum downtime. When we switched the old one off, we needed to switch the new one on instantly. The groundwork was done before the old one was switched off, then deployed over the weekend. Things worked absolutely fine. We had very few systems which didn't take the implementation. They were mostly those which were not online, but the rest of them worked smoothly.

What about the implementation team?

Our reseller assisted us in our initial deployment by setting up some basic rules and helping us to understand how it works. From there, we took over. They were extremely good in their technical knowledge of the system.

It all depends on how the reseller supports this installation. We had a very good overview by our reseller and support during the installation. I found the installation very straightforward and quick, but that all depends on your reseller and how good they are trained. This process was very technical for us. The reseller assisted us in switching over within two days from the old system to the new one.

What was our ROI?

It is a software where I always want it installed, then up and running. The only time that you need to look at or interfere with it is when new agents are coming in, so you can deploy them. 

What's my experience with pricing, setup cost, and licensing?

It has a fair price. They just changed recently from perpetual licensing. When I bought it, I bought it on perpetual license, then they changed the whole company policy to go to subscription. It was a bit of a shock to us because we haven't upgraded it that many times. However, after speaking to CoSoSys directly, they gave us a very good renewal price.

Which other solutions did I evaluate?

There are many vendors out there who do protection access of external devices. However, I haven't found any vendors, other than Endpoint Protector, who let you enable or disable the device without being on a WiFi, Internet, or just by giving a code. That was our main thing because maybe 30 percent of our workforce are around the world or somewhere in the desert with extremely weak Internet connections. This solution is a very good option where you can just send them an SMS code. Then, the code that we create depends on what we say, for example, "Should they have access for the whole day or 10 minutes?" Afterwards, I don't have to double check if the system is blocked. 

What other advice do I have?

Have a look at a good demo. You will see the benefits of the system. We only use it for device blocking, but there are so many other features. It depends what you want out of Endpoint Protector. An overall demo of its capabilities will let you see that it is worthwhile.

There is an application out there that does multiple things in one go. We looked only at blocking off other devices, but we are rethinking that. Next year, we will be looking to buy usage of all the other features. It would be nice to have one application that does multiple things in one go, which normally other people would use several applications and software subscriptions to do the same thing. 

There are so many policies that we have not even had time to explore all of them.

We don't use the EasyLock USB Enforced Encryption app to automatically encrypt confidential data transferred to USB storage devices. Instead, we have a secure online storage called FileShare, similar to Dropbox, but only for us. This way, people don't save it on their USB and actually have to send it directly. They can only then send it from the camera into their desktop or laptop. Then, from the laptop, they send it directly into our cloud system.

I would rate this solution as a nine out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Sanjeev Goyal
Head IT at Trantor
Real User
Top 5
It seems they have not properly tested the product, and customer support is very poor

Pros and Cons

  • "The product is forward-looking, in my opinion, which is a requirement nowadays."
  • "I have faced issues which shouldn't be related to this product. This product is purely a DLP, so it should only protect my data. I don't know what is happening with their agent or what is happening with the software, but it messes up my endpoint. For example, people are facing bandwidth issues. Before I deployed this on an endpoint, people were getting internet speeds of 40 or 50 Mbps. After deploying it, that would come down to 10 Mbps. And if I uninstalled the agent, it would go back to 50 Mbps."

What is our primary use case?

We primarily use the solution for DLP. 

What is most valuable?

I have not found any valuable features.

What needs improvement?

I bought it for my Windows, Linux, and Mac platform. Frankly speaking, I'm not happy with the product. The reason is that they have not tested the product in their environment. You can't really install it on any endpoint, because you never know what will happen.

I have faced issues which shouldn't be related to this product. This product is purely a DLP, so it should only protect my data. I don't know what is happening with their agent or what is happening with the software, but it messes up my endpoint. For example, people are facing bandwidth issues. Before I deployed this on an endpoint, people were getting internet speeds of 40 or 50 Mbps. After deploying it, that would come down to 10 Mbps. And if I uninstalled the agent, it would go back to 50 Mbps.

In my experience, they claim their product is very good, but I don't think so.

Software should be such that if you deploy it on any machine, it should not come up with issues. If it is blocking things I can understand that the engine behind the software is very good. But it is blocking things that are not required to be blocked.

The major challenge was my Linux environment, and that is why I took this product—to get it deployed on my Linux machine. But if I want to deploy it on Linux 1, 2, or 20, or some other Linux distribution, I need to reach out to the support team to get the agents. If I have paid for licenses, they should be on the portal so I can download all the different versions freely.

If I want to install it on any machine, I need to give the version of that machine and they will give me the agent. You don't know whether that agent is the latest one or not. And if you face challenges you have to go back to the support team again and say, "I have deployed it and I'm facing this issue." They will give you another version. I can't tell you all the challenges we have faced. I have not deployed it on a single Linux machine, and it was for Linux that I bought this product. I have just put it on Windows, because on Windows I am facing fewer issues compared to Mac and Linux.

It is not a straightforward installation or a straightforward configuration, for me or the end-user.

For how long have I used the solution?

I bought Endpoint Protector six months back.

What do I think about the stability of the solution?

If you talk about the server on which the application is running it's very stable. But if you talk about the agents, I have already explained how many issues I'm facing.

How are customer service and technical support?

Whenever we contacted support they would give us a resolution and we would apply it. One issue would get resolved but another issue would come up. It's like they considered us as a tester of their application.

In our company, we provide infrastructure services. People have their own environments on their endpoints. If they come across issues, every time we talk to support they tell us to show them the environment. It is not easy for us to get a developer to give control of his or her machine to CoSoSys support in order to showcase the issue.

I mentioned one point to the support team: "Please provide us the latest version of your product." That is how it happens with all products. If your company has come up with an updated version, you should reach out to your customers. Either publish it on your website, saying that you have a new version or new agent, or send an email to all your customers. When I put this comment on the ticket, the feedback I got from a support engineer was, "Please mention this to your account manager." He should not have said that. The support team should have gone to the management team and told them about the feedback they were getting from the customer. They should have said to management, "We need to incorporate these things into the system."

I never ever tell my clients to reach out to my management if they have issues. I'm here to address those issues. If I'm unable to do that, then I will reach out to my management to tell them this customer is facing these issues and we need to address them as a high-priority.

After that, I reached out to my account manager from whom I bought this product and I told him to escalate this issue. I said, first of all, that the tech team should reach out to the customer with the latest version. And secondly, that the support guy who told me to reach out to management should not have done that. The account manager escalated it to someone but I didn't get a call back on that topic.

It's a very serious matter. I was expecting a response from the account manager or from some senior person, but I never ever heard anything from the company.

It has not been so easy to get the support that I paid for. I should get prompt support during that year.

Which solution did I use previously and why did I switch?

A colleague who works with another company bought this product and he told me about it. The one thing I liked about this product was because it is for Mac, Linux, and Windows. If you go for other companies like Forcepoint or Symantec Endpoint Protection, they only give you a solution for Windows and Mac. In our company, we are about 60 percent Linux, 30 percent Windows, and 10 percent Mac.

How was the initial setup?

The server setup is very easy. They have an appliance and you just decide where you want to set it up. They give you some image files. You attach that file to your server and your server is ready. After that, you need to put your own efforts into the configuration, because with these guys the support is pathetic.

What's my experience with pricing, setup cost, and licensing?

If they gave it to me for free for the next year I would not go for this product. Pricing is one thing, but if they are not giving me a full, usable product, pricing hardly matters.

Which other solutions did I evaluate?

I have seen a demo of Forcepoint. Although it is not meant for Linux, rather for Windows and Mac, it is very easy to use. I'm thinking that if I had bought Forcepoint at least I would be okay with my Windows and Mac. Now I'm worried about all the three operating systems and I have paid a very handsome amount for the product.

In my previous company I was using Symantec and that is a wonderful product. But Linux was the challenge.

What other advice do I have?

I'm just waiting for the renewal. I will not use it again in the future.

DLP means blocking something, and I have not blocked anything. If you look at my configuration, I'm just reporting things in case something happens so I can fetch the logs and show them to management. But I don't want to face an embarrassing situation in front of management, because we are in the software service. We have proper SLAs. But if management comes to me and says, "Why didn't you guys block this?" I will not have any answer.

If I knew that support was fantastic, that if I did something and I got stuck I could reach out to support and they would help me out immediately, then I would try. But if I deploy something and I come across some issues, I don't know how much time these guys will take: two days, three days, or five days. They have no SLA. We are a startup but we have proper SLAs with our end-users and clients.

If CoSoSys made some improvements in their product and to their support, no doubt it could be very good. The product is forward-looking, in my opinion, which is a requirement nowadays. But because of the pathetic support and their internal team not doing proper testing of their product... Previously, people used to work only on Windows. But now people are mainly working on Mac or Linux. And now, because of the COVID-19 situation, people are working from home and it is necessary to deploy this product on endpoints to save company data.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Ahmad Jamali
Senior Engineer at GIG kuwait
Real User
Top 20
Makes management and upgrades easier and provides better control

Pros and Cons

  • "It is fantastic in terms of the granularity of the policies. It has many built-in policies, and we can add or create more policies as well. It is perfect, and it gives us more options. We have some users who go outside and then come inside. With EPP, we can even control those users who are outside. If they need to access the media that we are using right now, we can provide OTP messages so that they can access the media even when they are outside of their organization. With our previous solution, we were facing some issues in doing this."
  • "We are using it to only apply media restrictions. When we are installing a new agent, we have to install EPP manually on a device. It would be great if the installations can be done from the server instead of me going to each PC or device to implement EPP or using a policy. They should have some sort of system so that a domain admin can install EPP on all PCs from a central manager."

What is our primary use case?

Currently, we are using it only for the media access restriction. We're not like a bank or financial sort of organization, so we're not using EPP for DLP.

We have only Windows clients in our environment. We don't have macOS or Linux in our environment.

How has it helped my organization?

We were facing multiple issues when we were using a different solution. For example, for upgrading the software, if there was a new agent, we had to first remove the agent, but we used to face issues when an end-user was outside the organization. That solution required some sort of active link between the agent and the service to be able to remove the agent. With EPP, there is OTP, and we can put a password on the agent. Management is much easier. Upgrades are also easier.

If an end-user, who is not on our premises and is in a different country or location, needs to access the media, he or she can send us an email providing the information about the device. We can then provide an OTP. So, our IT department has less headache now. Overall, it's much better for our organization. Our management might be seeing the same or even more cost with EPP, but even if we are paying a little bit more than other solutions, in the end, the headache that our department IT used to have previously is gone.

What is most valuable?

All of the features are good if somebody has the budget. Our budget is limited and our purpose is just for media access. That's why we went only for this feature, but it has other features such as DLP or reporting.

It is fantastic in terms of the granularity of the policies. It has many built-in policies, and we can add or create more policies as well. It is perfect, and it gives us more options. We have some users who go outside and then come inside. With EPP, we can even control those users who are outside. If they need to access the media that we are using right now, we can provide OTP messages so that they can access the media even when they are outside of their organization. With our previous solution, we were facing some issues in doing this.

It provides us with the ability to lock down a wide variety of USB devices. It is better to have more options than having no options.

What needs improvement?

We are using it to only apply media restrictions. When we are installing a new agent, we have to install EPP manually on a device. It would be great if the installations can be done from the server instead of me going to each PC or device to implement EPP or using a policy. They should have some sort of system so that a domain admin can install EPP on all PCs from a central manager. 

After EPP is installed, the upgrade can be done from the EPP console, but they don't always work. Sometimes, there are minor issues with upgrades, but we are able to sort them with the help of their support. The EPP support is great.

For how long have I used the solution?

We started using this solution last year. This is the second year.

What do I think about the stability of the solution?

In terms of the stability of the software, I have not faced any issues in the last two years. It was never down or had any other problem. It has been working perfectly fine for the last two years.

What do I think about the scalability of the solution?

We never faced any issues. We have 520 to 530 endpoints.

How are customer service and technical support?

Their technical support is perfect. They were awesome whenever I had an issue and contacted them.

Which solution did I use previously and why did I switch?

We were using DeviceLock DLP. We were using it for quite a long time, maybe around 10 to 12 years. When we came across EPP, it was just a quick migration from that one to this one. We had the demo, and we were amazed. The options were amazing. That's why we quickly decided to migrate from the old one to this one. 

How was the initial setup?

Its initial setup is really easy. It is just like an appliance. We just have to install the appliance and configure it. We can install it either through a policy or one by one on our PCs. It was just a matter of time to install it for our organization. Overall, it didn't take more than two or three days.

What about the implementation team?

In our organization, we have some sort of policy that everything should be done by some sort of vendor. So, a vendor was here, but I can definitely say that the vendor did not do anything that we wouldn't have been able to do. I had to stand by the vendor, and I saw everything. It is clearly easy. There is nothing serious. We just had to import the appliance inside our VMware, and then we just had to go with the steps for the installation of the appliance.

It doesn't require any maintenance. We take the backup with the VM itself. Within the VM itself, there is an option to schedule a backup. We just need to update the appliance from time to time for any new updates. If we do an update, we also have to update the agents, but such upgrades and everything else can be done from the EPP console.

What was our ROI?

From my perspective, I would say that we have seen an ROI, but I have no idea of what the manager will say. The management would see the cost side and whether we are spending the same amount of money or more, but from a technical perspective, it has provided an ROI. It has been helpful in terms of time savings and ease of management. 

We have a really small team. Earlier, some of our users used to send us an email to open the CD or USB for them. We didn't have much control and information about who's asking for what or for how much time they need the access. We used to open it, and that's it, but now, with OTP, we know to whom are we providing access and for how many hours. Report-wise, we get to know whether a particular user used that OTP or not. If the end-user forgot to access the OTP, the OTP stays with him for, let's say, two weeks. They can use it anytime they want during that period. So, it is not like old solutions.

Now, nobody contacts us and says, "Kindly open this media now." They know everything goes through the OTP. Things are more systematic now, and the headache of the IT team is gone. We have control over who is using what sort of media or what exactly they are transferring to the media. Our control has improved. So, overall, we are able to see a return on this investment, at least for our IT department.

What's my experience with pricing, setup cost, and licensing?

We have a limited budget for our media section. When we purchased it last year, we migrated from a different solution to this solution, and at that time, they told us that the cost will remain the same, but this year, they increased the price by 20% or something like that. I am not sure about the exact price, but let's say from 8,000, it increased to 10,000. It was a huge gap, and we couldn't bear this cost because we have a limited budget. When we spoke to them, they understood our problem and reduced it to the same price that we had last year.

Which other solutions did I evaluate?

We only compared EPP with our previous solution. We did not evaluate any other solution.

What other advice do I have?

You won't face many issues with EPP. Based on my experience, I've not faced any issues other than those related to the upgrade. Sometimes, you might face minor issues for agents, but their support is awesome. They can easily fix an issue if you contact them.

I would rate Endpoint Protector a nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
BH
Information Technology Security Engineer at a comms service provider with 10,001+ employees
Real User
Top 20
Good cross-platform management and has the ability to lock down a wide variety of USB devices

Pros and Cons

  • "The search for keywords is very important in our security operations because one of the key use cases we had was for the ability to search keyword-based on an internal database of keywords that have been submitted by other project managers within the company that's around intellectual property. The ability to search on keywords was part of that."
  • "I would rate the role-based access features for administrators a six out of ten. There's work to be done on the granularity of roles that can be assigned to an administrator but there is role-based administrator access present. That's why it's not a zero rating."

What is our primary use case?

Our primary use case is for data loss prevention. 

What is most valuable?

The most valuable features are:

  • The OS platforms that it is capable of running on.
  • The ability to detect source code as well as file types for the policies. 
  • The SIM integration. 

These were identified previously as key features in a DLP program and Endpoint Protector had them. They are a business need.

The granularity of the policies that you can create is pretty good. I would give it an eight out of ten. It's very granular, but there are still more possibilities for granularity. There's still work to be done, but it's very granular.

Endpoint Protector offers the ability to lock down a wide variety of USB devices. That is a key feature. It was one of the main features we were looking for.

We plan to use the EasyLock USB-enforced encryption app to automatically encrypt confidential data transferred to USB storage devices. 

I would rate the versatility regarding the exit points an eight out of ten. The exit points are pretty diverse, cover the majority, and are constantly updated, but there are still some application types and categories that we would like to see in there. They are responsive to our feature requests and are quick to add applications to the list and categories to the list of exit points.

The cross-platform management is good. I understand that there are some features that won't exist because of the technical limitations that are presented based on Linux, for instance, versus Windows. There are some things you can't do in Linux that you can do in Windows. EasyLock, for example, is a technical limitation that they have because of the nature of Linux. There's work to be done there but I understand why there are technical limitations.

We use the clipboard granularity feature to monitor copying and pasting to specific exit points in a limited capacity. It wasn't one of the main use cases, so it hasn't affected our DLP implementation too much.

The search for keywords is very important in our security operations because one of the key use cases we had was for the ability to search keyword-based on an internal database of keywords that have been submitted by other project managers within the company that's around intellectual property. The ability to search on keywords was part of that.

What needs improvement?

Endpoint Protector provides a single platform to support Windows, macOS, and Linux devices. There is some improvement that is needed there. The policies must be created per OS and in a large deployment with the diverse OS platform use case which can get a little bit unwieldy. Room for improvement there could be a way to clone a policy and map the old policy to the new policy on a new OS. Right now, you would just have to open it up on two different screens and map it manually, but a way to clone it to a new OS and map the differences or map the similarities would be room for improvement.

I would rate the role-based access features for administrators a six out of ten. There's work to be done on the granularity of roles that can be assigned to an administrator but there is role-based administrator access present. That's why it's not a zero rating.

We would probably make better use of tier1 support texts and give them granular abilities within the user interface to help us administer it and then move it to a different tier 2 tech support if the role-based permissions were more granular.

A feature request would be treating a deny list as an exit point. We'd also like to have the ability to tie an allow list to a group rather than a policy so that the allow list follows the group of users or computers. Whatever policy they hit they're always allowed certain URLs. That would be a nice feature for management purposes. 

It could also use some minor UI improvements. There's a little bit of inconsistency in the UI that takes some getting used to.

For how long have I used the solution?

We've been using Endpoint Protector for about four months in production. Before that, it was about six months in the POC environment.

What do I think about the stability of the solution?

Due to the diversity of our use cases, we found a few stability issues during the POC and pilot phases. We weren't too concerned about it. Endpoint Protector has given us wonderful attention and they've considered us a partner in developing our product. The stability issues were resolved quickly.

What do I think about the scalability of the solution?

Scalability needs some work. There's probably a better way to manage policies. We only have 30 policies or so, but if we were to get into the hundreds of policies, it would be the way it's presented in the UI. That part could use a rework. 

In terms of scalability as far as deployment, there are no issues there. Policy creation is the only issue. Determining the effective rights of a machine needs some work. Needing to run a report every time is a bit cumbersome. An easier way to see the effective rights of a user or computer without having to run a report would be nice. Those are all scalability issues because as you get more complicated and deploy it out to more users and computers, those types of issues start to manifest.

It requires more administrators than we have due to the complexity that we have. We have two dedicated administrators and we're rolling it out pretty slowly. It depends on how fast they want to roll out. A team of five or so would, with one architect and two tier 1 and two tier 2-type support folks would probably do it for a deployment our size. The admins are IT security engineers.  

How are customer service and technical support?

I would give their support a ten out of ten. I have nothing but good things to say about them. They have good availabliity. 

Which solution did I use previously and why did I switch?

We supplemented our current DLP. The current DLP we had was within the Google Suite and Proofpoint through email. So we supplemented our DLP program with an endpoint solution, which was Endpoint Protector.

How was the initial setup?

The initial setup was straightforward. It was just an installer that we sent out through our configuration management software and once machines got sucked into that, we were able to group people through active directory sync.

We're a big company with over 20,000 endpoints. There were about eight months of POC and pilot. After the POC and pilot, we were able to deploy it to 20,000 endpoints in about two months.

What about the implementation team?

CoSoSys helped with questions we had, but it was all the internal workforce that did the deployment.

Which other solutions did I evaluate?

We also looked at Forcepoint, ObserveIT, Digital Guardian, SecureCircle, and CoSoSys. ObserveIT hit a lot of our requirements, except it couldn't do any blocking. All it could do was monitoring and warning. Their approach was a bit different. I don't think SecureCircle was a mature enough product for what we needed.

What other advice do I have?

My advice would be to do an extensive test on the DPI and detour features to make sure they're compatible with your environment before deploying to the whole company. Do an extensive pilot with all features turned on, and then evaluate the results based on performance decreased and accessibility restrictions or limitations. Deep packet inspection tends to break some of the internal capabilities.

I would rate Endpoint Protector an eight out of ten. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Alex Alexandre
system administrator at INSIGHT CREDIT UNION
Real User
Top 5Leaderboard
Clipboard granularity works great, enabling me to see copying and pasting to specific exit points, and report on it and block it

Pros and Cons

  • "Compared to a lot of the USB management systems out there, Endpoint Protector is the only one that comes with true USB management and the DLP side of it. I'm pretty impressed because I've used several solutions with DLP and USB management, and I've never seen granularity like this solution has."
  • "One of the areas where there is room for improvement is support. It takes time for them to respond. They need to respond on time. Instead of sending an email, I think it would be very helpful to say, 'Let's set up a WebEx to see what's really going on,' instead of the back and forth of email."

What is our primary use case?

I was looking for a DLP solution and Endpoint Protector happened not only to help with that, but also with the USB management piece. As a credit union we have a lot of sensitive data, so we need to be able to see it at rest and block it, and not only on-premises, but off-premises as well. A lot of people work remotely now and this solution is really working for me because once the endpoint is on there, I'm still in control.

How has it helped my organization?

I've seen, through all my policies, how exit points get blocked. The eDiscovery is one of the important things in Endpoint Protector. That's been working a lot for me, especially with the remote users. The eDiscovery allows me to see data outside of the network.

I have policies right now with eDiscovery for social security number, credit card, member number, and I created a duplicate SSN. So it's finding anything where that agent is installed, anything from the computer. It's finding all that data and it's reported to me.

What is most valuable?

I don't have a single most valuable feature. Every feature is really working for me. One of the reasons I bought it was for the USB block, but that's not as much a use case anymore since I have a lot of people working remotely. It's the DLP part that is more important to me right now, to pinpoint the data that's getting moved.

The granularity enables me to not only see a file, but to read inside the file and pull out the data inside it. The granularity is really pretty good on that. It's very important. Let's say somebody just exported a file or emailed a file or uploaded a file on the internet. Seeing the inside of the file is really important to me. Whether it's encrypted or not, I still can see inside the file.

I'm the only admin on it, but the role-based access is fine. I have one user that I give access to so he can just see device control and that's it. That's all I need him to see. I was able to do that, so I'm pretty happy with the role-based access.

I use the solution's clipboard granularity feature to monitor copying and pasting to specific exit points, and it works great. People are trying to get the data any way they can, from the clipboard and things like that. I'm able to see it, report on it, and block it.

For how long have I used the solution?

I've been using Endpoint Protector for going on two years now.

What do I think about the stability of the solution?

I'm pretty impressed with its stability.

What do I think about the scalability of the solution?

I don't see any issues or limitations with scalability. As long as you have the license, everything should be fine.

I'm managing about 300 devices right now.

How are customer service and technical support?

One of the areas where there is room for improvement is support. It takes time for them to respond. They need to respond on time. Instead of sending an email, I think it would be very helpful to say, "Let's set up a WebEx to see what's really going on," instead of the back and forth of email.

Which solution did I use previously and why did I switch?

I didn't replace any solution with this one. I was looking for a USB management solution. I have competitors like ManageEngine, but when I happened to find Endpoint Protector, with the USB and the DLP side of it in one solution, it was good to have that in one platform. I was going to have to find another DLP solution to be able to manage all this.

How was the initial setup?

The initial setup was straightforward for me. They have good documentation, so if you follow everything it should be fine.

My deployment took a month. The implementation strategy for the solution was to set it up, deploy it to a couple of test machines, and see how it was behaving. Once that was done, I deployed it to everybody.

It doesn't require any maintenance on my side, other than when the updates come available. I get them installed and that's it.

What about the implementation team?

I deployed myself.

What was our ROI?

I have definitely seen return on the investment when it comes to satisfying my auditors. I can show them I'm looking at all these things. And I'm protecting the credit union at the same time. It's really all worth it.

What's my experience with pricing, setup cost, and licensing?

I don't have any issue with the licensing and pricing. I would love for it to be cheaper, but at the same time I'm getting a lot from it.

Which other solutions did I evaluate?

Compared to a lot of the USB management systems out there, Endpoint Protector is the only one that comes with true USB management and the DLP side of it. I'm pretty impressed because I've used several solutions with DLP and USB management, and I've never seen granularity like this solution has.

I haven't seen any solution like Endpoint Protector. Everybody says, "USB management: We can control, we can block, etc." And you have other solutions that are DLP only. Having it all in one place is really helpful. Not only do I have the USB management side, but I can come back and say, "All right, what's in that USB? What sensitive data is in there?"

What other advice do I have?

I'm in a Windows environment, but I see it does MacOS, Windows, open sources. It has all of that on the platform.

I'm not using the EasyLock USB Enforced Encryption app to automatically encrypt confidential data transferred to USB storage devices. I'm more monitoring it. But I have the option of force it to encrypt.

Overall, I've never seen a solution with this much granularity. I didn't expect that. I did the demo, but it was only when I actually put in my environment and saw things and said, "Oh, wow." The reporting and the analysis have provided a lot of lessons learned. I didn't think I could get that much information.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.