My use case involves providing endpoint security. When I introduce the EDR system, in many cases, it replaces the current antivirus system as well. Therefore, my use case is to replace an old antivirus system.
The single agent, combined with the EDR system, delivers additional information and data for the EDR. Regarding the use cases, or maybe it fits better into another question about the motivation of the customers, I can see two approaches. The first approach is where the customer has an existing EDR system running, and their contract comes to an end. They are looking to either prolong it, renew it, continue with the current system, or look for something cheaper or better. When they reevaluate the contract, it's a sales approach to suggest that for a similar amount of money, not very much more, they can get something much better. It's not only a plain EDR or plain antivirus system - it's antivirus plus EDR. The difference in price is not much. Especially for the antivirus, the cross-platform capability is significant, as it's for Windows and Linux workstations and servers. Having one system for all platforms is essential. This has helped in two ways. The majority of customers want one thing for all, however, some customers definitely want two systems, servers separated from workstations. I have a big data center for banks, and they separate Windows Servers from Linux Servers. It is important for them to have two different systems. By providing this multi-operating system capability, I have engaged with customers via the Linux servers because the Windows servers are handled differently, so they were looking for a second different system, which opened the door for us.
