We use Field Effect Covalence as our endpoint detection and response solution. We use the solution on our desktops to provide an additional layer of security.
We wanted to detect deviations from baseline behavior on our endpoints and provide an additional layer of security beyond our antivirus protection. We also wanted to enhance our security posture for Office 365 on-premises and in the cloud.
Covalence has different levels of behavior. At the lowest level, it alerts us to potential problems. At the next level, it makes recommendations and allows us to take immediate action. At the highest level, it takes automated actions and escalates issues to the Covalence team. We can reach out to the Covalence team for their input and experience on threats in our environment. It's like having an extension of our team that we can draw on for expertise.
Managing Covalence is extremely simple. We use the web portal to manage all aspects of the solution.
Covalence provides a single cybersecurity solution that proactively protects all our threat services as part of our layered security approach. Covalence provides a strong defense package which is part of that multilayered suite of protections.
Covalence saves our organization time by constantly monitoring for threats in the environment, deviations from baseline behaviors, and threats in the cloud against our Office 365 landscape. It generates action responses that are sent to the team. We no longer have to actively monitor for those threats. Covalence monitors them for us. We have replaced one full-time employee's time with Covalence.
Covalence not only identifies threats, but it offers remediation advice as well.
Focusing on the threats that are relevant to us and the threats that actually matter in our environment, allows us to target the resources that we have to address specific issues and threats.
Covalence in the context of the recommendations that it makes gives us additional information that we can use. They have made a positive impact on the security posture by allowing us to close additional gaps and strengthen our security posture.
The solution's advanced detection behaviors, automated notifications and responses, and automated remediation behaviors are valuable features.
The tagging of ARO closure has room for improvement. Covalence needs different categorizations for closing AROs.
I have been using Field Effect Covalence for nearly two years.
Field Effect Covalence is extremely stable.
Field Effect Covalence is scalable. We have had no issues scaling in our environment.
The technical support is excellent and extremely responsive.
Positive
The deployment was straightforward. Post evaluation, we rolled Covalence out on mass to all endpoints within our environment. One person was required for the deployment.
The implementation was completed in-house.
Covalence has provided a return on investment by actively intercepting two incidents that would have had a significant financial impact on our organization if allowed to play out.
Covalence is cost-effective.
We evaluated a range of different products and found that Covalence provided us with the best suite of tools, giving us the functionality and visibility we were looking for.
I would rate Field Effect Covalence nine out of ten.
Our environment is a Windows environment, and there are approximately 300 endpoints.
People should consider Field Effect Covalence, which is a robust, scalable, and dependable solution that is certainly worth reviewing. Talk to some users who are currently using Covalence to get their feedback.
Covalence is an enterprise-level solution that is both functionally rich and cost-effective.
I'm a Field Effect reseller, and my clients use Covalence as an affordable fabric security solution.
Covalence cuts down on the number of cybersecurity solutions you need because Field Effect is rigid. They're like, "It's all us or nothing." It's their Microsoft 365. They won't let you use your own EDR. It's all under one umbrella. They consolidate all the products into one service, which can be good and bad. It's good because you don't have to think about anything. It's bad because some larger organizations might want their own EDR products or endpoint security. Sometimes, it works; sometimes, it does not.
Covalence's cloud protection element has been excellent. A lot of organizations are using 365. It's hard to find a secure solution for protecting accounts. We've gone down the path of trying to utilize other security solutions for that particular area. We've been disappointed and always come back to trying to implement Covalence when we can so we know people are safe.
The solution's expert monitoring is huge. Things happen when you sleep, so it's a big comfort knowing that people are watching who have the autonomy to act on things. It's a great augmentation to our own staff. Managing Covalence isn't that hard, but it notifies you of a lot of issues, and the vulnerability management aspect requires a lot of upkeep. It's challenging to keep everything 100 percent patched and stay on top of the vulnerabilities that they detect, but it's necessary.
Some things are actions, some are recommendations, and some are observations. You are presented with these things, and you get some insight about the level of severity and whether or not it's something you need to jump on right away. It helps you prioritize the critical things by telling you an action that you must deal with immediately.
Covalence should provide a live view of the endpoint because the endpoint view in the portal is 5 to 15 minutes behind the actual status of the endpoint and its vulnerabilities. When it doesn't update with the actual status, it makes managing those things harder because sometimes something gets updated, and one of those vulnerabilities has gone away, but that doesn't appear in the ARO. The ARO information becomes outdated. There should be more alignment between the actual view, the endpoint view, and the ARO list. It also lacks email security, so you have to implement other things. They cover a lot but not everything.
I have used Covalence for a little over two years now.
Performance and stability aren't issues. It doesn't really slow anything down.
Covalence scales from small to large. That's not an issue.
I rate Field Effect's support nine out of 10. The response could be better. Their expertise is always excellent. When things come up, it's great to be able to plug into their team. They have a lot of expertise available to us that they share. We work together to get issues resolved, or they will mitigate the problems as soon as things are detected. They've never let us down. There were some bumps in the road in the beginning, but they seem to have passed.
Positive
There weren't many options when we were looking to buy. I wasn't using anything equivalent in the past because it was just starting to get ramped up and things were starting to get back from the cybersecurity perspective. There were only large enterprise business solutions to choose from. There weren't options that fit into the SMB space. We were looking for something, came across Covalence, and gave it a try and it's worked out.
Everything is hard when you first do it, but now deploying Covalence isn't a big deal. The deployment time depends on the size of the user base. There are just a couple of steps. The cloud part isn't difficult. Next, you deploy the endpoints. You may need to remove what's already there. It's all dictated by the number of users and systems. You must track down all those systems and ensure everybody gets that endpoint software. After deployment, it doesn't require a lot of maintenance. It's self-updating.
The pricing isn't sized, so Field Effect doesn't make it easy for anything under 25 users. I'm not crazy about that.
I rate Field Effect Covalence nine out of 10. Many people out there try to do it themselves. They'll try to use a freeware or open-source solution to build their own thing. I see this in my industry a lot. People try to maximize profits by finding the most inexpensive solutions out there and combining them all under one solution.
However, at the end of the day, your team has to monitor them 24/7. If you're not, what's the point? It doesn't work. Trying to talk somebody out of building a better mouse trap is always hard.
I am with an IT MSP or IT Managed Services Provider. We have clients who allow us to provide their IT services. We provide services for desktop support and all the way up to network administration, technical projects, and so forth.
We use Field Effect MDR for our clients as well as for ourselves, so we use it internally as well as resell it to our IT MSP clients.
Field Effect MDR is backed by experts who are constantly monitoring for attacks and risks. It is extremely important and relevant to us. Field Effect or at least the core team, comes out of offensive security with nation/state actions. That is very practical knowledge. Being able to take that and understand both from the offensive side and the defensive side is valuable. Knowing how to counter those offensive acts and how to anticipate them puts them in a great spot to understand the cyber landscape. We are able to stay on top of trends within that cyber landscape. Because they have intelligent sources or habits that they have developed from their history, it is very effective. We have a lot of trust in the leadership of Field Effect, the line managers, the SOC in charge, the forensic teams, and the incident response teams. We have very high confidence that our interests are highly regarded by them, and they are trying to protect our business, our interests, and our clients. They are also able to steer us in great directions.
Even though they have such deep industry experience, they are willing to collaborate and listen. This is something that I would not have expected from a team like Field Effect. On the partnership side, we have used other top-tier EDR or MDR products. The products are great, but the partnerships in some cases have been just average. In some cases, they have been antagonistic, so from Field Effect, I was not expecting much, particularly having learned about their background. However, when we got working with them, it was just a revelation of how open they were to our situation and our particular needs, which are very different from their own priorities. They have been willing to work with us within reason. They have a development roadmap that they have to follow, but whenever we needed critical things to make Field Effect MDR a part of our core business and a successful part of our core business, they were very willing to listen. In many cases, they also acted on the requests. It has been a fantastic and very effective partnership.
We use its tagging of security threats as actions, recommendations, or observations. It is critical. We have used a lot of platforms, We have used the second-tier ones and also the top-tier ones in Magic Quadrant. The main issue with all of those platforms is noise. How do you improve the signal-to-noise ratio so that you are not spending a lot of your senior security analyst's time triaging non-actionable tickets, events, or alerts and they can focus on those truly actionable things that might require some level of direct incident response? With other platforms, including other top-tier platforms such as SentinelOne or CrowdStrike, we would get a lot of false positive notifications, and cutting through the noise was difficult. With Field Effect, because they use the ARO system of actions, recommendations, and observations, they have severity levels within each of those bands. I am not sure, but I believe there are five bands between each of those. We use a system called ConnectWise PSA as our ticketing system, so we are able to insert workflow rules and other automation assistance so that we can do some pre-filtering of the alerts to make sure that we direct all the high-priority notifications to our SOC team. We can either auto-close lower priority or lower severity notifications because they are non-actionable or are more informative, or we can funnel them to our regular help desk. A notification about your web browser being out of date does not need to go to the SOC. That can go to the regular service team to help walk the client through an update or do the update for them and things like that, so AROs are critical. It definitely allows us to maximize our limited and expensive resources so that we are focused on truly actionable things and not waste time on false positives.
As of now, Field Effect MDR gives us a single cybersecurity product that proactively protects all our threat surfaces, but who knows what may happen in the future. Field Effect MDR is holistic. With this one product, you get the host-based stuff. You get the network appliance. You get cloud monitoring. You get the DNS firewall. It is a much simpler product to handle from a billing perspective. From an account management perspective, the full version of Field Effect MDR is effective and easy to manage. They also have other versions, but the full product version is a one-stop shop. There is an add-on that they have probably introduced over the last year or maybe six months. It is for cloud retention. Field Effect MDR in many aspects is a SIEM, but they have not exposed all the traditional capabilities of SIEM, namely the dashboarding side or the user-facing side. It also lacked the ability for a SIEM to be a generic log aggregator or a log ingestion sync of any source of log data. They have now added that capability where you can add on log retention services if you need it for compliance or insurance or just your own digital forensics requirements. By default, it retains its own telemetry for 90 days, but if an organization wants to retain logs for 360 days or longer for compliance and data retention, they have a service for that. That is an add-on, but the core platform with its 90-day retention is usually acceptable to the majority of our clients.
Field Effect MDR most certainly helps our security team save time. It does that passively via ARO classification. The Field Effect SOC is doing its job through machine learning, human analysts, and other heuristics to make sure that events are categorized as best as they can. We can leverage their deep experience, which makes it much easier for my team. When we get an alert via Field Effect MDR, it is already packaged as an action, a recommendation, or an observation. When we get an action of medium or higher severity, that automatically goes to my company's SOC for some triaging and analysis to determine whether we need to spin up an incident response or what the proper response is to that notification. Lower-scored items, such as observations, recommendations, and low severity or priority actions, go to a SOC coordination team, which will also do some less technical triage to classify them, or it will be handled by some of our automations. The fact that AROs are being so effectively and correctly targeted allows us to focus our most senior, most expensive, and most skilled resources on things that actually matter.
We also gain efficiencies because the Field Effect SOC is collaborative. We do not just get an ARO. We are also able to initiate communication. If we have an action or event that we want to follow up on, be it an action, recommendation, or observation, we can request help. If my company SOC needs some guidance because we are not quite sure, or it is on the bubble of being actionable versus non-actionable and we want a second opinion before we close a ticket or spin up an incident for the response team, we can request help from the Field Effect SOC. They collaborate with us and explain the logic behind why they classified something like this. They listen to our points, perspectives, and considerations. They work with us to figure out whether it is something that we need to worry about, or it is something that we can defer or ignore. That is extremely helpful. With some of our other partnerships on technology products, including security products, it has been very difficult to get this level of effective collaboration from the vendor. That has been fantastic. That has allowed us to accelerate our plans. Initially, we were thinking about using Field Effect MDR only for certain clients who have purchased a higher tier or premium security service, like an MSSP service specific to security and compliance. However, given how scalable Field Effect MDR is through those efficiencies built into the platform, into their classification system of events, and indirect staff augmentation via their Field Effect SOC, we have now made Field Effect MDR the standard security platform for all of our clients, even the ones who are only on core IT support plans.
Field Effect MDR informs us of the threats that matter and how to address them. AROs are very detailed. A lot of security platforms provide that detail, so I do not know if that is especially unique in the Field Effect's case, but it is certainly effective. AROs are very well-detailed, and they describe which event triggered the alert. They explain why it is of interest but not an actual problem. They also detail the steps to remediate, mitigate, or dismiss a particular alert. They are very effective from that perspective.
They also provide us with bulletins. We have been lucky so far. None of our clients have been subject to any sort of rising threat. However, we would not necessarily know about it unless we are paying attention to security forms and other information sources. Field Effect is one of those sources. When they start to see a negative trend, they alert their community. As a channel partner of Field Effect, we get alerts, warnings, or notifications on those emerging threats. We can then alert our SOC and pay attention to some of the indicators of compromise that might not be flourishing into a full attack but are indicative of attack precursors. Those advanced alerts of emerging threats are key. Field Effect is attempting to keep us informed as a channel partner. I do not know how true that would be for a direct customer of Field Effect.
As a channel partner, we also get visibility into their development roadmap. We have influence over that roadmap. Understanding what is coming down the line in terms of feature enhancements, feature improvements, new features, new capabilities, and new services is great for us. We are a decently sized IT MSP with a growing set of MSSP services. We cannot always turn on a dime, so advanced notice, particularly in terms of forthcoming items, is very key. It allows us to help make sure that our various teams—technical teams on the SOC or the service delivery side, client-facing teams such as our account management teams, our VCIOs, our VCSOs, and marketing team—are working in a highly synchronized or collaborative manner. They can make our new services and offerings as successful as possible with minimal friction in our particular marketplace.
It is hard to take them in isolation. It is a security product, so it is all about defense and depth. You cannot be monolithic, so you have to be holistic, and that is what Field Effect MDR is. It starts with their host-based agents, their EDR agents, which are very capable, but those are bolstered by network compliance, which does network intrusion detection. We are getting visibility over the network, not just for those hosts that have a Field Effect EDR agent but also things like the Internet of Things, guest networks, or rogue devices. We definitely have visibility into all network traffic, which is very cool. They also provide a DNS firewall, so that is pretty key. These days, with zero trust, you have to assume a breach at some point. It is sad but true. Even folks like CrowdStrike, who are not necessarily getting compromised, are falling victim to their own internal processes, so having multiple layers of protection is certainly beneficial. With a DNS firewall, even if something were to go haywire, such as an intruder breaches the perimeter and gets onto an endpoint, or somehow the endpoint itself fails to be effective, we still have the ability to block those command and control hubs. That is pretty key.
Cloud monitoring is another thing that we found valuable in addition to host endpoint protection. We also have cloud monitoring in addition to the host-based agent, the secure DNS, the network intrusion detection, and the network compliance that sits on-prem monitoring all traffic. We are able to ingest all the events for all the top services, such as Microsoft 365, GCP, AWS, Dropbox, Salesforce, and ServiceNow, and make sure that we are looking at the entire distributed footprint of an organization and not just a particular endpoint or a particular office, so it is very comprehensive.
On top of all of that telemetry being captured, we have the Field Effect security operation center. Their SOC analysts are awesome. They are very flexible in terms of particular rules, which might change from organization to organization. They are able to take those particular provisioning or service definitions and still remain very responsive and according to our service level agreements. We found their SOC to be incredibly engaging. That is on the service delivery side.
We are a channel partner of Field Effect. We deal with a lot of products, but Field Effect has certainly distinguished itself as being a stellar partner. They are not just providing us with fantastic products, which are highly effective, they are also helping us. They are helping our clients. Their partner team or their marketing team helps us with go-to-market activities. It has been a fantastic relationship.
The interface is perhaps the weakest part of the entire platform, and that does not mean that it is deficient. It is just not as optimized and as efficient as other aspects of the platform. Given their background of coming from the offensive security side of things, understanding how attackers are going to operate, and having played that role in their previous careers, they have built a great platform that understands what to look for. Their threat detection, rules, and their correlation engine are amazing. They have very high accuracy. That is built throughout the platform. From the technology side, because of their experience, they know what to prioritize in terms of their development roadmap, so they get the best features out as quickly as possible, which is fantastic. There is comfort in knowing that our protected environments will be well safeguarded by the entire platform, including their security operation center.
The weak point, particularly as an MSP, because we have multiple IT clients, is that we need a multi-tenant type of interface. We need a single pane of glass that allows us to manage all of our clients, including our own tenant for our own internal use. Their web console has seen some development over the past couple of years. Their focus was perhaps not as much on the user-facing side of things as it was on the core technology or the actual cyber defense side of things, so we have had some points of challenges over the past couple of years. Over the last six months, however, there have been some pretty drastic positive changes to the user interface for the web console or the web admin console. The interface is a lot better, but there are still some gaps that we would love to see getting filled. For example, we would like to be able to export all data grids to CSV so that we could bring them into some other format to do data analysis outside of the web console. That is still a bit hard to do. However, they have added so many other quality-of-life, user efficiency, and multi-tenant management features over the last six to nine months that the interface is now much better. It is a highly usable interface now.
Field Effect MDR is a compelling platform because it is not monolithic. It is distributed, and it is layered. You have the host, DNS, network, and cloud. They have something called SEAS or Suspicious Email Analysis Service, which is awesome because everyone is suspicious of emails, perhaps even multiple times per day. If you multiply that by multiple clients and the number of users per client, you can imagine the volume of tickets that we get within our company to know if it is a phishing email. Having that service from Field Effect where they ingest an email reported by an end user and do the analysis to determine whether to trigger some sort of incident response action or to ignore it because it is legitimate. Having that is amazing. Where they have a gap currently is that they have their telemetry coming from so many different areas of an organization. Field Effect MDR is basically collecting all the data that a SIEM does. I guess to the Field Effect SOC, Field Effect MDR is a SIEM, but a lot of those SIEM capabilities are not fully exposed to end customers or MSPs, such as MSSPs or MSPs like my company. It would be awesome if somewhere on the development roadmap, they continue to evolve the platform and expose more of the native SIEM functionality so that it is available to end customers and not just to the Field Effect SOC.
The UI and SIEM capabilities are two main things that I would love to see. That would make it a slam dunk. They would then cover everything. They have a holistic security defense platform. They have log retention. They have MDR capabilities. Those are massive checklist items in an organization's cyber defense footing. An organization looks for things like compliance assessments, cyber insurance, and cybercrime coverages.
I would certainly love Field Effect to continue to be very judicious in expanding its precious development resources in the pursuit of market competitiveness. I imagine their competitors seeing the success that Field Effect MDR is having with their holistic approach, so I would expect more of that from their competitors. I see them providing a one-stop-shop type of solution. It would be incumbent for Field Effect to continue driving the initiative by expanding its universe of products and services. It would be interesting to see other elements from them that lead to good cyber hygiene. As an IT MSP or MSSP, one of the big challenges for us is a simple thing like patching. We have tools where we can pretty confidently patch operating systems such as Microsoft Windows, Linux, and macOS, but we are not able to patch third-party applications with a high success rate. That is due to a host of causes, some of which are user-driven but a lot of them are platform-related. It would be awesome if Field Effect started to include features like patch management into the mix so that we could leverage the ubiquity of Field Effect MDR to tackle one of our highest service delivery challenges. We are already using some third-party application patching tools, but even with multiple of them in play, we are far below our desired success rate for monthly application updates. I would love to have another layer to that mix to help improve our patch compliance rate.
I have recently been exposed to an application allowlisting platform. It is very capable, and it is solving some specific needs, particularly for companies that are trying to maximize their cyber insurance spend. If you have application allowlisting deployed, some site insurers are willing to provide more coverage or reduce the premium for those clients. They see that as a very positive or defensive posture and are willing to incentivize it. Currently, Field Effect MDR does not have any form of application allowlisting capability. It would be interesting to have it added to the platform in some fashion. That would be great. The host agent in Field Effect MDR is kernel-based, so it is already well-positioned to do things like application allowlisting.
I believe it has been just over two years.
You have occasional issues with a new hire who might be just out of training, but that is very rare. The majority of times that I contact Field Effect support, I get an analyst who not only seems to be very knowledgeable about our particular deployments but is also aware of the platform and the landscape. The analyst is able to create a nice little intersection of all of those to help provide the best direct guidance for a given situation. I found them to be very effective and responsive.
They follow the sun. If we get after-hours alerts, we are still able to get hold of Field Effect SOC analysts to help us triage or respond to high-sensitivity or high-severity events. Because we are a channel partner of Field Effect, in addition to contacting support directly, I often copy our partner success manager to keep him in the loop regarding what is going on, so we usually get a very good and fast response from Field Effect support. When we have supercritical issues that require immediate and most senior attention, it is awesome to have a champion within Field Effect who knows us. We meet with our partner success manager at least monthly, but often, it is biweekly. It is great having a champion within Field Effect who can immediately escalate issues important to us or our clients. They are great, and they are greater when we get our partner rep involved.
In terms of rating, I hate giving out tens because it does not leave room for growth. I am going through SOC 2 and HIPAA compliance certification right now. I just went through this exercise of documenting all of our vendors and all of the systems that we have running. There are over a hundred, and some of those are packaged applications that we just buy. We are just using them off the shelf. With many of them, however, it is a channel relationship where we are a partner or a reseller, and we have an account rep or some sort of extended relationship, or business development relationship with a provider. Among all of our providers, I can confidently and unconditionally say that Field Effect is the best, so based on that, I would rate them a ten out of ten.
Positive
I was a part of our internal pilot, and I remember us taking a while to get the network appliance deployed. That was not because of Field Effect. When we first partnered with Field Effect, we were unfortunately still in the depths of the pandemic. This would have been 2022. We were just coming out of things. We wanted to do a pilot to evaluate it. We were doing our due diligence, but at the time, common shipping carriers were experiencing massive delays. There were transport delays and supply chain issues. Everything was up and down, so it took a while for us to get our appliance. That also caused a delay or lag in implementing the pilot. It was not due to any fault of Field Effect, but it took us a while to get Field Effect to the point where we could even begin to evaluate it. We finally got it installed and got a feel for it.
Field Effect MDR has multiple layers. We had just come from another tier-one Magic Quadrant solution. It was also an MDR solution, but it only allowed us to have host-based agents installed. The only thing that was on the network was an appliance to collect agent telemetry that could then feed it to a SIEM. Prior to Field Effect MDR, we had to do a bunch of things with Linux boxes and so forth. It was a one-off per client to do things like SIEM integration, whereas Field Effect, out of the box, gives us multiple layers of telemetry, host, network, DNS, cloud, and email as a trailing indicator. That immediately allowed us to have much greater visibility. We had 360-degree visibility of a protected environment. That was something we had not expected or anticipated. We probably heard it during the early demonstrations and overviews from Field Effect, but we did not fully comprehend it. When we got our hands on the platform, it was pretty evident, very early on, that the platform was superior. It took us a bit longer to then do some field testing to make sure that the technology was working as well as we thought based on what it was reporting and doing.
We then started doing some pilot tests. We did pilot tests at two clients initially and then at around five clients before we fully committed to the platform. There were upwards of 500 to 750 managed endpoints in this due diligence plus pilot phase. That was when we got to evaluate the SOC because we started getting a significant volume of alerts and AROs. We were then confidently able to say that the platform is awesome. It has multiple layers. It is distributed. It is 360 degrees. It is holistic. Their SOC is effective. They are quick. They are responsive. They are capable and competent, and they are tailored. Each client can have a different service profile, so we can adjust how aggressive or passive we want to be in a given environment based on client requirements and our requirements. That took a while to discover but not due to any failings of Field Effect. It takes a while to go through all of that due diligence and all of that hands-on testing.
Within the first quarter, we were convinced of the capability of the platform. So, after an initial sales cycle or a partnership cycle of maybe two to three months, and then another month and a half of just COVID-related shipping supply chain delays, we could get everything we needed to set up our initial due diligence environment.
A top-tier competitor to Field Effect in Magic Quadrant that we had been using until our switch to Field Effect was a great product, but each capability had an additional charge. We had to license modules separately, and each of those add-ons had to be added onto its own consumption and agreement. It was a nightmare from a billing perspective because we had multiple agreements, and each one had a jagged anniversary or a renewal anniversary. It was a nightmare, whereas Field Effect MDR is one product.
To a colleague who is interested in a cybersecurity solution but says they have never heard of the vendor Field Effect, I would ask if they have heard of CrowdStrike. Have they heard what CrowdStrike did just a couple of weeks ago? Name recognition is not necessarily the be-all and end-all. I am a motorcyclist. I am a car nut. I watch F1 which is a walking billboard of security providers. You have Darktrace. You have CrowdStrike. You have even Bitdefender out there. You have Webroot out there. You have all these folks out there. Some of these are very recognized brands or names. Are they effective forever? No.
We have had very well-recognized platforms that were horrible to operate. They were either ineffective at doing the job they were supposed to do, or they were not highly interoperable, causing lots of problems with particular operating systems. I remember an issue with the Mac platform with a very low-cost and ineffective platform. That caused us to abandon it and use a different platform for Macs because it was highly problematic. Name recognition is great, and one day, Field Effect might be up there as one of those top-tier brands where upon seeing the Field Effect logo, people would say that they are in security, they are top-tier, and they are in Magic Quadrants. It is just a matter of time.
I would encourage people to do their due diligence and get referrals from Field Effect about partners like me or end customers. Run a pilot. Run a proof of concept. Get the product. Run it for yourself. Try it in the field. Field Effect has been pretty generous at least to the partner community. I do not know what would happen with direct customers for this, but with their channel partners, they are very willing to allow a bit of latitude in making sure that Field Effect is the best fit for an organization. So, name recognition is great, and it helps to shorten that initial introductory meeting because you already know a lot about the company. That is fantastic, but that is merely the start of the relationship. It is not the end. It would be nice if Field Effect had better name recognition, but let us look at the merits of the platform, the capabilities, the success, and the effectiveness of the platform and base our decisions on that.
It is a highly effective platform, but they have room for improvement. I would rate Field Effect MDR a nine out of ten because they have room to grow, but where they are right now is amazing. It is so much ahead of what a lot of other Magic Quadrant providers are offering, particularly in terms of the price point, the simplicity of consumption and billing, the robustness of the partnership, the effectiveness of the partnership, and the scalability that it allows our internal team to have.
We are an IT Company that manages many other companies in different industries, like Healthcare, banks, federal, provincial, and private companies. It's highly important to keep them secure and that starts with us not getting hacked. After a lot of internal brainstorming and research, we chose Field Effect MDR. We have systems across different platforms like M365, Zendesk, and Accelo and we need to ensure these systems are totally secure and only accessed by our own team. Before we had this, we didn't have 24/7 monitoring.
Prior to having Field Effect MDR in our organization, our security stack was basically a policy. We had instructions such as "Don't click the link, don't bring your device outside your sight, don't put your login info here or there," etc. It always relied on our team to follow through and make sure they were doing the best they could.
With this tool, we can entrust access to platforms to be managed by an AI algorithm that learns how we work and use our resources.
Furthermore, while we will still be careful, instead of relying on a written policy and our team, we have a 24/7 AI + SOC Team behind us to ensure that we're staying secure.
The feature I've found the move valuable is the 24/7 monitoring. We are a small organization that supports a LOT of endpoints and clients. Without this tool, it would be impossible for us to confidently tell clients that we are secure.
Alongside this, the ability for Field Effect to make decisions on its own based on what it has learned from all the "training data" that we have provided in the past. It will only get better over time. We have had some false positives; for example, using a legitimate networking scanning tool from the terminal has been blocked. However, we were actually impressed when something so simple was caught!
Before Field Effect all we had was policies and all we could do was rely on our team members to make the right decisions and not compromise any systems or information.
I'd suggest that Field Effect focus more on including things like phishing simulation and cybersecurity training. We always talk about a triangle of people, process and technology to solve any business problem. Field Effect has done wonders at covering the technology aspect of this triangle, however, to truly be a cybersecure organization, you need your people and processes to be just as secure.
I've used the solution for four months.
The solution is very stable; it does what it is meant for
The solution is really easy to install and you can use it in an organization of as little as five to as much as 1000 employees.
Support is very reliable. They answer us very quickly over email.
Positive
We used services like antivirus, EDRs and software like Office Protect, yet had no other MDR in the past.
The initial setup was very straightforward. It was connected with M365 and it was set up very easily .
We set up the solution with the vendor team and they had good knowledge and provided us with the best possible solution.
The ROI is at least ten times of its monetary value and unlimited in reputation protection.
It's worth the price. If you are paying $2000 a year to have this setup, it can save millions of dollars along with your company's reputation.
we also considered Huntress. We find Field Effect is way better.
Once you start using it you wouldn't look for another MDR.
While we focus on being a general managed service provider rather than a specialized security solutions provider, we take security seriously. Therefore, we leverage Field Effect Covalence to comprehensively manage and monitor our client sites from a security standpoint.
Our organization currently lacks dedicated expert resources to analyze the data from the equipment. While having the equipment and ingesting information is important, it's crucial to have qualified personnel properly review the data to avoid a high rate of false negatives. Without this, the output could be unreliable and generate excessive irrelevant tickets, creating a noisy and inefficient solution. This is where Covalence shines, as their team of experts constantly monitors the data and provides valuable insights, which is immensely beneficial.
Field Effect Covalence is one of the easiest security solutions to manage. It integrates seamlessly with our existing PSA, meaning it interacts directly with our ticketing system. This eliminates the need for duplicate data entry and simplifies the workflow. Covalence identifies the actual issues, suggests appropriate resolutions, and provides supporting documentation to explain why addressing the issue is important and relevant.
When information enters our ticketing system, we categorize it based on its urgency and the action required. If it demands immediate attention, it's labeled as an "action" with high severity. Medium-severity actions require review and potential resolution within the same day. Observations, on the other hand, signal potential issues that need monitoring and assessment to determine if intervention is necessary. Recommendations, like software patches, are suggested solutions for identified problems. However, these may not always be feasible due to non-compliant or legacy applications that lack updates. In such cases, a discussion with the client is crucial to determine the best course of action. Covalence tagging simplifies this process by clearly categorizing information into three types: Actions, Recommendations, and Observations. Each ARO is further classified by severity (high, medium, and low), making it clear what needs to be done upon entry into the ticketing system.
We've experienced two key benefits from implementing Field Effect Covalence. The first, from a business owner's perspective, is risk mitigation. As someone constantly focused on minimizing vulnerability, knowing Covalence regularly reviews client sites and generates actionable reports provides immense peace of mind. It highlights areas needing improvement—something our internal team might miss. Their deeper analysis ensures no security issues fall through the cracks, fulfilling our initial purpose for bringing them on board. Second, from a client perspective, Covalence's reporting tool allows us to present monthly reports demonstrating our compliance and commitment to their security. In cases where clients hesitate to address recurring findings, the reports document their reluctance, holding them accountable. Overall, Covalence simplifies risk mitigation for both ourselves and our clients. Their independent reports offer transparency, showcasing not just outstanding issues but also their resolution speed.
While we use Covalence for monitoring and recognizing the broadness of cybersecurity, believing a single tool can't cover everything, I think cybersecurity ultimately revolves around access and firewall management. However, various aspects arise, and for actual monitoring and oversight of client activity within their site, Covalence provides comprehensive coverage.
Covalence streamlines the work of security teams by significantly reducing the need for manual research. Each ticket generated by Covalence provides clear, step-by-step instructions for resolving any identified ARO. It pinpoints non-compliant devices or applications and highlights any outstanding requirements for resolving the issue. Additionally, Covalence provides supporting documentation to explain the rationale behind each recommendation, promoting well-informed decision-making. This comprehensive approach empowers even Level 1 and Level 2 technicians to effectively address AROs and achieve timely resolutions.
Field Effect's agent includes an EDR and DNS solution, eliminating the need for separate cybersecurity tools for those functionalities.
Regarding Covalence's recommendations, some mandate specific actions to avoid vulnerabilities. Others suggest further analysis, like the example of multiple end-user VPN products. Having numerous VPNs accessing corporate data on corporate devices poses a significant challenge. However, with adequate documentation, we can effectively present this issue to clients. Ultimately, focusing on a single approved VPN and eliminating others seems like the prudent course of action to enhance security. Another example of this focus-narrowing concept applies to web browsers. The more applications and browsers running on a client's system, the higher the risk of non-compliance and the need for updates. Minimizing unnecessary tools simplifies maintenance and enhances overall security. Covalence's recommendations, along with the supporting reports, provide valuable insights for clients to improve their security posture. Discussing these findings in detail offers guidance and empowers clients to make informed decisions regarding their security infrastructure.
Individually, each aspect of Field Effect Covalence might not hold much significance. However, when combined, they create a powerful and effective system. I appreciate the "set it and forget it" nature of Field Effect Covalence. The platform keeps a watchful eye on client security, and I have confidence that any potential issues will be identified and addressed. The system generates Action Recommendation and Observation reports, which provide detailed instructions for resolving any security concerns and ensuring client compliance. This makes it remarkably easy for network management companies like ours to seamlessly handle the security needs of our clients.
I'd like improved visibility into the backend data where logs are stored, along with integrations with a wider range of products. Field Effect Covalence already integrates with Office 365 and AWS, and has recently added Fortinet and Duo. Expanding their integrations to cover even more products would be highly beneficial.
I have been using Field Effect Covalence for five years.
Field Effect Covalence is stable. We have not encountered any issues and we don't see what is happening in the backend.
Field Effect Covalence is highly scalable. While the core agent software remains constant, the infrastructure adapts to growing data volumes. When an organization surpasses the capacity of its current appliance, simply replacing it with a more powerful one seamlessly extends the platform's capabilities. Additionally, adding appliances to accommodate new branch offices or increased data intake is straightforward. In essence, scaling Covalence is often as simple as adding or upgrading hardware, making it a flexible and adaptable solution for businesses of all sizes.
As early adopters of Field Effect Covalence, we've received exceptional technical support from their team. Their responsiveness is impressive, regardless of the ticket complexity or time of day. Even nights and weekends haven't posed a challenge – they're always available to assist.
Positive
Previously, we used a hosted SIEM solution. However, this required dedicated security expertise for management, and it generated a significant amount of irrelevant alerts. Outsourcing SIEM monitoring has proven to be far simpler and more effective. Aside from the convenience, it's also slightly cheaper than maintaining and supporting an in-house team. Additionally, offloading liability is a major advantage. Field Effect Covalence takes ownership of SIEM monitoring and assumes responsibility for security vigilance, which we always emphasize to our clients. That's why we made the switch.
Deployment is fairly straightforward, but it needs the right hands on the job. In other words, this isn't a task for a level-one technician. While level-one and level-two staff can be helpful with routine operations, the initial setup requires a bit more expertise — someone with networking knowledge and experience. It doesn't need to be the most senior person, but just not someone starting.
The deployment process takes just one day. It involves four hours of setting up the on-premises components, followed by agent deployment and gradual activation. From this perspective, the actual onboarding is distinct from the deployment itself. The deployment itself is relatively straightforward and completed within a day. Onboarding, however, takes a little longer. This is due to the initial "noise" of the system, where security catches previously undetected issues. This thoroughness is a positive, as it ensures nothing slips through the cracks. Therefore, onboarding requires time for things to settle down and establish a regular rhythm of handling typical support tickets.
One person can complete the full deployment.
We've lost clients due to their growth or acquisition. Some who experience significant expansion build their own full-time IT departments, while others join companies with existing IT infrastructure. Notably, regardless of the reason for departure, they've all chosen to retain Field Effect Covalence.
While Field Effect Covalence's pricing seems competitive for the market, the biggest hurdle lies in the lack of dedicated security budgets within many organizations. Convincing these companies to allocate further IT expenditure specifically for security can be tough. They often struggle to justify adding another line item when they're already paying for individual security tools. This fragmented approach can leave them without a comprehensive monitoring system, which ultimately is the most critical need. So, the primary challenge isn't the price point, but rather helping companies understand the value proposition of a holistic security solution and how it complements their existing infrastructure. Once that hurdle is cleared, the current pricing of Field Effect Covalence appears reasonable.
I would rate Field Effect Covalence a nine out of ten.
Our client base varies in size, with a range of 15 to 150 users per client. The average client has 25 users.
We have some minor housekeeping tasks related to endpoint agents that don't deploy correctly, but we don't have any ongoing maintenance responsibilities.
Field Effect Covalence is a fantastic Canadian company, a testament to Canadian innovation and success. The talented team behind it began their journey in government cybersecurity. Recognizing a crucial need in the small and medium-sized business space, they leveraged their expertise to create a solution that has truly taken off. For five years now, we've been using Covalence with every client, and not a single one has experienced a breach. This is remarkable, considering that 60 percent of SMBs face a breach at some point. It speaks volumes about the effectiveness of Covalence and the expertise of its founders.
Field Effect Covalence is a reliable solution for our security monitoring needs. We haven't found anything else that compares. I appreciate the program's simple interface and the company's efficient service delivery. What truly impresses me is their client interaction. They don't just provide alerts; they explain the cause and implications, identify security gaps, showcase Field Effect's prompt resolutions, and highlight the exceptional speed of their response. This transparency and responsiveness are truly outstanding.
We use Field Effect Covalence to safeguard our network and users across both our physical locations and cloud environments. Its integration seamlessly extends to all our tools, encompassing AWS, Azure, and Office 365. Additionally, we maintain physical appliances at our offices to further enhance security. Furthermore, Field Effect Covalence effectively tracks outstanding updates and security threats on our endpoint devices.
We sought to reduce our threat landscape, and Field Effect Covalence provided us with the visibility to do so. They provided valuable insights into the vulnerabilities we needed to address, enabling us to enhance our overall security posture.
It is extremely important that Covalence is backed by experts who are constantly monitoring for attacks and risks. This continuous monitoring is a cornerstone of our security posture. We highly value the thoroughness of their monitoring, which not only alerts us to errors for prompt action but also oversees the availability of the appliances at our installer locations. This vigilance ensures that even if a device goes offline in a remote area without readily available technical personnel, we are immediately notified and can address the issue promptly. Maintaining uninterrupted access to the platform is crucial for our operations.
Covalence is easy to manage. The online portal is intuitive and user-friendly, and their agents provide periodic check-ins to ensure we're always up-to-date on the latest features. Occasionally, we receive calls from company representatives who demonstrate new features and inquire about their potential impact on our operations. Overall, the platform is exceedingly user-friendly, and we've encountered no issues.
We utilize security threat tagging to prioritize action items for immediate attention. While we review recommendations to determine their implementation feasibility, we also identify higher-risk items that may not have immediate visibility. This tagging approach provides valuable insights, enabling us to address any overlooked issues.
Covalence is comprehensive. It's not the only tool that we use, but it is one of the most important, and it covers the majority of our use cases.
Covalence helps save us hours per month.
It has augmented what we would have had for cybersecurity previously.
Covalence's recommendations for remediating and responding to threats have positively impacted our security operations. For some time, this has enhanced our flexibility and provided us with greater insight into the situation. This flexibility has enabled us to take action on any outstanding items that may have previously lacked visibility in our insider intelligence.
Covalence's recommendations are crucial to our operations. We heavily rely on their guidance to improve our security posture and mitigate potential threats.
The ARO alerts are helpful to use almost daily to get a sense of what actions we need to take to expedite security measures. These alerts align with our security needs. When the updates are released, they show us whether our endpoints need to be patched, if there have been login attempts from suspicious locations, or if our systems are compromised. Since the alerts go directly to our inboxes, we can review them promptly and address any security concerns.
I would like Covalence to implement patch management as well.
It would be beneficial to add the ability to create groups for endpoint devices within the portal.
I have been using Field Effect Covalence for two years.
I would rate the stability of Field Effect Covalence a ten out of ten.
Field Effect Covalence scales well.
Our customer support team is consistently prompt in responding to our inquiries via email or phone. We primarily communicate with them through email, and they are always quick to reply. Their expertise in addressing our concerns is consistent.
Positive
The deployment is straightforward.
The Covalence team helped us with the implementation.
Although Covalence is expensive, it provides good value for the price.
I would rate Field Effect Covalence ten out of ten.
Covalence only requires minimal patch updates with no other maintenance.
I highly recommend Field Effect Covalence. The amount of unseen threats is unbelievable and Field Effect Covalence brings them to light.
We have integrated it with our Microsoft 365 deployment. We also use it on our endpoints, and we use it on our office network and email cloud solution.
Covalence saves me time because I don't have to threat-hunt. It does some of the threat-hunting for me. It finds the security issues we have, so we don't have to proactively investigate. Most of the investigation is done for us.
The fact that Covalence informs us of threats and how to address them really helps in large terms because we don't have security officers. It means that my operations team is actually able to deal with security issues. For an organization that doesn't invest a lot in IT, it's a worthwhile investment. I would recommend it.
For example, one type of recommendation is based on vulnerabilities, and the recommendation shows you what the vulnerability is and how to remediate it. That helps to reduce risk.
I like the proactive notifications and the security awareness that it gives. We mostly use it passively. I also like the Office 365 protection. There are user notifications about our cloud solutions and access, meaning authentication and possible breaches. Overall, the notifications and alerts are valuable.
There are also new features like the DNS protection, which is quite good.
In addition, the Covalence experts, who are constantly monitoring for attacks, are very important. During the day, their responses are very good. They are very useful.
Regarding managing the solution, it's very easy to use. We receive notifications via email, and one of my engineers uses the portal to look at the lot of them. They're very easy to understand and to take action on as well.
The tagging feature shows in the reports. The tags tell us some basic security action points. For example, they show us what we have faced during the week or the month, depending on the report, and how we can make our environment better. It is useful to us.
Our company has been using Field Effect Covalence for three years.
I've never seen any stability issues in the two years that I've been here.
Ever since I deployed the solution, I've never had to scale.
They could improve their support. My organization is in the Pacific time zone, and they operate on Eastern time. They provide support from 8 AM to 5 PM, and emergency support from 8 AM to 8 PM their time. Because this is a security solution, I would recommend that they extend their support hours and, for emergencies, even to 24/7 or 24/5.
Other than that, their support is quite thorough. They provide very excellent support. I had one negative incident, but that was a misunderstanding, so I don't see it negatively. I had a conversation with the head of support, and we managed to resolve that very easily. Generally, their support is very good.
Positive
We have appliances on-premises, we have its clients installed on our PCs, and we have connectors to our cloud, so we use it in a hybrid fashion.
The deployment of Covalence is quite easy. I was involved in deploying the appliances, and it was quite easy.
I have never seen it require any maintenance other than the replacement of the devices at end-of-life.
We were able to do it ourselves with help from their support team, but that help was minimal. They have very good support articles as well to provide that information.
Because I was remote at that time, I needed somebody to be onsite to connect the device physically, but if I had been onsite I would have done it all myself.
If a colleague were interested in a solution like this but said to me they had never heard of Field Effect, I would say that two years ago, no one had ever heard of ChatGPT. But when they gave it a try, it was amazing. I have already recommended Field Effect to one client and I would recommend it again.
My advice would be to look at your use cases and discuss them with Field Effect to see which solutions are best for you. I only use a small part of the solution, but they have penetration testing and are able to do other things that I may not use. Discuss your requirements with them, and work with them to build the best solution for you. That's the best approach.
I'm a customer of Covalence, but if I were running an MSP, this is one of the partners I'd pick.
We use Field Effect Covalence at three automotive car dealerships to monitor all of our endpoints and make sure that they comply with updates and security and to notify us of any threats or vulnerabilities that they may have.
Covalence being backed by experts who are constantly monitoring for attacks and risks is important to us.
Managing Covalence is easy.
The actions, recommendations, and observations work well and are timely. The only frustration we've had is when there is certain software that's out of date and it keeps finding traces of the software that did not get updated or uninstalled. Overall, they work very well.
Covalence's benefits were clear from the start. It revealed the significant outdatedness and deficiencies in our existing systems, and within just a few months, it identified a security vulnerability we would have completely missed otherwise.
Covalence informs us of threats with minimal false positives.
Covalence helps us mitigate security risks by recommending actions like keeping software current, removing unnecessary or unknown programs, and eliminating applications that could potentially compromise our organization.
The most valuable features are AROs, which provide timely notifications for out-of-compliance or out-of-specification detections. Additionally, the recently introduced endpoint view, which displays the health status of our network endpoints, has become an essential daily tool.
While Covalence addresses our notification and visibility needs, it falls short in keeping information up-to-date, which is where our MSP comes in to supplement its functionality.
I'd love to see a feature in Covalence that allows manually removing endpoints from the view and receiving notifications if they come back online. Currently, I use the Endpoint View daily, but some systems stay online for up to 30 days even when no longer in service. The ability to manually remove these would be very helpful. Additionally, since Covalence is a key tool for software updates and patch management notifications, it would be fantastic if it could automate some of this process or provide links to the latest software versions. While Covalence highlights the need for updates and what needs to be done, it doesn't necessarily point users to where they can find the software itself.
I have been using Field Effect Covalence for four years.
Field Effect Covalence has shown minimal stability issues, with only one incident attributable to a five-year-old hardware appliance.
Field Effect Covalence is highly scalable. It happens naturally as we add and remove devices.
The technical support team is professional, helpful, and responsive. I can't recall ever encountering an issue that they couldn't resolve.
Positive
The initial deployment of Covalence proved challenging due to my lack of experience, but subsequent deployments were much smoother as I gained familiarity with the process.
Our last two deployments took a couple of hours to complete.
I typically deploy the hardware and maybe help with the group policy. But then, for the most part, our managed service provider IT company, sets up the group policy, and it pushes it out that way the first time, and then it's just an ongoing automated process after that.
While I have not seen a quantifiable return on investment from Covalence, a major cybersecurity incident could have been incredibly expensive, highlighting its potential importance.
Field Effect Covalence's pricing is just right.
I would rate Field Effect Covalence nine out of ten.
The only maintenance Covalence requires is updating the endpoint agent twice a year, at most. These updates are released by Field Effect and necessitate modifying the group policy to reflect the new version. This is because the old group policy won't work with the updated agent.
Completely unfamiliar with Field Effect before consulting for an end user, I've come to appreciate it immensely. Now, it brings me real peace of mind.
My advice to almost everyone I've talked to about Covalence is that in the first few months, there's gonna be a lot of leg work, bringing your systems up to date and in compliance with what the AROs are recommending. But once you have them up to date and know what to look for, it's pretty easy maintenance going forward of your network.
