Binary Defense MDR Reviews

We're a big company with a small IT shop, specifically when it comes to IT security. We needed a partner that could be an extension of our existing team.

Binary Defense MDR has been that "bolt-on" that we need, giving us extra visibility into our environment and things that may or may not be seen by our existing products. That was really the goal of bringing an MDR in. We have a lot more visibility into things that we didn't before. It has made security operations a little easier, and that was the goal. Automation is king for smaller shops.

It has allowed us to have a little more peace of mind because we know, if somebody knocks on the door or gets on our network or even from the perimeter, Binary Defense is listening. They have adequately detected things and been able to let us know. Even if some things may not be actual threats, they're out there monitoring and letting us know when we might have an issue to look into. The biggest issue for most organizations is that they have people who don't know what to look for or who don't get enough visibility, especially internally on their network. Having a partner that is able to say, "Hey, you've got A, B, and C going on here," and actually filter what's an actionable threat versus what is just white noise, has been a great benefit for us. That was a big problem with our previous MDR: we got way too much white noise.

With every MDR, you go through a period of white noise first for a month or two. That period, for Binary Defense, wasn't anywhere near as long as it was with our last provider. There were reports that we would get from our last MDR that just weren't valuable, on a regular cadence. We also have other tools that Binary Defense integrates with, like Microsoft's Defender for Identity product, and they are able to respond at a faster rate. And there isn't a pile of noise that we have to go through and waste people's time. It's not just done with AI, but they actually have someone looking at a ticket and saying, "I've got X, Y, and Z," or "I've got possible indicators of compromise. Let me escalate to somebody."

Using Binary Defense has saved our organization time. I wasted a lot of time going through white noise tickets from our prior MDR. On average, I would see 10 or 12 tickets from them per day and, 90 percent of the time, they had no valuable information. They were things that really didn't need to be brought to my attention or that somebody in their SOC didn't really look at closely or correlate the data. Their white-listing time period was really long, and I gave them that feedback a lot of times in our one-on-ones.

With a new MDR, you expect a time period where you're going to get hit with white noise. We really didn't have that when Binary Defense flipped the switch. Sure, we've seen a little bit of white noise here and there, but nothing on the scale that we saw from our previous provider. We had a few oddball tickets, but they actually had valuable information, things that I didn't know were going on. We were able to change processes around those. That has been pretty helpful.

For example, our pen tester likes to be sneaky. They used one of our help desk tech's credit cards to create an account to do their tax with, and Binary Defence caught it. Through the purple test, we were able to identify that we needed to see this information. We changed our process so that when those tickets come in, we're able to copy our help desk so that they can verify things.

Binary Defense has definitely helped reduce our IT team's workload. It allows us to focus on things that are high-priority security issues. Our last MDR would just toss stuff over the fence. But this service has helped to reduce the footprint of escalations from a security perspective, and if something is a "911", they'll call and say, "You need to look at this immediately." That is very valuable because we're not wasting people-cycles trying to chase little things that may or may not be important.

Also, I've had phone calls from their SOC team where I have been shocked at how fast they have responded. For example, suppose one of our admins escalates somebody's rights. They have called me directly and said, "I've got a user here that's doing these changes," and that was within a few minutes of them detecting it. That is A1 customer service, especially when time matters from a security perspective. I believe the pitch that Binary Defense gives people is that they respond somewhere within 13 to 15 minutes, but they've always met or beat that.

Compared to our past MDR, their time to alert has been fantastic. Before, we had a lot of scenarios where we just weren't getting effective alerts. Binary Defense also has honeypot tech deployed and that has been really great. I've had some really good feedback from other ops folks about that. 

Their processes and the way they document their tickets have been really valuable to us too. With our prior MDR, they would say, "Hey, we see this," but there would be no technical details. We're a very technical group because we're so small. We have to have experience in a multitude of things. The tickets from our prior MDR just weren't valuable. With Binary Defense, we don't just get an alert, but also a detailed rundown of why they're alerting us on it. They tell us what was executed, or the username, script, or IP. That way, we're not wasting time investigating.

Customizability with Binary Defense is better than a lot of companies that I've seen in terms of modifying their playbooks and tooling them the way you need them. We've done a few things, especially after doing pen tests and purple tests, and we have been able to tighten or customize a rule. That has been really great. With our last provider, one of their failures was that they didn't really want to talk about their playbooks and there wasn't that level of customization that Binary Defense has. I definitely give them top points for that.

Their integration with other applications and tools is not something I would call a complaint, but it is something they need to work on. In my experience, a lot of our integrations are done through APIs. A lot of what I've seen so far from Binary Defense—not all of it—seems to be beta integrations.

For example, their Duo and Proofpoint integrations aren't really what I would call ready for production. They have probably been working with those vendors to work out the kinks, but they're really not 100 percent production ready. And while there isn't really anything valuable we would get from Duo from a reporting standpoint, sometimes Proofpoint's SIEM tool or SOC can see something that might be valuable. We already get alerts from Proofpoint, so it's not a "make or break", but I have given this feedback to Binary Defense: This is something that should go the API route.

Their Microsoft integrations are top-notch and they do some third-party stuff really well for log ingestion, but I would like to see Binary Defense's development team change over to an API connection, versus how they do it today.

Also, if I were shopping for an MDR solution today, I would not only look for a company that has the ability to alert, detect, and remediate, but also the ability to integrate vulnerability management. That's a big thing that they're lacking today. We offset that with another product, but that should be part of their product offering. I've given this feedback to our account manager too.

Another point is that maybe they should have their own SIEM offering. Today, they offer AT&T's AlienVault, which is a good product in its own right, but it's not something that they offer directly from themselves. It's the same thing with Azure Sentinel. They just started offering that as a product you can buy as part of their service, but it's not their own SIEM. I would be interested in seeing them build out their own SIEM and offering that as a product you could buy. That would be very valuable to their customers because they would not have to rely on their folks learning another system.

We've had Binary Defense MDR for about seven months.

So far, the stability has been good.

The feedback we got from another company that had passed on Binary Defense was that they thought it had good scalability, but they didn't think it would work for them. The reason that it wouldn't work for them was that they had too many kinds of devices. They not only had workstations and servers and endpoints, but they had a lot of specialized manufacturing devices that they needed to monitor.

That is no fault of Binary Defense. That kind of customer isn't really their target audience. Their target audience is shops that are purely Linux/Macintosh/Windows, that don't have specialized industrial products.

Their support varies on who you get, but in comparison with other companies that I've dealt with, like Rapid7 and a few others, I would give Binary Defense's support an eight out of 10. There are definitely some improvements that could be had, but those are more around training. I think they're going through expansion right now, building out their product and adding more folks.

My only call-out would be that they have some techs that need to take a closer look at account notes for customers. They may need to work with some of their newer folks and get them to be a little more attentive or a little faster in their responses.

I've had a couple of tickets where the replies were delayed, but those things happen when you're hiring new people or training them. Sometimes that slips through the cracks and there's nothing you can do about it.

Also, I can't say that Binary Defense has changed our security posture because our relationship, at least so far, has not been like that. They should probably add an SME or an adviser to each account. We have regular cadence meetings with our account manager, but other MDRs that I have PoC'd would always have, as part of their product stack, a time period where somebody from the SOC would say, "Hey, these are the things we saw." That's something our account manager does, but those other services would give recommendations on goals, from a security perspective, that we should look toward.

In terms of our partnership with them, I would give it a grade of 90 percent. Obviously, there are days when things fall through the cracks, you always have to calculate for human error, but it has been a great partnership so far. A year from now—and this is what we do with every product—we will reassess and evaluate and do a pen test to make sure that we're getting the security operations that we expect out of our products and teams. I would suggest that anybody in the midsize company space that needs a good partner to keep an eye on their environment, one that can be flexible in that environment, look at Binary Defense.

Positive

We had a prior company for a year called Arctic Wolf that we were not happy with at all. One of my colleagues who is a pen tester had suggested Binary Defense, and we ran a PoC with them. They did really well, scored really high, and they have been a great partnership so far. 

When we did the purple test with Arctic Wolf, they failed really badly. We gave them an opportunity over the course of a year to improve but they just weren't improving. They were wasting our time by pointing out things that were more "busy work" instead of actually addressing their problems. The big buzzword that they used was in saying, "Well, this is in beta." I would say, "Well, you're a production-level company. Everything in your playbook should not be in beta." I would hit them with random pen tests and, in almost every instance, they would fail. They might catch one or two things here and there, but they were things that I would have expected anybody to catch. And the things that they failed on were things that any MDR product that's worth its marketing should be able to catch.

We don't have anything in the cloud, we have some other sensors on-prem, but we do have their agents deployed everywhere. That means we have some Azure assets that have their agents installed. We have API integrations with all of our Microsoft products and some third-party stuff such as Proofpoint and Duo MFA. All of our servers and workstations have their agents deployed and we have the AT&T AlienVault SIEM set up. We have logs from our firewalls being sys-logged up to that and a few other products. We're somewhat blended but it's mostly on-prem.

In terms of the initial setup, my career path has been engineer-level, so for me, it was pretty straightforward because I'm familiar with how their configurations work. Someone who is, say, only five years in, might have a little more of an issue. But their documentation is done really well, once you get access to the portal. They have links that walk you through it step by step to do the configuration. Obviously, there is an expectation that you are at a certain level of IT experience to install and deploy it. But it was well within my expectations of what an MDR deployment process should be. 

The follow-up, from an implementation standpoint, could have been a little more fine-tuned. For example, with Proofpoint, Binary Defense doesn't use an API integration. They use some script with a VM to ship that data off to their cloud ingestion. I think there's a better way to do that but I can't fault them for that because that's what they're getting from Proofpoint. Overall, the complexity of the setup, between one and 10, was a seven or eight. For me, it was really easy.

The only maintenance that I've seen is agent-based, and that's all done through the cloud.

I worked with Binary Defense to implement the system. They have an implementation team, a few engineers and a product manager, who walk you through the process. Our experience with them was good. It was better than my last MDR deployment, in terms of how they ran the process.

Near the end, it was our team pushing forward certain things, but the things we were griping about were things that are out of their control, waiting for third-party vendors to address. But that is something I would have liked to have been apprised of earlier in the process, that they really didn't have a great integration with this or that. 

But overall, it was a night-and-day difference in comparison to Arctic Wolf.

We have seen ROI with Binary Defense, and my leadership is in agreement with me on that. Our CIO and our director of infrastructure both said they have had a really good experience with them, especially when compared to our last MDR. 

It has saved us a lot of time, headaches, and money overall. Today, it's not if you're going to be breached or attacked, it's when. That's the reality of the security space, so monitoring and having those insights are key. There will always be threat actors who try to exploit something. For example, as soon as the SVB failure happened, there were reports of phishing attacks increasing exponentially for customers of that bank. The threat actors understood they had a little bit of a window to attack these folks because they were vulnerable to a phishing attack. That's something you have to address in this space.

With our prior MDR, there would be three or four days during the work week, and sometimes weekends, where I was wasting time responding to tickets. Now, going into the evening or the weekend, the only time we get a call is for something that has actionable intelligence. That has been a relief for our team. We know that if something crazy is happening, they will call us and tell us we need to address it immediately.

All IT companies inflate their pricing to some extent. But sometimes companies don't have a big budget. The provider comes in with a high number and then they whittle it down to what both parties can accept. 

Binary Defense is hindered by the fact that the SIEM they are offering is a big part of their price point and they have to eat it, sometimes, when they try to get a midsize or small company. They either have to filter down their log ingestion or lose some of those logs at the end of the month to meet their cap. That was one of the only positives with Arctic Wolf. I don't know who they were using, but they claimed to have an unlimited monthly amount, and then had cold storage for 90 days.

That is one thing that is lacking for any MDR. It's not necessarily an issue specific to Binary Defense. It's just how their pricing structure has to be.

From the initial cost that Binary Defense came in with, we pared it down quite a bit over the course of 30 or 60 days. My leadership would say that their cost was high, but realistically, they were in line with the market.

They have a good product offering in terms of their XDR strategy, but they could retool it a little bit. I've talked to CSOs and other people in the security space— and this isn't just a problem for Binary Defense—but they have what I call the "package problem" where they try to "line-item" things. I understand they're a service and trying to make money, but the big players like Binary Defense and CrowdStrike need to talk with their marketing and product line people and say, "We need to offer an all-in-one solution."

Binary Defense also offers things like deep web scans and a new product that is a collaboration with ExtraHop Networks. They should look at providing their own product. And that deep web stuff should be in an all-in-one package. The reason that we didn't go with that is I didn't think the cost was worth it when there are third-party or even free tools that you can use to supplement that. It just didn't seem like the value was there. If it had been an all-in-one package, as part of the MDR, there would be more value in that. Maybe a larger company that has a bigger spend might be more inclined to mix and match and buy parts of it, but a midrange company like ours needs an all-in-one solution.

We PoC'd, Binary Defense, Rapid7, and a third product, but we eliminated that last one pretty quickly because it didn't meet our needs. Rapid7 had what looked like an okay product offering but we got some feedback from some CSOs and other people in the security space who were not happy with the product overall.

I wasn't happy with Rapid7 because they would not let us PoC their SOC. They would only let us PoC their MDR bolt-on. Near the end of the process they said we could PoC their SOC, and that really annoyed us because they had wasted our time saying that we couldn't do that.

At the end of the day, from a technology standpoint, Binary Defense met our needs for an MDR provider and checked all the boxes. They went above and beyond and that really played into our final decision. I also got some feedback from pen testers who said they had gotten really great feedback on that company and that influenced our decision as well.

You can't just take response time into consideration. The information that they respond with is just as important. But Binary Defense succeeded in both those aspects every time. During the PoC, their response time was really fast, within a few minutes. In my experience, they have been in the 89th to 90th percentile for response time, given what I would expect from MDR.

With Arctic Wolf and Rapid7 as examples, they would alert within a pretty decent amount of time, but the information wasn't as valuable. They would link to MITRE ATT&CK documentation, but that doesn't do you any good. I want to know "who, what, where, when". That's essentially what I get from Binary Defense, the meat and potatoes information that is most valuable to me as an IT professional. 

There are two types of MDR and security solutions today. There is the kind that deals with IT people who want to see a certain level of information so that they can investigate things on their own, and they need the right information in front of them. Other solutions are for IT folks who are at a certain level but they only want just enough information to allow them to check off a box. 

The playbooks for Arctic Wolf and Rapid7 were not that impressive. Rapid7's technology was a little better than Arctic Wolf's, but neither was anywhere near as complex or as well thought out, as a product stack, as Binary Defense.

Anybody who is looking for an MDR needs to have a serious conversation with their leadership about their needs or what problem they are trying to solve. That's what we did. In our case, the problem was that we didn't have enough people to keep our eyes on every single bit of day-to-day operations from a security perspective. We needed a partnership, an extension to our staff. And it has been great.

The big "gotcha" is you need to figure out what you need and what your expectations are for the cost. You have to weigh what it would cost to pay a full-time security person throughout, because they're not cheap. The market is screaming for security people right now. There are hundreds if not thousands of companies looking for security people. IT leadership has to say, "We can either pay X dollars per year for a SOC service to help us manage things, or we can get a manager and a handful of SOC analysts to bolt on to our existing staff and pay them 2X dollars a year."

Another driving factor is cyber security insurance. That space has changed a lot, especially in the last five years. That was a big talking point within our organization because we needed to tick the boxes or we were not going to be able to get cyber insurance.

Another factor to be aware of is long-term stability. Mandiant was on our shortlist when sourcing our prior MDR solution, and we didn't go with them because they were way overpriced. But what ended up happening was that the company was split up. So that was a concern of ours with Binary Defense. You see that in the market. There are companies that are really hot, they do really well, and then they get to a certain level and they're bought by a larger company. That was a conversation we had with our account manager. We asked what their "five-year" looked like and what their growth looked like.

That was the big concern for our CIO: Are we going to be replacing you in a year or two? Are we going to reevaluate this conversation because the relationship has changed or the quality of the product has changed because you've decided to have a third party invest in you and now you're not giving us the same product stack or customer service that we had? That has not been an issue so far. Based on the outlook that they gave us, it seemed that it was not going to be an issue.

We're using it as a security operations center. Our main product is an Intellectual Asset Management system hosted in a SaaS environment. We have two hosting facilities, one at IBM Cloud and one at Microsoft Azure. We wanted an external provider to watch those servers for any indications of compromise and to immediately intervene if there was anything of concern. 

As we have been growing, we wanted to ensure there are extra measures put in place, and therefore involved an organization that had the security knowledge and the capabilities to work with us in a customized fashion.

When our clients talk with us about storing their data in our servers, because ours is a SaaS model, they need validation that it is secure. Having this outsourced SOC, Binary Defense, ensures that we can look our clients in the eye and say, "Your data is secure. It is being monitored 24/7/365 by a dedicated team of security professionals." That's huge. We're buying peace of mind and the ability to tell our clients that their data is secure (and we know it's secure because we have a team of experts watching it all the time).

It has certainly improved our security posture. We were a secure organization six months ago but even more so now because of our relationship with Binary Defense. They give us that second set of detection and are looking at everything because that's their job. They're not doing security in addition to other things. They're doing security, period. That laser focus on security adds to our internal security posture. It's now the sum total of the experts within our organization plus Binary Defense.

Another benefit has been the time savings in client security assessments. When we tell a prospect or a client that we're using a managed, outsourced SOC, that saves the back-and-forth of having to justify our internal security operations. They know there's a fully dedicated team looking at security, and that saves us time and, potentially, wins us business that we might not have been able to previously.

The customization has been the most valuable aspect and was really the reason we ended up selecting Binary Defense. They worked with us to provide exactly the level of support, features, response, and collaboration we needed. We didn't have to force-fit anything. They were able to customize their offerings specifically for our needs.

The most important thing for us is that, internally, Binary Defense has a toolbox they can use in any way needed and they were able to layer onto the systems we already had in place. They didn't come in and say, "Oh, you have to scrap everything that you already have." Instead, what they said was, "Great, here's what you have and here's what we're going to layer on. We'll combine it all together and give you a unified impression." That was really important to us. We already had a fair number of security tools in place that we like and trust. The fact that Binary Defense could work with them and layer on top of them was huge.

I have been very impressed with the level of partnership, and I don't use that word lightly. They really are a partner. They're not a vendor, they're a partner. Their staff has just been superlative.

Another valuable aspect is that they have an excellent ability to integrate with other applications and tools. We have all the external servers that support our SaaS operations already complete and we're now rolling it out on internal servers, like engineering and development and support servers. I don't think we've had a single issue with compatibility. It just drops in. It's seamless. We don't need to reboot the system when we deploy the agent. The integration is outstanding.

They also bring a solid XDR strategy to the table. Another important aspect of our partnership is that we’re putting our trust in Binary Defense. I trust them, and that's really what this whole thing is based on. They need to earn that trust—and they have. In terms of the threat landscape and looking at issues that come up, they're very solid.

When implementing a system like this, one would expect false positives. It's going to raise issues from normal business operations that are actually fine but just look bad. There are two things to note here. First, the rate of false positives has been quite low and has actually been decreasing over time as Binary Defense learns our operations, which is great. Second, and more importantly, the things they were raising were completely reasonable. For example, we added an administrator to the server and received an alert, which was great, because if a bad actor were to get into the system, it would be detected.

The alerts we've received have been spot-on and we have had zero real alerts, which is a good thing.

We have been using Binary Defense MDR for about six months.

The stability of the solution has been perfect, other than one issue where an agent had high memory usage, but that has not come back. It's been reliable.

The scalability is fine. We're licensed for 1,400 seats and we're using about three-quarters of them so far, and we're continuing to roll out. There have been no issues with scalability. 

I can't speak to a scenario where you're deploying higher amounts of seats, but certainly, in the hundreds or low thousands, we've had no issues at all.

The technical support is excellent. We found that an earlier version of the agent had high memory usage and that was a bit concerning, but we raised the concern with their support team and they immediately replied that they had noticed the same thing and had a candidate fix already available. Other clients were already testing the fix and found it resolved the issue, and they asked if we would like to test it as well. We said yes and deployed it, and it totally fixed the issue. It then rolled out automatically to the rest of our suite with the next available update. It was seamless.

All software has issues and it's a question of how the provider addresses those issues, and Binary Defense was outstanding.

Positive

This is our first MDR SOC.

One of the reasons we considered Binary Defense MDR in the first place is that we have a several-year relationship with their sister company, TrustedSec. They do things like penetration tests and we have them on retainer for incident response. We envisioned that it would be—and it has actually been—a benefit having our MDR provider related to our security consultants. The relationship between Binary Defense and TrustedSec has been valuable for us.

Our deployment model for the solution is all Azure and IBM Cloud and we use an IaaS model. We have hundreds of virtual machines and we have rolled out the agent to each of them. We're fully a Windows organization, so we've only deployed the Windows agent. We've deployed it to virtual machines in Azure, Azure Government, and IBM Cloud, in various locations around the world.

I directed the team that did the initial setup. It was very straightforward. You run an installer and it's there and you don't have to reboot. It just works. I did this as part of the proof of concept and you're able to see it reporting into the master console within a few minutes. It's very easy. It's very well documented.

The solution doesn't require any active maintenance. It automatically updates. Every month or so I receive an email that says, "There's a new version of the agent. Here are the new features. Yours will auto-update within the next couple of weeks unless you've disabled auto-update." It's basically set-and-forget.

We received the information from Binary Defense but we did the work ourselves, but we did work with them to ensure we were going down the right path. They conducted checks on everything and reported back to us on effectiveness. We validated the approach with the team, but we did the work.

We had two people working on the implementation, but it wasn't full-time. We used an automated tool to push it out. We didn't deploy to hundreds of VMs manually.

We haven't yet seen ROI because we haven't had an issue, but these expenditures were approved by our board. It is known that this is money needed to protect the organization and reliably stay in business. 

There is a "peace of mind ROI", that can't be quantified. Do I think we're getting good value for the money? Yes, I do.

The pricing is on target. Working with their sales team on pricing negotiations was a pleasant process. They were very respectful of the constraints we had and I feel that we're paying a fair price.

If you're considering a managed detection and response solution but the cost is an issue, you can pay a fixed amount now or, potentially, a catastrophically larger amount later. There is a saying that there are two types of people in the world: those who have had a hard drive failure and those who will have a hard drive failure. The same is true in cybersecurity. It's not a question of if, but a question of when a security issue will arise. It is incumbent on every IT professional to have as many arrows in their quiver as possible for handling those situations. Ideally, we prevent it from happening, but if something gets through, we must be able to detect it and respond.

What you're buying is peace of mind. You know that even at 3:00 AM on Christmas Eve if something happens, it's going to be taken care of quickly, and that counts for a lot.

We evaluated other options but the key reason we chose Binary Defense was the customization. The MDR industry is fairly robust at this point and everyone has pretty similar capabilities. In fact, some of the capabilities of their competitors were actually a little ahead of what Binary Defense has, but the customization and the ability to work with us to fit into our existing environment was what catapulted the company to the top of the pack.

Most, if not all, of the providers we looked at, would work and have the base features we needed, but for our particular environment and the customizations we needed, Binary Defense was by far the best.

We still monitor internally so it hasn't reduced our workload, but it has made us more efficient. It's like putting on a pair of glasses. The world is sharper as a result of the information they're providing us.

With the last six months under our belt, I've been very impressed with the operations, both from a technical perspective as well as from management and executive perspectives.

The most important advice I can give is to make sure you're comfortable with the company and the staff. All of the products that Binary Defense competes with basically do the same thing. They're all good and they're all going to help you. So the top consideration is whether you are comfortable with the people you're interacting with.

With Binary Defense MDR we check and handle security issues, closing ones that are okay and acting fast on potential problems. It is all about keeping things safe and responding quickly to any cyber threats.

The alerts from using Binary Defense have been a significant benefit. They help us identify potential problems, prompting further research to determine if there is a cybersecurity incident.

Binary Defense has helped reduce security alerts by providing weekly recommendations on actions we can take to decrease them. It has significantly strengthened our security posture.

It has reduced our IT team's workload by handling entry-level tickets, requiring less research from our side.

The most valuable feature is reviewing tickets and the notes added by technicians. It helps us decide whether to close a ticket or if more research is needed. It is a straightforward way to understand and take action on what happened.

We are very satisfied with Binary Defense's XDR strategy for end-to-end infrastructure security.

The only area I see for improvement with Binary Defense is their service portal. It could benefit from some enhancements.

I have been using Binary Defense MDR for a year.

We have not had any stability issues with the solution.

The support is very timely and accurate. I would rate the support as a nine out of ten.

The response times from Binary Defense have been in line with the agreed-upon statement of work. They have consistently followed through on the features and promises outlined in their quotes and statements of work.

We are pleased with our overall partnership with Binary Defense and hope to see the relationship continue to grow.

A good enterprise MDR provider, like Binary Defense, should feel like an extension of your team. Their approach makes it seamless and ensures the client feels supported, which might not be the case with other providers.

Positive

We were using Tech Mahindra as our third-party SOC before Binary Defense. We decided to switch because we moved from QRadar to Sentinel, and Binary Defense was a better fit for that transition.

The initial setup was quite straightforward. We worked with Binary Defense for the initial setup and implementation of the system. There is some maintenance required after the deployment. Ongoing updates to data collectors are needed to stay current with software versions and patches.

Binary Defense is fairly priced. I would say that Binary Defense is flexible in negotiating and tailoring a solution based on your specific needs. They can work with you to customize the MDR solution, potentially saving you money on features you may not need. They are customer-friendly and flexible in that sense.

I would advise new users to research at least three vendors to ensure they find the best fit. While Binary Defense works well for us, it might not be the ideal choice for everyone. We are satisfied with it, but it is crucial to compare it with at least two other options before making a decision.

I find Binary Defense to be less customizable. While they are flexible if we need changes, the current product we use doesn't offer much room for customization.

Binary Defense doesn't currently integrate with other tools, but they are working on it. While it is not a problem now, the fact that they are actively addressing it is reassuring.

Overall, I would rate Binary Defense MDR as a nine out of ten.

We're using it for dark web monitoring and alerting for our executive staff and our organization, and we're also utilizing them to actually manage and run our security operations center.

So far, with Binary Defense MDR, we've gotten a lot fewer false positives. And when we actually have an issue and go to them for additional analysis, we're receiving quality. They're not just kicking it back to us for us to figure out.

It has also helped reduce our security alerts by between 30 and 40 percent, due to the analysis being at a higher level. Even if there is an alert, the work that has already been done is reducing what we have to do after the fact. We get a very clear picture of what's going on and some options to remediate.

Overall, Binary Defense has been a net positive on our security posture. And even though we're still working through tuning, on the whole, it has helped reduce many tasks for us, things that we no longer have to directly manage. The amount of time they save us is hard to quantify, as it depends on what is going on, but I would estimate it at 20 to 30 percent.

The biggest aspect for us is that they are able to conform to our environment and utilize our tools. That way, we still maintain ownership of all the data and access to the applications, and we never lose control of the ability to run the solution ourselves if we need to.

They're also very flexible in terms of what they're willing to bring to the table as well as having their own solutions that they provide if you don't have anything that you're using yourself. In terms of threat intelligence, as we make recommendations and suggestions to them for modifications to the reports so that they work better in our environment, they're working on putting them into place. And they're giving us feedback on what they can and can't do, meaning they're being very transparent. 

Binary Defense has also been great, so far, with integrating all the different things that we're trying to put together. They're also even helping guide us regarding some other tools that we're looking to implement. And those tools will have additional integrations into our main SIEM platform that we're using.

They definitely have the knowledge and the insight to accomplish an open XDR strategy for securing infrastructure. With some of their own agents and tools that they are able to deploy into the environment, they're able to determine what's happening and put into effect the kill chain at the earliest possible point to help protect the overall network.

It's sometimes difficult to know when to engage Binary Defense or TrustedSec, their sister company. TrustedSec is more focused on offensive security, as opposed to the defensive security that the MDR solution provides. It would be awesome if there were a better bridge between that relationship for when we need to get more proactive services or when we need to do a penetration test. If that entire account team was managed together, that might make it a little bit easier. It's because they are two separate companies that there's any difficulty whatsoever.

I've been using Binary Defense MDR for about six months, including their threat intelligence group.

The stability is a 10 out of 10.

The scalability is a nine out of 10. The service is protecting over 1,800 systems and users.

The tech support is fine. They are responsive and have been able to address the issues that we had.

Positive

We used Quadrant Security as an MDR/SOC provider. We're currently in the process of migrating away from them.

We switched because we had too many false alerts. Also, when we would ask for more detail or analysis to be conducted on an alert, it was sent back to us with no additional information. When we had incidents that we needed to investigate, they would have to reload data into their logging solution, which led to delays and frustration in trying to get the information that we needed to be able to act on an incident.

It's a managed service provider model. They utilize our tool sets to handle all of the work for us.

The initial deployment was only as complex as we made it. From their side, it was very straightforward. They have been very clear on what they need from us. And when we have questions, they are responsive and help us address them.

Maintenance on our side is minimal. It's mostly a matter of providing them with more data for the various systems that they're watching.

We worked with Binary Defense to implement the system and that experience has been very positive. From our side, about four people were involved, and on their side, the number of people involved that I'm aware of was six.

We haven't seen ROI yet, but only because of the cost that we're still incurring to keep the other solution in place. From a time perspective, we've seen a return on investment, but not yet from a financial perspective. We should see that change in the next couple of months.

The pricing isn't that bad, it's very competitive. I don't feel that it's over-priced and I don't feel that it's under-priced.

I have regular meetings with their sales team about any offerings that might benefit us. But if nothing is going on, they don't bother me.

We looked at Arctic Wolf, CrowdStrike, and a few others. The big issue that we faced was that everybody wanted us to use their tools, while we really wanted to have complete control of our data so that in the event that it wasn't working out with the solution provider, we would still be able to maintain our data and find somebody else to manage it for us.

Binary Defense is also very reactive and timely when it comes to response times. If an alert fires, they perform an analysis very quickly and come to a conclusion about whether to escalate or not very, very quickly.

If you're looking at purchasing Binary Defense but concerned about the cost, my advice would be to consider the fact that the leadership at Binary Defense is committed to making sure that the teams that are working on all of their accounts are well-trained and that they understand the fundamental principles of the task at hand. They continue to invest in their teams to make sure that their product is more the team, rather than just the tooling that is used by the teams. You're not really purchasing a tool as much as you're purchasing a real security team.

Reach out to Binary Defense and explain what you're trying to solve. And, if you have a toolset in mind, let them know what you're coming to the table with. And if you want to change that, Binary Defense will help you do it. They'll also provide you with recommendations on other directions that you could go. Go in with an open mind and explain what your use cases are and they'll be more than happy to help create a solution.

We're still at the stage of getting our own tooling into a better place, but everything that we've dealt with them on has been very transparent and reactive. They come to us with suggestions for how we can do things better. We're still early enough in the relationship that everything is proactive. We're getting what we're looking for and the help that we need.

I really struggle to come up with something where they could do better. They're doing really well for everything that they're doing for us. I would typically have a list of issues with a given vendor, but I don't really have that list with Binary Defense. They've been extremely responsive and supportive in helping us build what we're trying to build. This has been one of the better vendor engagements that I've ever had. They even went out and partnered with our SIEM solution so they could get better access to and understanding of the product.

The Binary Defense MDR agent is deployed to all our endpoints. They monitor our environment and contact us if anything unusual happens. We haven't had anything yet, but the extra layer of protection helps everyone, especially me, sleep at night knowing that they're checking in 24/7.

We already have Microsoft security, which does a great job, but Binary Defense provides an additional layer of protection. I like having a third party in case something happens. I can use it as a framework to base my other decisions on. I can see how others reacted when hit with the same attack so that I can do the same thing. 

We're in a transitional period where we're trying to keep all our Apple devices protected. Some are covered by 365, but it doesn't work quite well. We can install the Binary Defense agent on an Apple device to take our time getting Defender for Endpoint to work with Apple. It isn't as secure as Windows, but having two solutions on there makes me feel more secure. 

I still have security alerts from 365 that I need to check daily, so I can compare two layers to see what's happening. It gives me a broader perspective of what's hitting us.

It hasn't reduced our workload, but I feel more confident that it's reporting on any kinds of breaches or threats in our environment. It helps confirm and reinforce what I think I should be doing. It saves me some time. If I notice a threat or something that doesn't seem quite right, I can check the results from 365 against Binary Defense. I save a few hours per week. 

Binary Defense's most valuable feature is the 24/7 monitoring and threat hunting. Their team checks the latest breaches and how they're done. The MDR team contains all their clients' accounts for this type of behavior. 

Their interface is customizable, but I don't need to tweak it much because it's already fairly intuitive. The dashboard shows all of our endpoints and threat hunting. You can see the false positives on the dashboard, showing the systems getting hit the most. Everything the solution protects is there so I can check everything in about 10 minutes. 

Integrating Binary Defense doesn't cause a noticeable slowdown in performance. It doesn't interfere with any programs that I've seen so far. Our environment is cloud-based, so no local servers are involved in our everyday endpoint activity. A few servers are in the stadium, and we put agents on them to monitor them. It works great. Binary Defense doesn't interfere with any of it.

I would like to get more reports from Binary Defense about what they're blocking. It would be nice to get something like a newsletter about the big threats they're seeing every week or month, so I don't have to search for newsletters. I can never have too many frames of reference to compare.

I have used Binary Defense for a couple of years. 

They seem to be stable to me.

Binary Defense can scale up if you buy the licenses. I bought so many endpoints, and then I just deploy them out, and I can always buy more. I could probably do thousands of endpoints, but we're relatively conservative. I only have about 180 employees, nearly 80 of which are part-time. I only need licenses for around 100 full-time employees and 10-15 servers.

I rate Binary Defense's customer service a nine out of ten. They respond pretty quickly when I open a ticket or ask a question. I don't expect an instantaneous response. Their service is great. I have no complaints. We recently renewed our support contract. I try to handle issues myself unless I don't know something, but I needed them to check a few things for me. 

Positive

The company didn't have anything similar to Binary Defense before they installed it. It's a startup that has been around since 2015. They only had 30 employees when I started here in 2020, and the 365 environment wasn't set up. They had no protection. While I was getting the 365 environment up to par, they had a third-party cybersecurity provider called TrustedSec on retainer in case we got breached. 

When I joined the company, 365 was deployed but wasn't set up correctly. I had to finish setting it. I had to switch licensing and finish setting it all up. There was nothing before. After configuring Microsoft's endpoint protection, we purchased Binary Defense about six months later. I've been tweaking the settings ever since. 

Binary Defense is deployed to Azure Active Directory in the cloud. Our stadium is a separate entity that we connect to when we're on-site. It isn't a hybrid environment. It's a cloud environment with one Tenant.

It doesn't require much maintenance. I deploy the agent and update the app periodically. I can opt to update automatically. When a new laptop is brought in, I have 365 configured to load Binary Defense automatically. I can also do it through the Binary Defense interface.

We had a couple of breaches when we didn't have endpoint security, but we haven't had any since we installed Binary Defense. The attackers thankfully didn't get any data in the last breach. They were trying to get money and failed because we did not have that, so they wasted their time. 

If we had Binary Defense, it would have blocked the user from going to a bogus site. They didn't have Microsoft 365 or any other endpoint protection on it. That is a huge problem we're correcting now. Anyone with a company device has Microsoft endpoint protection and Binary Defense. I estimate that addressing that breach cost us about 96 hours. If we had protection in place, we would've saved a lot of time. 

Binary Defense is fairly priced, and it's an excellent value. Our cybersecurity adviser recommended them, and having a second layer of security is worth the money. I use the information they provide every day. You have to compare the cost with what Binary Defense does. You can't put a price on security. A breach could cost you millions, depending on the size of your company. 

I rate Binary Defense MDR a nine out of ten. I like the product. It's easy to use, and it works. It's an extension of the team. It helps me save time and makes me feel more secure. It's well worth the money. You can't skimp on security if you want to keep your environment protected.

If you plan to implement Binary Defense, you need to know how many endpoints you have so you can get the correct licensing. You should know how many endpoints use Windows, Linux, Apple, etc. I think they have an agent for iOS systems too. You will learn how many licenses you need if you have an accurate inventory of your endpoints. They can help you estimate how many, but it's faster if you have that information ready. 

We use Binary Defense MDR as a third-party managed malware protection service. It has visibility into all of our company's devices, and it can automatically report malware events.

Binary Defense has a cloud dashboard, but each of our network devices also has a piece of software that needs to be deployed. We can deploy this software using an executable file or through group policy. Each deployment takes about two or three minutes, so it is a relatively quick process.

The solution is highly customizable, with a variety of options for deployment and reporting. For deployment, there are a few different options, including on-premises, cloud-based, and hybrid deployment. For reporting, there are also a variety of options, including a dashboard, email reports, and more.

Binary Defense MDR has excellent integration with other applications and tools. We have not experienced any compatibility issues with our many different operating systems and custom software. Binary Defense MDR seamlessly integrated with all of our systems and provided us with accurate and timely reporting.

Binary Defense MDR's Open XDR strategy is a great way to secure our infrastructure from end to end. It allows us to detect and remediate threats without having to do much work ourselves. In the past, we had to manually check and update our security software. Now, Binary Defense takes care of all of that for us. We can simply check reports and dashboards to make sure everything is running smoothly.

The biggest benefit of Binary Defense MDR is that it has freed up my time. As a one-man IT department, I have a lot on my plate. MDR takes care of a lot of the day-to-day security tasks, so I can focus on other things. This has been a huge relief, and it has allowed me to be more productive.

The number of security alerts has not changed, but I am now more confident in the security system, so I don't check them as often.

Binary Defense greatly improved its handling of our organization's security posture. We conducted a cybersecurity audit and went through a cyber insurance process. These measures were a significant part of improving our insurability and overall security score. As a result, we are now better protected from cyberattacks.

Binary Defense MDR helped our IT team save approximately three hours per week.

Binary Defense has a human service department that provides live monitoring for our systems. This is probably the most valuable aspect of their service, as it gives us peace of mind knowing that there are people actively watching over our systems and keeping them protected.

It would be helpful to have more personal interaction with Binary Defense. Currently, we rely on the system to run in the background and only speak with our security account manager quarterly. I would like to see more frequent check-ins with our security status.

I have been using Binary Defense MDR for one year.

Binary Defense MDR is stable and reliable in my experience. I have never experienced any downtime or unavailability of the service. Alerts have been consistent and timely.

We do not have much experience with the scalability of this solution. While they do offer other products, we are primarily focused on managed detection and response and security specialist services. As such, we have not yet had the need to scale.

We have three physical locations, and our Salesforce team is spread out across the country. Our company has 80 employees who use Binary Defense MDR.

We previously used traditional antivirus solutions but switched to Binary Defense MDR because it was competitively priced and had a good reputation. Binary Defense is a local company to us in Ohio, and we had heard positive things about them from a former company of mine. We decided to switch to Binary Defense MDR based on a combination of factors, including price, reputation, and local ties.

The initial setup is straightforward. We deployed Binary Defense's end-user software to all of our machines, including our computers and servers. We have a number of IUI group policies, which allow us to distribute software to certain machines at once. We also have remote users, who we can connect to and install the software on their computers. This process takes only two or three minutes. Once the software is installed, it is reported to Binary Defense's security center, where it is monitored immediately. The entire process is very seamless.

A total of five people were involved in the deployment. In addition to myself, there were four people from Binary Defense: an account manager, a security specialist, a software engineer, and a trainer.

The implementation was completed with the assistance of Binary Defense. The software was quick to install, so most of the experience was spent training on Binary Defense's process for responding to alarms and alerts. This included what would happen if they detected malware, who our contact people were at different times of day, and the kind of reports we would receive. In essence, it was an introduction to their overall security strategy. The actual software installation was a very small part of the process, as it went very quickly.

We have definitely seen a return on investment. We were able to get rid of our traditional antivirus, which saved us quite a bit on our cyber insurance. We qualified for a lower rate because we had a higher security posture using Binary Defense MDR. It's also saving me hours per week. So, in the end, we have a better, more secure environment for roughly the same cost.

Binary Defense MDR is priced competitively and may be slightly lower than CrowdStrike.

I give Binary Defense MDR a ten out of ten.

Binary Defense MDR is a worthwhile investment for small IT departments, especially for those with limited resources. Larger departments may have a different evaluation process, but for small departments, the benefits are clear.

Binary Defense MDR automatically updates and has not required any maintenance from our team.

Our partnership with Binary Defense has been positive so far. We have not had any security threats, so I cannot yet evaluate their response to a security incident. However, the reporting and accessibility through the dashboard have been excellent. I have a granular view of all activities on our network, which has been very helpful.

People who don't feel that their current MDR provider is an extension of their team would be happy with Binary Defense MDR. It's a security solution that can be used to offload IT security tasks. For companies with dedicated security professionals, Binary Defense MDR would be a great tool. And even if they don't have dedicated security professionals, Binary Defense MDR would still be a great addition to their security team.

Organizations evaluating Binary Defense MDR should be familiar with using group policy tools to deploy the solution rapidly. This can save a significant amount of time compared to installing the solution one endpoint at a time. The size of the organization will affect the amount of time it takes to deploy the solution, as larger organizations will have more endpoints. Overall, using group policy to deploy Binary Defense MDR is a standard practice in IT.

We use Binary Defense MDR to monitor our security alerts and network traffic continuously. The solution provides a monitoring service that includes initial triage of alerts and escalation to my team for further action.

Binary Defense MDR is willing to customize its services to meet its customers' needs. Although they have standard service level agreements and escalation pathways, they are flexible and open to adopting solutions or practices that work better for their customers. They are committed to working closely with their customers and customizing their services to ensure their satisfaction.

Binary Defense MDR has improved our visibility through the implementation of some best practices in tuning and helping us establish our security solutions. These areas have provided the most benefit for us.

Binary Defense MDR has assisted us in decreasing the number of security alerts we receive. This has been achieved through the tuning aspect, where a significant amount of noise is generated, and they continuously collaborate with my team to reduce this noise, enabling us to concentrate on the critical components.

Binary Defense MDR has enhanced our security posture in terms of visibility and detection. The improvement is a result of the combination of their service and the technology implemented by my team. As a result of this project, we have significantly increased our ability to detect and respond to threats. Overall, the project and the service have minimized our threat landscape and enhanced our security posture.

Initially, there was a lot of noise and not much value in the alerts we received. We worked closely with Binary Defense to improve the process and specify our requirements. Through this partnership, they have improved their processes and quality checks to provide a better service. In the beginning, the influx of false positives increased my team's workload, but we worked to reduce the noise and focus only on what mattered. This took time, but overall, there have been improvements in reducing the additional workload for my team. However, we still want to be alerted when additional work is needed. Binary Defense's initial triaging has eliminated the need for my team to analyze every single alarm and alert.

One of Binary Defense MDR's main benefits is the ability to easily meet with their support team to discuss any issues we encounter. The team works with us to develop a plan to mitigate the issue and then implements a solution going forward to resolve it. Their responsiveness and willingness to adapt to our needs as a customer has been the greatest benefit.

Historically, Binary Defense MDR did not have a strong ability to integrate with other applications or solutions. However, they are currently undergoing a transformation driven by previous issues, where there was a need for capabilities to streamline operations. As a result, they are in the process of implementing additional solutions that will enable integrations with other platforms and applications.

The current reporting system could benefit from improvement. It would be helpful to have regular reports that provide value and clearly demonstrate the team's accomplishments over the past month. This should include information on resolved issues, metrics, and any additional details that highlight the team's contributions.

I have been using Binary Defense MDR for six months.

Binary Defense MDR is a stable solution with a commitment to ongoing improvement. Without their continued efforts to get better and implement changes based on our feedback, this review would be quite different. The organization has also brought in a new leadership team, which has brought fresh ideas and a clear vision for improvement. This partnership, combined with the leadership team's efforts, has led to increased stability and sustainability for the company.

Binary Defense MDR is scalable. 

The Binary Defense support team is a great team to collaborate with. They hold regular meetings with the project team, offer suggestions, and establish rules within the system. Once completed, they transfer these responsibilities to their production team that handles MDR services in a steady-state manner.

I changed to a specialized provider from our previous solution. I aimed to look for a smaller organization that I could potentially partner with more effectively. Large companies often treat their clients as just another component of their operations. Therefore, I sought a smaller niche firm to work with closely and create something together, resulting in a better relationship and improved work outcomes. Consequently, we decided to partner with Binary Defense.

The setup process is complicated. I am uncertain whether this is due to our own internal issues, or if it is partly a result of my environment and our own processes. While it was easy to initially set up the platform, the integration, and tuning required a significant amount of time. The deployment also took a lot of time, and it took us around six to eight months to achieve a steady state where we were satisfied with everything. Fifteen to twenty people were required for the deployment.

The implementation was completed by Binary Defense's professional services.

The primary return on investment has been in risk reduction, which has allowed us to gain better visibility of our environment. We can now identify our biggest threats and tailor our defense strategies to protect against them. This also helps when communicating with regulatory commissions and government entities, as we can demonstrate our 24/7 monitoring capability and provide additional assurance. Risk reduction and improved communication with stakeholders are our two most significant ROIs.

Binary Defense has changed its pricing model from being primarily based on the volume of data to one based on escalations and incidents they handle. This change is positive because it encourages clients to provide as much data as possible to assist the Binary Defense team in triaging and identifying true positives. However, they also aim to keep costs within a set parameter. This allows for better management of costs and higher accuracy in detecting true positives while minimizing false alerts.

I give Binary Defense MDR a seven out of ten.

For someone who wants to purchase a managed detection response solution but is concerned about the cost, I would like to understand the primary concern, whether it's related solely to cost or to the cost model. Depending on the company and its requirements, the reason for cost concerns can vary greatly. If the concern is cost, I may not have much to say. However, if I ask questions to better understand their concerns and where they should focus their security monitoring, perhaps they can reduce the volume they send and focus on a smaller solution, such as an EDR, instead of sending their firewall logs.

The maintenance is performed by either Binary Defense or their technology provider.

Binary Defense MDR has demonstrated a willingness to invest in our relationship to the same extent as we do. As a result of our ongoing collaboration, they have reciprocated our efforts. Although having a third party as an extension of our team can be challenging, we believe that frequent communication and nurturing this partnership will lead to better outcomes. Our experience with Binary Defense has been positive overall.

To evaluate the solution, individuals should consider running a proof of value or a proof of concept, if possible. It would be beneficial to have Binary Defense demonstrate the value and services they can offer to gain an understanding of the type of service provided by their MDR solution.

We rely on Binary Defense MDR to protect our servers and employee computers from malware. It keeps a constant watch and lets us know quickly if there is any suspicious activity.

I like Binary Defense MDR's customizability. They have been great with technical support, customer service, and our account managers. Always happy with their overall support. 

Using Binary Defense has brought our organization more peace of mind and excellent security. 

Fortunately, we haven't faced major cybersecurity issues, but I trust that if we did, Binary Defense would catch them before things got out of hand. It has significantly improved our security posture compared to before we had them and it has greatly reduced my IT team's workload. 

It also saves me time, at least an hour a day or more.

I love our partnership with Binary Defense. Bringing it to the board has made my life much easier and provides me with significant peace of mind. If you don't see your enterprise MDR provider as an extension of your team, you probably have a strong team. However, Binary Defense is so focused on security that they are top-notch in our view. They are a trusted partner for us.

The best part about Binary Defense MDR is that it runs on everything, and they keep an eye on things 24/7. As a one-man IT security team, I can't handle it all alone. Knowing we have a solid product and a reliable partner watching over everything allows me to sleep soundly at night.

In terms of improvement, Binary Defense MDR could be even better with additional features, like automatic scans and file quarantine.

I have been using Binary Defense MDR for almost four years.

I haven't experienced any issues with stability. There is no lagging, crashing, or downtime. Everything runs smoothly.

It is highly scalable.

The technical support is very quick and helpful. I would rate them as a nine out of ten.

Positive

Before Binary Defense, we used Webroot antivirus. We switched because Webroot missed a serious security incident. After a demo and comparing it with other options, I found Binary Defense to be the best all-around solution.

The initial setup was straightforward and it took about a week to deploy the solution. I worked with the Binary Defense team for guidance, but I handled the actual implementation myself. It was straightforward, and I had helpful interactions, including discussions with their head of software development.

Binary Defense's pricing and licensing are standard compared to others offering similar products. I would say it is worth the cost because it significantly improves your security and can save you more in the long run by preventing major cybersecurity incidents.

Binary Defense hasn't necessarily reduced the number of security alerts, but the fact that they handle it means I don't have to sift through them. Most of the time, they spot serious issues, saving me a lot of time and providing a sense of security. It has been great. I would say Binary Defense is at the top in terms of response times. As soon as something happens, I'm hearing about it. 

My advice to others is that if you choose Binary Defense, you will be in good hands. They are thorough, attentive, and always ready to help. Overall, I would rate Binary Defense MDR as a nine out of ten.