Field Effect MDR Reviews

We have integrated it with our Microsoft 365 deployment. We also use it on our endpoints, and we use it on our office network and email cloud solution.

Covalence saves me time because I don't have to threat-hunt. It does some of the threat-hunting for me. It finds the security issues we have, so we don't have to proactively investigate. Most of the investigation is done for us.

The fact that Covalence informs us of threats and how to address them really helps in large terms because we don't have security officers. It means that my operations team is actually able to deal with security issues. For an organization that doesn't invest a lot in IT, it's a worthwhile investment. I would recommend it.

For example, one type of recommendation is based on vulnerabilities, and the recommendation shows you what the vulnerability is and how to remediate it. That helps to reduce risk.

I like the proactive notifications and the security awareness that it gives. We mostly use it passively. I also like the Office 365 protection. There are user notifications about our cloud solutions and access, meaning authentication and possible breaches. Overall, the notifications and alerts are valuable.

There are also new features like the DNS protection, which is quite good.

In addition, the Covalence experts, who are constantly monitoring for attacks, are very important. During the day, their responses are very good. They are very useful.

Regarding managing the solution, it's very easy to use. We receive notifications via email, and one of my engineers uses the portal to look at the lot of them. They're very easy to understand and to take action on as well.

The tagging feature shows in the reports. The tags tell us some basic security action points. For example, they show us what we have faced during the week or the month, depending on the report, and how we can make our environment better. It is useful to us.

Our company has been using Field Effect Covalence for three years.

I've never seen any stability issues in the two years that I've been here.

Ever since I deployed the solution, I've never had to scale.

They could improve their support. My organization is in the Pacific time zone, and they operate on Eastern time. They provide support from 8 AM to 5 PM, and emergency support from 8 AM to 8 PM their time. Because this is a security solution, I would recommend that they extend their support hours and, for emergencies, even to 24/7 or 24/5.

Other than that, their support is quite thorough. They provide very excellent support. I had one negative incident, but that was a misunderstanding, so I don't see it negatively. I had a conversation with the head of support, and we managed to resolve that very easily. Generally, their support is very good.

Positive

We have appliances on-premises, we have its clients installed on our PCs, and we have connectors to our cloud, so we use it in a hybrid fashion.

The deployment of Covalence is quite easy. I was involved in deploying the appliances, and it was quite easy.

I have never seen it require any maintenance other than the replacement of the devices at end-of-life.

We were able to do it ourselves with help from their support team, but that help was minimal. They have very good support articles as well to provide that information.

Because I was remote at that time, I needed somebody to be onsite to connect the device physically, but if I had been onsite I would have done it all myself.

If a colleague were interested in a solution like this but said to me they had never heard of Field Effect, I would say that two years ago, no one had ever heard of ChatGPT. But when they gave it a try, it was amazing. I have already recommended Field Effect to one client and I would recommend it again.

My advice would be to look at your use cases and discuss them with Field Effect to see which solutions are best for you. I only use a small part of the solution, but they have penetration testing and are able to do other things that I may not use. Discuss your requirements with them, and work with them to build the best solution for you. That's the best approach.

I'm a customer of Covalence, but if I were running an MSP, this is one of the partners I'd pick.

We are dedicated to keeping our clients' fleets compliant and secure. Our proactive approach allows us to receive timely notifications when attention is needed, enabling us to act swiftly.

Our system highlights specific devices, files, or software that require attention and provides a CVE number detailing potential vulnerabilities and remediation steps. If you ever find yourself unsure about how to address an issue, their knowledgeable team is just a text message away. With real people ready to assist, they go above and beyond traditional security software to ensure your peace of mind.

Thanks to the MDR, it is easy for us to effectively develop policies to address vulnerabilities. By integrating Mobile Device Management (MDM) with our MDR, we can swiftly tackle detected issues. This combination enhances our cybersecurity posture and provides peace of mind, significantly reducing downtime. 

By proactively staying ahead of potential threats, we ensure our systems remain secure and efficient. This strategic approach not only safeguards our operations but also reinforces our commitment to maintaining a robust security environment.

The automated response feature is incredibly effective. For instance, we can automatically lock a Microsoft 365 account if a login attempt occurs from an unauthorized country. This proactive measure significantly enhances our security posture by swiftly mitigating potential risks. 

The system's ability to respond instantly to suspicious activities not only protects sensitive information but also provides peace of mind, knowing that our accounts are safeguarded against unauthorized access. Overall, this functionality is a valuable asset for maintaining robust security.

We've noticed that some alerts are indicating vulnerabilities that have already been resolved. While it's essential to stay informed about potential issues, the recurring notifications about past vulnerabilities can lead to confusion and may detract from our focus on current threats. 

Streamlining the alert system to filter out these resolved issues would enhance our efficiency and ensure that we concentrate on the most relevant and pressing security matters. Overall, refining this aspect would significantly improve our experience.

I've used the solution for two months now.

So far, we haven't had any issues; it's always been stable.

The solution is pretty scalable. You can go from a small company to a big company, from a local software agent to a network monitor.

Whenever we reached out for assistance or to whitelist a reported vulnerability that we knew was not harmful to our environment, we found the team exceptionally easy to work with.

Positive

We are in the process of integrating existing solutions with this new product. Rather than merely replacing what we have, this addition provides an opportunity to enhance our current capabilities.

The initial setup was straightforward.

Someone else acquired this solution for the company I'm working with.

As a technician, this question falls outside my role. That said, I recognize the significant benefits of a tool that accomplishes tasks in a fraction of the time compared to manual security methods.

The price is in accordance with the provided services.

We did not evaluate a different solution. 

You should certainly consider trying Field Effect; it is a robust solution that will soon be essential for any organization prioritizing security.

My workplace experienced a service security incident, and we engaged the Field Effect team to assist us with investigation and recovery. As part of their services, they implemented the Covalence monitoring solution. After the initial three-month engagement, we opted to retain the solution and continue using it.

It is of paramount importance that the surveillance system is continuously monitored for attacks and risks by a team of qualified experts. This is one of the primary reasons why we chose Field Effect.

Device management is straightforward. The solution is practically ready to use. It took less than an hour to install their appliance and agents, and it is straightforward to configure and monitor.

Tagging security threats enhances the system's learning capabilities. However, in our environment, if an event is tagged as non-threatening, the system will disregard it in the future and learn from the process.

Covalence offers a unified solution that proactively safeguards against various threats.

Covalence helps identify issues even when we're not actively looking for them. This helps our security team save around ten percent of their time.

Covalence keeps us informed of potential threats and guides how to address them if they materialize. Since its implementation, we have not encountered an actual threat, but it does alert us to potential issues.

Covalence bolstered our confidence in our security posture. As a result, we now sleep better at night knowing that Covalence safeguards our data.

It recommends actions to take to mitigate risk. This is crucial because it identifies the nature of the risk and provides solutions to address it. Therefore, it is of substantial importance, and it is our responsibility to either heed these recommendations or disregard them if we deem the risk insignificant or unrealistic.

The most valuable aspect of Field Effect Covalence is its ability to continuously monitor for and identify potential threats.

Currently, Covalence responds to threats by deleting the entire machine. However, it would be more effective if it could surgically isolate the specific malicious process instead of deleting the entire machine. This would minimize disruption and allow for a more targeted response to the threat.

I have been using Field Effect Covalence for six months.

I have noticed a slight slowdown when using the better agent on my machine, but I have never experienced a crash, to my knowledge. The slowdown is also not that significant, as it only occurs during startup.

Covalence is quite scalable. As a small organization, we believe we have ample room to grow with our current implementation. If we were to expand, we believe Covalence could scale with us by adding additional appliances.

The initial deployment was straightforward and took only one hour to complete. We were up and running quickly. We coordinated with the Field Effect's personnel and one individual from our team for the deployment.

The implementation was completed in-house.

Covalence is a threat solution that provides a high return on investment when a real threat is encountered. Fortunately, we have not yet faced such a situation. However, if we were to encounter a significant threat, I would estimate that the return on investment could be in the range of hundreds of times the cost of the solution, even with just a single incident.

The pricing was very reasonable. We were particularly impressed with their pricing model, which charges per user rather than per system. This is especially beneficial for companies like ours that have a large number of systems and therefore require multiple systems for each user. This pricing model will be much more cost-effective for us than the competition's models.

I would rate Field Effect Covalence eight out of ten.

In addition to Field Effect Covalence, we also use an antivirus, a perimeter firewall, various password protection tools, and phishing tools.

Covalence requires minimal maintenance, just the monitoring essentially. Monitoring and looking at the action alerts.

I highly recommend Field Effect for several reasons. Firstly, they cater to businesses of all sizes, from small and medium-sized enterprises to large corporations. Their pricing is competitive, and their solutions provide peace of mind by enhancing overall cybersecurity posture. I wholeheartedly endorse their services.

When comparing Field Effect's pricing model to that of its competitors, businesses should consider the importance of the granularity of threat isolation.

While we focus on being a general managed service provider rather than a specialized security solutions provider, we take security seriously. Therefore, we leverage Field Effect Covalence to comprehensively manage and monitor our client sites from a security standpoint.

Our organization currently lacks dedicated expert resources to analyze the data from the equipment. While having the equipment and ingesting information is important, it's crucial to have qualified personnel properly review the data to avoid a high rate of false negatives. Without this, the output could be unreliable and generate excessive irrelevant tickets, creating a noisy and inefficient solution. This is where Covalence shines, as their team of experts constantly monitors the data and provides valuable insights, which is immensely beneficial.

Field Effect Covalence is one of the easiest security solutions to manage. It integrates seamlessly with our existing PSA, meaning it interacts directly with our ticketing system. This eliminates the need for duplicate data entry and simplifies the workflow. Covalence identifies the actual issues, suggests appropriate resolutions, and provides supporting documentation to explain why addressing the issue is important and relevant.

When information enters our ticketing system, we categorize it based on its urgency and the action required. If it demands immediate attention, it's labeled as an "action" with high severity. Medium-severity actions require review and potential resolution within the same day. Observations, on the other hand, signal potential issues that need monitoring and assessment to determine if intervention is necessary. Recommendations, like software patches, are suggested solutions for identified problems. However, these may not always be feasible due to non-compliant or legacy applications that lack updates. In such cases, a discussion with the client is crucial to determine the best course of action. Covalence tagging simplifies this process by clearly categorizing information into three types: Actions, Recommendations, and Observations. Each ARO is further classified by severity (high, medium, and low), making it clear what needs to be done upon entry into the ticketing system.

We've experienced two key benefits from implementing Field Effect Covalence. The first, from a business owner's perspective, is risk mitigation. As someone constantly focused on minimizing vulnerability, knowing Covalence regularly reviews client sites and generates actionable reports provides immense peace of mind. It highlights areas needing improvement—something our internal team might miss. Their deeper analysis ensures no security issues fall through the cracks, fulfilling our initial purpose for bringing them on board. Second, from a client perspective, Covalence's reporting tool allows us to present monthly reports demonstrating our compliance and commitment to their security. In cases where clients hesitate to address recurring findings, the reports document their reluctance, holding them accountable. Overall, Covalence simplifies risk mitigation for both ourselves and our clients. Their independent reports offer transparency, showcasing not just outstanding issues but also their resolution speed.

While we use Covalence for monitoring and recognizing the broadness of cybersecurity, believing a single tool can't cover everything, I think cybersecurity ultimately revolves around access and firewall management. However, various aspects arise, and for actual monitoring and oversight of client activity within their site, Covalence provides comprehensive coverage.

Covalence streamlines the work of security teams by significantly reducing the need for manual research. Each ticket generated by Covalence provides clear, step-by-step instructions for resolving any identified ARO. It pinpoints non-compliant devices or applications and highlights any outstanding requirements for resolving the issue. Additionally, Covalence provides supporting documentation to explain the rationale behind each recommendation, promoting well-informed decision-making. This comprehensive approach empowers even Level 1 and Level 2 technicians to effectively address AROs and achieve timely resolutions.

Field Effect's agent includes an EDR and DNS solution, eliminating the need for separate cybersecurity tools for those functionalities.

Regarding Covalence's recommendations, some mandate specific actions to avoid vulnerabilities. Others suggest further analysis, like the example of multiple end-user VPN products. Having numerous VPNs accessing corporate data on corporate devices poses a significant challenge. However, with adequate documentation, we can effectively present this issue to clients. Ultimately, focusing on a single approved VPN and eliminating others seems like the prudent course of action to enhance security. Another example of this focus-narrowing concept applies to web browsers. The more applications and browsers running on a client's system, the higher the risk of non-compliance and the need for updates. Minimizing unnecessary tools simplifies maintenance and enhances overall security. Covalence's recommendations, along with the supporting reports, provide valuable insights for clients to improve their security posture. Discussing these findings in detail offers guidance and empowers clients to make informed decisions regarding their security infrastructure.

Individually, each aspect of Field Effect Covalence might not hold much significance. However, when combined, they create a powerful and effective system. I appreciate the "set it and forget it" nature of Field Effect Covalence. The platform keeps a watchful eye on client security, and I have confidence that any potential issues will be identified and addressed. The system generates Action Recommendation and Observation reports, which provide detailed instructions for resolving any security concerns and ensuring client compliance. This makes it remarkably easy for network management companies like ours to seamlessly handle the security needs of our clients. 

I'd like improved visibility into the backend data where logs are stored, along with integrations with a wider range of products. Field Effect Covalence already integrates with Office 365 and AWS, and has recently added Fortinet and Duo. Expanding their integrations to cover even more products would be highly beneficial.

I have been using Field Effect Covalence for five years.

Field Effect Covalence is stable. We have not encountered any issues and we don't see what is happening in the backend.

Field Effect Covalence is highly scalable. While the core agent software remains constant, the infrastructure adapts to growing data volumes. When an organization surpasses the capacity of its current appliance, simply replacing it with a more powerful one seamlessly extends the platform's capabilities. Additionally, adding appliances to accommodate new branch offices or increased data intake is straightforward. In essence, scaling Covalence is often as simple as adding or upgrading hardware, making it a flexible and adaptable solution for businesses of all sizes.

As early adopters of Field Effect Covalence, we've received exceptional technical support from their team. Their responsiveness is impressive, regardless of the ticket complexity or time of day. Even nights and weekends haven't posed a challenge – they're always available to assist. 

Positive

Previously, we used a hosted SIEM solution. However, this required dedicated security expertise for management, and it generated a significant amount of irrelevant alerts. Outsourcing SIEM monitoring has proven to be far simpler and more effective. Aside from the convenience, it's also slightly cheaper than maintaining and supporting an in-house team. Additionally, offloading liability is a major advantage. Field Effect Covalence takes ownership of SIEM monitoring and assumes responsibility for security vigilance, which we always emphasize to our clients. That's why we made the switch.

Deployment is fairly straightforward, but it needs the right hands on the job. In other words, this isn't a task for a level-one technician. While level-one and level-two staff can be helpful with routine operations, the initial setup requires a bit more expertise — someone with networking knowledge and experience. It doesn't need to be the most senior person, but just not someone starting.

The deployment process takes just one day. It involves four hours of setting up the on-premises components, followed by agent deployment and gradual activation. From this perspective, the actual onboarding is distinct from the deployment itself. The deployment itself is relatively straightforward and completed within a day. Onboarding, however, takes a little longer. This is due to the initial "noise" of the system, where security catches previously undetected issues. This thoroughness is a positive, as it ensures nothing slips through the cracks. Therefore, onboarding requires time for things to settle down and establish a regular rhythm of handling typical support tickets.

One person can complete the full deployment.

We've lost clients due to their growth or acquisition. Some who experience significant expansion build their own full-time IT departments, while others join companies with existing IT infrastructure. Notably, regardless of the reason for departure, they've all chosen to retain Field Effect Covalence.

While Field Effect Covalence's pricing seems competitive for the market, the biggest hurdle lies in the lack of dedicated security budgets within many organizations. Convincing these companies to allocate further IT expenditure specifically for security can be tough. They often struggle to justify adding another line item when they're already paying for individual security tools. This fragmented approach can leave them without a comprehensive monitoring system, which ultimately is the most critical need. So, the primary challenge isn't the price point, but rather helping companies understand the value proposition of a holistic security solution and how it complements their existing infrastructure. Once that hurdle is cleared, the current pricing of Field Effect Covalence appears reasonable.

I would rate Field Effect Covalence a nine out of ten.

Our client base varies in size, with a range of 15 to 150 users per client. The average client has 25 users.

We have some minor housekeeping tasks related to endpoint agents that don't deploy correctly, but we don't have any ongoing maintenance responsibilities.

Field Effect Covalence is a fantastic Canadian company, a testament to Canadian innovation and success. The talented team behind it began their journey in government cybersecurity. Recognizing a crucial need in the small and medium-sized business space, they leveraged their expertise to create a solution that has truly taken off. For five years now, we've been using Covalence with every client, and not a single one has experienced a breach. This is remarkable, considering that 60 percent of SMBs face a breach at some point. It speaks volumes about the effectiveness of Covalence and the expertise of its founders.

Field Effect Covalence is a reliable solution for our security monitoring needs. We haven't found anything else that compares. I appreciate the program's simple interface and the company's efficient service delivery. What truly impresses me is their client interaction. They don't just provide alerts; they explain the cause and implications, identify security gaps, showcase Field Effect's prompt resolutions, and highlight the exceptional speed of their response. This transparency and responsiveness are truly outstanding.

We use the solution as a tool to protect our endpoints against cybersecurity threats. We also use it for monitoring network traffic at our office, specifically against denial of service attacks or other cybersecurity threats.

The Covalence agent that's been installed and running on all of our user's devices is great.

I get alerts if there's malicious activity or restrictions or if any suspicious activity should emerge. That allows me to reach out to that user and investigate further.

We like that it’s backed by experts who are constantly monitoring for attacks and risks. It's very important. I've called upon them a few times. I don't need to every time. However, they've always responded extremely quickly - within minutes. They've helped me understand what the issue is and what a resolution could be.

For the most part, it's fairly easy to manage. On a scale of one to ten, I would probably say, with ten being minimal effort, zero being extremely difficult, I would put it around, you know, seven and a half or so.

We use the tagging of security threats such as actions, recommendations, observations, et cetera. For the most pressing issues, it's good.   

It doesn’t help us save time. However, it does help us be more focused on where we're spending our time.

The solution informs us of threats and how to address them. It has definitely helped with security. It gives recommendations on how to reduce our risk. That's very helpful, particularly when you have a more junior resource that's been dealing with the threat. The explanation and the description of the threat and the remedy suggested are very helpful.

I have had a couple of challenges around updates to the agents where it seems it doesn't automatically replace older versions. I've had to go in and manually remove them and do a reinstall, which is a bit cumbersome to do on all the devices. They should offer a silent install and update. I'm using InTune to install the agent on new devices; however, getting it updated to the new agent is difficult. Other than that, once it's up and running, it's pretty well a very easy advantage.

I find that sometimes it will send alerts a bit too quickly. For example, it will send me an alert if it detects that there is an older version of Windows running on a device. However, Windows forces us to update very quickly. We often get those alerts, and the updates just haven't had time to get installed yet.

As far as phishing emails in particular, it doesn't really help me in protecting against those. For that, I'm relying on Microsoft 365’s own tools. I get notified if somebody clicks on, for example, a suspicious link in an email; however, that's after the fact. I don't count on Covalent to filter out those potential emails from being delivered. We’re relying on Microsoft to do that.

We started using the solution almost two years ago. 

We haven't had any issues with crashing or downtime since we've been using it. 

We had a case where there was a power outage in the building. That created some alerts, however, when the power came back on, everything just reset, and we were fine. 

We contacted support during the initial setup and when we had to do an update. They were satisfactory. We had no complaints. 

Positive

We were not using a different solution previously.  

We do use their appliance to protect our network. However, we don't have any servers inside our network since all of our business apps are on the public cloud. 

I was involved with the initial setup of the solution. We did have some challenges getting it to work for the silent install that uses Intune. When we first tried to install it, we had difficulty getting it to do a silane install. And it took a while to get that resolved. Once we did, it worked fine, except we're having a similar kind of problem when there are updates to the agent that need to be installed. If we install it through, you know, a manual process, it works great. However, when you are trying to use Microsoft Intune, which is our endpoint device manager, there are some difficulties.

We had three members handling the installation process. 

Maintenance involves ensuring the latest version of the endpoint agent is installed on all devices. 

We handled the installation process in-house. 

The pricing is quite reasonable for the value we get out of the product.

We did look at other options, including Crowdstrike. The fact that Covalence was Canadian was important to us. The price point was attractive as well. 

We're customers and end-users.

I'd advise anyone to give it a serious look. It's a cost-effective solution compared to other options. However, they don't seem to be spending on marketing as you never hear about them really.

Look at all the features, if they're comparing it with other products, to make sure that they have everything required included. Make sure that you're looking at alternatives, considering various components. It's very easy to get confused between this agent, compared to, say, CrowdStrike's agent; however, if you need to add in the other components from CrowdStrike, do you have a comparable solution?

I'd rate the product nine out of ten. 

I am with an IT MSP or IT Managed Services Provider. We have clients who allow us to provide their IT services. We provide services for desktop support and all the way up to network administration, technical projects, and so forth.

We use Field Effect MDR for our clients as well as for ourselves, so we use it internally as well as resell it to our IT MSP clients.

Field Effect MDR is backed by experts who are constantly monitoring for attacks and risks. It is extremely important and relevant to us. Field Effect or at least the core team, comes out of offensive security with nation/state actions. That is very practical knowledge. Being able to take that and understand both from the offensive side and the defensive side is valuable. Knowing how to counter those offensive acts and how to anticipate them puts them in a great spot to understand the cyber landscape. We are able to stay on top of trends within that cyber landscape. Because they have intelligent sources or habits that they have developed from their history, it is very effective. We have a lot of trust in the leadership of Field Effect, the line managers, the SOC in charge, the forensic teams, and the incident response teams. We have very high confidence that our interests are highly regarded by them, and they are trying to protect our business, our interests, and our clients. They are also able to steer us in great directions. 

Even though they have such deep industry experience, they are willing to collaborate and listen. This is something that I would not have expected from a team like Field Effect. On the partnership side, we have used other top-tier EDR or MDR products. The products are great, but the partnerships in some cases have been just average. In some cases, they have been antagonistic, so from Field Effect, I was not expecting much, particularly having learned about their background. However, when we got working with them, it was just a revelation of how open they were to our situation and our particular needs, which are very different from their own priorities. They have been willing to work with us within reason. They have a development roadmap that they have to follow, but whenever we needed critical things to make Field Effect MDR a part of our core business and a successful part of our core business, they were very willing to listen. In many cases, they also acted on the requests. It has been a fantastic and very effective partnership.

We use its tagging of security threats as actions, recommendations, or observations. It is critical. We have used a lot of platforms, We have used the second-tier ones and also the top-tier ones in Magic Quadrant. The main issue with all of those platforms is noise. How do you improve the signal-to-noise ratio so that you are not spending a lot of your senior security analyst's time triaging non-actionable tickets, events, or alerts and they can focus on those truly actionable things that might require some level of direct incident response? With other platforms, including other top-tier platforms such as SentinelOne or CrowdStrike, we would get a lot of false positive notifications, and cutting through the noise was difficult. With Field Effect, because they use the ARO system of actions, recommendations, and observations, they have severity levels within each of those bands. I am not sure, but I believe there are five bands between each of those. We use a system called ConnectWise PSA as our ticketing system, so we are able to insert workflow rules and other automation assistance so that we can do some pre-filtering of the alerts to make sure that we direct all the high-priority notifications to our SOC team. We can either auto-close lower priority or lower severity notifications because they are non-actionable or are more informative, or we can funnel them to our regular help desk. A notification about your web browser being out of date does not need to go to the SOC. That can go to the regular service team to help walk the client through an update or do the update for them and things like that, so AROs are critical. It definitely allows us to maximize our limited and expensive resources so that we are focused on truly actionable things and not waste time on false positives.

As of now, Field Effect MDR gives us a single cybersecurity product that proactively protects all our threat surfaces, but who knows what may happen in the future. Field Effect MDR is holistic. With this one product, you get the host-based stuff. You get the network appliance. You get cloud monitoring. You get the DNS firewall. It is a much simpler product to handle from a billing perspective. From an account management perspective, the full version of Field Effect MDR is effective and easy to manage. They also have other versions, but the full product version is a one-stop shop. There is an add-on that they have probably introduced over the last year or maybe six months. It is for cloud retention. Field Effect MDR in many aspects is a SIEM, but they have not exposed all the traditional capabilities of SIEM, namely the dashboarding side or the user-facing side. It also lacked the ability for a SIEM to be a generic log aggregator or a log ingestion sync of any source of log data. They have now added that capability where you can add on log retention services if you need it for compliance or insurance or just your own digital forensics requirements. By default, it retains its own telemetry for 90 days, but if an organization wants to retain logs for 360 days or longer for compliance and data retention, they have a service for that. That is an add-on, but the core platform with its 90-day retention is usually acceptable to the majority of our clients.

Field Effect MDR most certainly helps our security team save time. It does that passively via ARO classification. The Field Effect SOC is doing its job through machine learning, human analysts, and other heuristics to make sure that events are categorized as best as they can. We can leverage their deep experience, which makes it much easier for my team. When we get an alert via Field Effect MDR, it is already packaged as an action, a recommendation, or an observation. When we get an action of medium or higher severity, that automatically goes to my company's SOC for some triaging and analysis to determine whether we need to spin up an incident response or what the proper response is to that notification. Lower-scored items, such as observations, recommendations, and low severity or priority actions, go to a SOC coordination team, which will also do some less technical triage to classify them, or it will be handled by some of our automations. The fact that AROs are being so effectively and correctly targeted allows us to focus our most senior, most expensive, and most skilled resources on things that actually matter.

We also gain efficiencies because the Field Effect SOC is collaborative. We do not just get an ARO. We are also able to initiate communication. If we have an action or event that we want to follow up on, be it an action, recommendation, or observation, we can request help. If my company SOC needs some guidance because we are not quite sure, or it is on the bubble of being actionable versus non-actionable and we want a second opinion before we close a ticket or spin up an incident for the response team, we can request help from the Field Effect SOC. They collaborate with us and explain the logic behind why they classified something like this. They listen to our points, perspectives, and considerations. They work with us to figure out whether it is something that we need to worry about, or it is something that we can defer or ignore. That is extremely helpful. With some of our other partnerships on technology products, including security products, it has been very difficult to get this level of effective collaboration from the vendor. That has been fantastic. That has allowed us to accelerate our plans. Initially, we were thinking about using Field Effect MDR only for certain clients who have purchased a higher tier or premium security service, like an MSSP service specific to security and compliance. However, given how scalable Field Effect MDR is through those efficiencies built into the platform, into their classification system of events, and indirect staff augmentation via their Field Effect SOC, we have now made Field Effect MDR the standard security platform for all of our clients, even the ones who are only on core IT support plans.

Field Effect MDR informs us of the threats that matter and how to address them. AROs are very detailed. A lot of security platforms provide that detail, so I do not know if that is especially unique in the Field Effect's case, but it is certainly effective. AROs are very well-detailed, and they describe which event triggered the alert. They explain why it is of interest but not an actual problem. They also detail the steps to remediate, mitigate, or dismiss a particular alert. They are very effective from that perspective.

They also provide us with bulletins. We have been lucky so far. None of our clients have been subject to any sort of rising threat. However, we would not necessarily know about it unless we are paying attention to security forms and other information sources. Field Effect is one of those sources. When they start to see a negative trend, they alert their community. As a channel partner of Field Effect, we get alerts, warnings, or notifications on those emerging threats. We can then alert our SOC and pay attention to some of the indicators of compromise that might not be flourishing into a full attack but are indicative of attack precursors. Those advanced alerts of emerging threats are key. Field Effect is attempting to keep us informed as a channel partner. I do not know how true that would be for a direct customer of Field Effect.

As a channel partner, we also get visibility into their development roadmap. We have influence over that roadmap. Understanding what is coming down the line in terms of feature enhancements, feature improvements, new features, new capabilities, and new services is great for us. We are a decently sized IT MSP with a growing set of MSSP services. We cannot always turn on a dime, so advanced notice, particularly in terms of forthcoming items, is very key. It allows us to help make sure that our various teams—technical teams on the SOC or the service delivery side, client-facing teams such as our account management teams, our VCIOs, our VCSOs, and marketing team—are working in a highly synchronized or collaborative manner. They can make our new services and offerings as successful as possible with minimal friction in our particular marketplace.

It is hard to take them in isolation. It is a security product, so it is all about defense and depth. You cannot be monolithic, so you have to be holistic, and that is what Field Effect MDR is. It starts with their host-based agents, their EDR agents, which are very capable, but those are bolstered by network compliance, which does network intrusion detection. We are getting visibility over the network, not just for those hosts that have a Field Effect EDR agent but also things like the Internet of Things, guest networks, or rogue devices. We definitely have visibility into all network traffic, which is very cool. They also provide a DNS firewall, so that is pretty key. These days, with zero trust, you have to assume a breach at some point. It is sad but true. Even folks like CrowdStrike, who are not necessarily getting compromised, are falling victim to their own internal processes, so having multiple layers of protection is certainly beneficial. With a DNS firewall, even if something were to go haywire, such as an intruder breaches the perimeter and gets onto an endpoint, or somehow the endpoint itself fails to be effective, we still have the ability to block those command and control hubs. That is pretty key.

Cloud monitoring is another thing that we found valuable in addition to host endpoint protection. We also have cloud monitoring in addition to the host-based agent, the secure DNS, the network intrusion detection, and the network compliance that sits on-prem monitoring all traffic. We are able to ingest all the events for all the top services, such as Microsoft 365, GCP, AWS, Dropbox, Salesforce, and ServiceNow, and make sure that we are looking at the entire distributed footprint of an organization and not just a particular endpoint or a particular office, so it is very comprehensive.

On top of all of that telemetry being captured, we have the Field Effect security operation center. Their SOC analysts are awesome. They are very flexible in terms of particular rules, which might change from organization to organization. They are able to take those particular provisioning or service definitions and still remain very responsive and according to our service level agreements. We found their SOC to be incredibly engaging. That is on the service delivery side.

We are a channel partner of Field Effect. We deal with a lot of products, but Field Effect has certainly distinguished itself as being a stellar partner. They are not just providing us with fantastic products, which are highly effective, they are also helping us. They are helping our clients. Their partner team or their marketing team helps us with go-to-market activities. It has been a fantastic relationship.

The interface is perhaps the weakest part of the entire platform, and that does not mean that it is deficient. It is just not as optimized and as efficient as other aspects of the platform. Given their background of coming from the offensive security side of things, understanding how attackers are going to operate, and having played that role in their previous careers, they have built a great platform that understands what to look for. Their threat detection, rules, and their correlation engine are amazing. They have very high accuracy. That is built throughout the platform. From the technology side, because of their experience, they know what to prioritize in terms of their development roadmap, so they get the best features out as quickly as possible, which is fantastic. There is comfort in knowing that our protected environments will be well safeguarded by the entire platform, including their security operation center.

The weak point, particularly as an MSP, because we have multiple IT clients, is that we need a multi-tenant type of interface. We need a single pane of glass that allows us to manage all of our clients, including our own tenant for our own internal use. Their web console has seen some development over the past couple of years. Their focus was perhaps not as much on the user-facing side of things as it was on the core technology or the actual cyber defense side of things, so we have had some points of challenges over the past couple of years. Over the last six months, however, there have been some pretty drastic positive changes to the user interface for the web console or the web admin console. The interface is a lot better, but there are still some gaps that we would love to see getting filled. For example, we would like to be able to export all data grids to CSV so that we could bring them into some other format to do data analysis outside of the web console. That is still a bit hard to do. However, they have added so many other quality-of-life, user efficiency, and multi-tenant management features over the last six to nine months that the interface is now much better. It is a highly usable interface now.

Field Effect MDR is a compelling platform because it is not monolithic. It is distributed, and it is layered. You have the host, DNS, network, and cloud. They have something called SEAS or Suspicious Email Analysis Service, which is awesome because everyone is suspicious of emails, perhaps even multiple times per day. If you multiply that by multiple clients and the number of users per client, you can imagine the volume of tickets that we get within our company to know if it is a phishing email. Having that service from Field Effect where they ingest an email reported by an end user and do the analysis to determine whether to trigger some sort of incident response action or to ignore it because it is legitimate. Having that is amazing. Where they have a gap currently is that they have their telemetry coming from so many different areas of an organization. Field Effect MDR is basically collecting all the data that a SIEM does. I guess to the Field Effect SOC, Field Effect MDR is a SIEM, but a lot of those SIEM capabilities are not fully exposed to end customers or MSPs, such as MSSPs or MSPs like my company. It would be awesome if somewhere on the development roadmap, they continue to evolve the platform and expose more of the native SIEM functionality so that it is available to end customers and not just to the Field Effect SOC.

The UI and SIEM capabilities are two main things that I would love to see. That would make it a slam dunk. They would then cover everything. They have a holistic security defense platform. They have log retention. They have MDR capabilities. Those are massive checklist items in an organization's cyber defense footing. An organization looks for things like compliance assessments, cyber insurance, and cybercrime coverages.

I would certainly love Field Effect to continue to be very judicious in expanding its precious development resources in the pursuit of market competitiveness. I imagine their competitors seeing the success that Field Effect MDR is having with their holistic approach, so I would expect more of that from their competitors. I see them providing a one-stop-shop type of solution. It would be incumbent for Field Effect to continue driving the initiative by expanding its universe of products and services. It would be interesting to see other elements from them that lead to good cyber hygiene. As an IT MSP or MSSP, one of the big challenges for us is a simple thing like patching. We have tools where we can pretty confidently patch operating systems such as Microsoft Windows, Linux, and macOS, but we are not able to patch third-party applications with a high success rate. That is due to a host of causes, some of which are user-driven but a lot of them are platform-related. It would be awesome if Field Effect started to include features like patch management into the mix so that we could leverage the ubiquity of Field Effect MDR to tackle one of our highest service delivery challenges. We are already using some third-party application patching tools, but even with multiple of them in play, we are far below our desired success rate for monthly application updates. I would love to have another layer to that mix to help improve our patch compliance rate. 

I have recently been exposed to an application allowlisting platform. It is very capable, and it is solving some specific needs, particularly for companies that are trying to maximize their cyber insurance spend. If you have application allowlisting deployed, some site insurers are willing to provide more coverage or reduce the premium for those clients. They see that as a very positive or defensive posture and are willing to incentivize it. Currently, Field Effect MDR does not have any form of application allowlisting capability. It would be interesting to have it added to the platform in some fashion. That would be great. The host agent in Field Effect MDR is kernel-based, so it is already well-positioned to do things like application allowlisting.

I believe it has been just over two years.

You have occasional issues with a new hire who might be just out of training, but that is very rare. The majority of times that I contact Field Effect support, I get an analyst who not only seems to be very knowledgeable about our particular deployments but is also aware of the platform and the landscape. The analyst is able to create a nice little intersection of all of those to help provide the best direct guidance for a given situation. I found them to be very effective and responsive.

They follow the sun. If we get after-hours alerts, we are still able to get hold of Field Effect SOC analysts to help us triage or respond to high-sensitivity or high-severity events. Because we are a channel partner of Field Effect, in addition to contacting support directly, I often copy our partner success manager to keep him in the loop regarding what is going on, so we usually get a very good and fast response from Field Effect support. When we have supercritical issues that require immediate and most senior attention, it is awesome to have a champion within Field Effect who knows us. We meet with our partner success manager at least monthly, but often, it is biweekly. It is great having a champion within Field Effect who can immediately escalate issues important to us or our clients. They are great, and they are greater when we get our partner rep involved.

In terms of rating, I hate giving out tens because it does not leave room for growth. I am going through SOC 2 and HIPAA compliance certification right now. I just went through this exercise of documenting all of our vendors and all of the systems that we have running. There are over a hundred, and some of those are packaged applications that we just buy. We are just using them off the shelf. With many of them, however, it is a channel relationship where we are a partner or a reseller, and we have an account rep or some sort of extended relationship, or business development relationship with a provider. Among all of our providers, I can confidently and unconditionally say that Field Effect is the best, so based on that, I would rate them a ten out of ten.

Positive

I was a part of our internal pilot, and I remember us taking a while to get the network appliance deployed. That was not because of Field Effect. When we first partnered with Field Effect, we were unfortunately still in the depths of the pandemic. This would have been 2022. We were just coming out of things. We wanted to do a pilot to evaluate it. We were doing our due diligence, but at the time, common shipping carriers were experiencing massive delays. There were transport delays and supply chain issues. Everything was up and down, so it took a while for us to get our appliance. That also caused a delay or lag in implementing the pilot. It was not due to any fault of Field Effect, but it took us a while to get Field Effect to the point where we could even begin to evaluate it. We finally got it installed and got a feel for it. 

Field Effect MDR has multiple layers. We had just come from another tier-one Magic Quadrant solution. It was also an MDR solution, but it only allowed us to have host-based agents installed. The only thing that was on the network was an appliance to collect agent telemetry that could then feed it to a SIEM. Prior to Field Effect MDR, we had to do a bunch of things with Linux boxes and so forth. It was a one-off per client to do things like SIEM integration, whereas Field Effect, out of the box, gives us multiple layers of telemetry, host, network, DNS, cloud, and email as a trailing indicator. That immediately allowed us to have much greater visibility. We had 360-degree visibility of a protected environment. That was something we had not expected or anticipated. We probably heard it during the early demonstrations and overviews from Field Effect, but we did not fully comprehend it. When we got our hands on the platform, it was pretty evident, very early on, that the platform was superior. It took us a bit longer to then do some field testing to make sure that the technology was working as well as we thought based on what it was reporting and doing. 

We then started doing some pilot tests. We did pilot tests at two clients initially and then at around five clients before we fully committed to the platform. There were upwards of 500 to 750 managed endpoints in this due diligence plus pilot phase. That was when we got to evaluate the SOC because we started getting a significant volume of alerts and AROs. We were then confidently able to say that the platform is awesome. It has multiple layers. It is distributed. It is 360 degrees. It is holistic. Their SOC is effective. They are quick. They are responsive. They are capable and competent, and they are tailored. Each client can have a different service profile, so we can adjust how aggressive or passive we want to be in a given environment based on client requirements and our requirements. That took a while to discover but not due to any failings of Field Effect. It takes a while to go through all of that due diligence and all of that hands-on testing.

Within the first quarter, we were convinced of the capability of the platform. So, after an initial sales cycle or a partnership cycle of maybe two to three months, and then another month and a half of just COVID-related shipping supply chain delays, we could get everything we needed to set up our initial due diligence environment.

A top-tier competitor to Field Effect in Magic Quadrant that we had been using until our switch to Field Effect was a great product, but each capability had an additional charge. We had to license modules separately, and each of those add-ons had to be added onto its own consumption and agreement. It was a nightmare from a billing perspective because we had multiple agreements, and each one had a jagged anniversary or a renewal anniversary. It was a nightmare, whereas Field Effect MDR is one product.

To a colleague who is interested in a cybersecurity solution but says they have never heard of the vendor Field Effect, I would ask if they have heard of CrowdStrike. Have they heard what CrowdStrike did just a couple of weeks ago? Name recognition is not necessarily the be-all and end-all. I am a motorcyclist. I am a car nut. I watch F1 which is a walking billboard of security providers. You have Darktrace. You have CrowdStrike. You have even Bitdefender out there. You have Webroot out there. You have all these folks out there. Some of these are very recognized brands or names. Are they effective forever? No.

We have had very well-recognized platforms that were horrible to operate. They were either ineffective at doing the job they were supposed to do, or they were not highly interoperable, causing lots of problems with particular operating systems. I remember an issue with the Mac platform with a very low-cost and ineffective platform. That caused us to abandon it and use a different platform for Macs because it was highly problematic. Name recognition is great, and one day, Field Effect might be up there as one of those top-tier brands where upon seeing the Field Effect logo, people would say that they are in security, they are top-tier, and they are in Magic Quadrants. It is just a matter of time. 

I would encourage people to do their due diligence and get referrals from Field Effect about partners like me or end customers. Run a pilot. Run a proof of concept. Get the product. Run it for yourself. Try it in the field. Field Effect has been pretty generous at least to the partner community. I do not know what would happen with direct customers for this, but with their channel partners, they are very willing to allow a bit of latitude in making sure that Field Effect is the best fit for an organization. So, name recognition is great, and it helps to shorten that initial introductory meeting because you already know a lot about the company. That is fantastic, but that is merely the start of the relationship. It is not the end. It would be nice if Field Effect had better name recognition, but let us look at the merits of the platform, the capabilities, the success, and the effectiveness of the platform and base our decisions on that.

It is a highly effective platform, but they have room for improvement. I would rate Field Effect MDR a nine out of ten because they have room to grow, but where they are right now is amazing. It is so much ahead of what a lot of other Magic Quadrant providers are offering, particularly in terms of the price point, the simplicity of consumption and billing, the robustness of the partnership, the effectiveness of the partnership, and the scalability that it allows our internal team to have.

We are a start-up. I review the reports, but we have outside IT. They get all of the AROs, and they action them. I monitor it, and I am aware of what is happening, but I do not act on anything to respond to an error.

By implementing Covalence, we wanted to make sure that we are protected against the new cyber threats as best as we can. We wanted to preempt any attacks.

Covalence is backed by experts who are constantly monitoring for attacks and risks. That is the whole point. There is somebody monitoring on a regular basis.

From my perspective, it is very easy. We just got it installed, and it just runs. We get regular updates or notices when there is something. For example, it could be as simple as out-of-date software, but it is a potential threat. It is an easy click-and-action. I like that we are constantly being made aware of those things and updating our systems.

Covalence provides comfort and a sense of security. We are aware that it is not perfect, and there are still some vulnerabilities, but it does provide a certain level of comfort. We could see its benefits after we saw how reporting worked and what was being reported, especially when we saw how quickly an incident was actioned. Within a year, we were feeling very confident in their ability.

Covalence helps our security team save time.

Covalence gave us recommendations on how to reduce our risk when we set it up originally.

It is very user-friendly. We have regular reports to see what is going on. 

It is quick. We did have a potential incident where a staff member clicked on a bad link. Within an hour, that account was locked, and it was actioned right away.

There are tags for security threats, but I only view them. I do not action anything. I just see what is happening. Sometimes, they are a little bit vague, and I am unsure what they mean, so I leave that to the IT experts. Overall, we are quite satisfied with their product and how it is working. I am kind of a middle person. I am not a tech person, so I do not really understand how it all works. It provides me comfort that somebody else is doing it because I do not understand it.

It has been a couple of years for sure.

As far as I know, it just runs.

I interacted with their technical support for an email check, which is a part of their service. I also have regular or periodic checks with our rep.

We were not using a similar solution to this level. We have always had outside IT and trusted that they were doing it, but we felt that there was a gap, so we added Field Effect.

Covalence did not replace any cybersecurity solutions for us. I am not sure if Covalence gives a single cybersecurity product that proactively protects all threat surfaces. We have other things in place for security.

In terms of the deployment model, I believe there is an agent on our server in the building, and it runs remotely from there.

I was not involved in its deployment. I was aware that people were installing it and showed them where the server closet was, but I physically did not touch anything.

It does not require any maintenance from our end.

It is a little pricey. It is a little on the high end, but we are continuing to use it. We signed the contract and have not canceled, so we find value in having it.

To a colleague who is interested in a cybersecurity solution but says they have never heard of the vendor Field Effect, the provider of Covalence, I would say definitely check it out. I would probably send them the onboarding material that I received when I first started with all of the information on how it works and why it is a benefit.

I would rate Covalence a nine out of ten. I am quite happy with it. It is very user-friendly, but there is always room for improvement. There may be things that I do not understand because I am not fully tech-savvy, but it is doing what it is supposed to be doing as far as I am concerned. I am happy with the product and the service.

We operate a security operations center for several companies. We rely on Field Effect Covalence as their primary endpoint detection and response platform, making it their main line of defense. Additionally, we leverage Covalence during incident response, especially for larger events. In such cases, we prioritize the rapid deployment of Covalence to the affected client, followed by engaging Field Effect's services to effectively contain the threat.

We wanted to proactively protect our clients, and deploying Field Effect Covalence gave us peace of mind knowing they were safe.

While we offer both cloud and on-site deployments, Field Effect typically recommends on-site devices for new clients. However, we're happy to accommodate cloud-based solutions for clients with specific reservations about on-site hardware.

The 24/7 expert monitoring for attacks and risks is crucial.

Covalence is straightforward to use and easy to figure out.

The tagging system is incredibly helpful, especially when action items are generated. As soon as these appear, I can immediately contact the client by phone or message to determine whether it's a false positive, an IT team member's activity triggering the flag, or a genuine threat. This information is invaluable, as relying on a standard user checking at random intervals could easily lead to missed threats. In my case, receiving both an email and a text message on my phone for each action item is a huge advantage. Time is of the essence when dealing with incidents, so the prompt notification through the action ARO is incredibly valuable.

Covalence offers a unified cybersecurity product that proactively strengthens all of our threat surfaces, simplifying maintenance and streamlining workflows. Having multiple tools consolidated into one platform saves a significant amount of time.

It helps save our security teams a few hours per day.

Covalence has helped replace other major EDR solutions for some of our clients.

Covalence provides helpful recommendations for reducing security risks, accessible through the "AROs" tab. These recommendations go beyond basic vulnerability scanning, which the platform also offers. It can pinpoint specific machines vulnerable due to outdated software or other issues, as well as highlight potentially suspicious behavior. For instance, I've encountered situations where a user had disabled multi-factor authentication, which raises security concerns. Therefore, Covalence is valuable for identifying specific vulnerabilities and suspicious behavior associated with individual devices or accounts. 

The AROs have been incredibly helpful. They not only provide a clear overview of activity but also act as a vulnerability scanner to some extent. However, with the vast amount of logs and other data we receive daily, it's still valuable to have a concise summary of everything happening.

We meet with the Field Effect team every month, and I understand that one potential project they're considering is a patch remediation component within Field Effect. The ability to directly patch machines would be a significant improvement, though I recognize it's a substantial undertaking. I believe they're exploring the feasibility of this feature, and its inclusion in the Covalence tool would be transformative, streamlining workflows and reducing reliance on additional tools.

I have a couple of suggestions for improvement. First, it would be great if we could remotely remove machines from the portal, either by uninstalling the agent remotely or completely deleting the machine entry. Currently, if a machine is upgraded, especially for our smaller clients who replace machines frequently, the old machine entry remains offline or otherwise inaccessible, cluttering the portal. Having a self-service option to remove these machines would be much more efficient than contacting support every time.

In the AROs tab, if we encounter multiple duplicate recommendations, it would be helpful to be able to select and resolve or dismiss them all at once. This would save time and effort when dealing with repetitive tasks.

I have been using Field Effect Covalence for eight months.

I haven't encountered any stability issues with Covalence, unlike the other tools we use. Throughout my time working with Covalence, I haven't experienced any downtime or problems accessing the software or web UI. I'm incredibly impressed with its uptime.

Covalence is highly scalable, accommodating small deployments of just ten clients up to larger implementations with 500 clients. This makes it ideal for businesses of all sizes, especially those with rapidly growing client bases like our smaller clients. Additionally, replacing hardware devices is easy by contacting the Field Effect support team.

For certain tags, if a substantial action item is received, I will first offer the client brief advice before internally contacting technical support for further assistance. Overall, I've been quite satisfied with the quality of support provided. While there have been a few instances of slightly slower response times than I'd prefer, the assistance offered has been excellent. When prioritizing tasks, the immediacy of action items, particularly important ones, takes precedence over mere recommendations or observations, as the former requires prompt attention.

Positive

Before adopting Covalence, we utilized CheckLite, a similar solution developed by another company section in collaboration with an external partner. While not as sophisticated as Covalence, it served us well until our recent acquisition. Following the buyout, we transitioned to Covalence due to its greater maturity, user-friendliness, and the exceptional support provided by its team.

The initial deployment was remarkably straightforward. We simply need to provide the person working on this project with information such as network resources, hardware types, and other relevant details.

Beyond Field Effect setting up the physical device and shipping it off to the client, only one person is required for the deployment.

We work directly with Field Effect and do all the implementations in-house.

While we evaluated other options like CrowdStrike, ultimately our decision went with Covalence. This was largely influenced by three factors: our CEO's prior experience, the evolving landscape of available tools, and the existing partnership we have with Field Effect.

I would rate Field Effect Covalence a nine out of ten. I've been extremely pleased with it overall. There are just a couple of minor areas in the web portal that could be improved for easier navigation. Apart from that, I've been incredibly happy with the service.

No real maintenance is required for Covalence.

For someone unfamiliar with Field Effect, I'd start with a quick internal product demo. This highlights key features and limitations, followed by directing them to their website and comprehensive support docs. Finally, I'd share my positive firsthand experience with the software.

For large-scale deployments of Covalence, having an RMM solution or another multi-machine deployment method is crucial. While manual installation is feasible for smaller clients, efficiently managing broader deployments requires automated tools. Otherwise, the setup process itself is straightforward.