Field Effect MDR Reviews

It's our cybersecurity solution for cloud, network, and endpoints. We do a weekly review of the endpoints, and because software is always changing and no software is secure, we are updating software all the time. We rely on them for our cybersecurity solution.

Covalence informs you of the threats and how to address them. They send emails and texts. They tell you what the level is. You can see the recommendations and ask for help. You can escalate. It's very helpful.

For a small business that doesn't have a full IT or cybersecurity department, their guys are there when you need them. If something comes up and gets identified by the system, you can reach out to a human if you need help doing the analysis. A couple of times, I ran software that did the analysis, and then I sent it back to them. They were able to review what the malware was and evaluate whether it was safe or not to proceed after it was clean.

For endpoint management, Covalence identifies operating systems that need updating to help us stay on top of everything. It's running in the background and does a packet-level analysis of everything that comes in. It also has an auto-response feature, so if something gets through and is clicked on, or somehow gets through the network, it gets isolated and quarantined, and we get notified. We've had one instance of that scenario where someone got an Excel spreadsheet that was malicious, and we were notified and it was quarantined. We worked with the forensic team at Covalence and ran a full review of that computer.

The packet-level analysis—knowing that everything that comes in is getting looked at—and the endpoint protection are the most valuable features. Whatever comes in, it can be as if your door is always open. If you're on the internet, things can creep in that you don't want. But Covalence is looking at everything that comes through.

And the auto-response is valuable, knowing that it's going to quarantine any malicious thing that happens to get through or when a user happens to click on something they shouldn't have clicked on. Email is the major vector of cyber attacks, and we do have training for that. But in the event that someone clicks on something they shouldn't, the system will isolate it and quarantine it. And their team does a post-event analysis.

They have experts available to do a forensic-level evaluation of what the issue is. Luckily, we haven't had any serious attacks. I don't know if that can be attributed 100 percent to Covalence, but we have peace of mind knowing it's there.

We use the tagging of alerts, recommendations, and observances, as well as the SEAS (suspicious email alert system). The tagging is a different way of categorizing threats. Endpoint management gives me the person that I need to deal with for a specific vulnerability. But the tagging identifies vulnerabilities at a vulnerability level. An example might be "out-of-date software soon," and then it would list out the 12 employees who are running that on their endpoints. If you approach it by endpoint, it's the opposite. It will say, "Here's the endpoint and all the vulnerabilities." The tagging helps me prioritize. Often, it's just an observance, such as someone using Tor browser for something. It comes in as text and email, and you can take care of it.

The area where they can make it better is by giving responses to the end-user. For example, when there is an alert to the administrator, I get it. I have to copy and paste everything to everyone, telling them, "Hey, your Zoom is out of date," or "Mac user, you have to update your iOS because there's a vulnerability." And then I have to follow up with them, and it's a real pain.

Also, with the email alert system, when people have suspicious emails they forward them. The analysis comes back, and I have access to it. But what I want is that if someone who is not the administrator sends in a suspicious email, they should get the email back with the response from Covalence. Now, it keeps that information in the administrator portal. But I want to get out of the way. If someone reports something, the answer should go back to that person, not to me. In some cases, it requires an admin to execute software updates, but I would like them to know exactly what they need to do to be up-to-date and have a vulnerability-free endpoint.

We have been using Field Effect Covalence for at least three years.

I don't think it's ever crashed. It's always running in the background. I get reports on how many scans and how many malicious things it has stopped. I have peace of mind knowing we have some protection running.

I would assume it's scalable, but it's not as if my company went from 40 to 5,000 employees. For us, the scalability is unknown.

The support is good because you never know when you're going to need help with something.

That time I mentioned, when someone in the warehouse got an email with a spreadsheet that came up as a high alert, we quarantined him, and then we did the analysis with their help. I called in and support said, "We're going to send you an executable to give us all the data from that computer so we can analyze it, see how they got in, and what toolkit they used for the Excel."

There was no repercussion, but it was great being able to call immediately and have a forensic-level guy on the line that could advise us.

And if I ever have questions, I can send an email, and they're really good about responding. That's when it's more of a casual question. But when something is pressing or urgent, that's when you call in.

They're good in both respects. They're very good. When I needed them, they were absolutely there.

Positive

We had something super-basic and rudimentary: a firewall and spam filter. That wasn't a model that was keeping up with cybersecurity threats. We went from having a super low-level, basic security setup to having an actual modern cybersecurity tool to help us identify and deal with threats.

Cybersecurity is a standard requirement now. It's not that you can just get away with a firewall and a spam filter. We knew a lot of companies that got hacked, and we wanted to be ahead of the curve. I brought it up and was doing some initial due diligence, and then our CFO said we needed a solution. I had told them before about Field Effect Covalence and that I reached out to all the majors, but the starting point for them was $24,000 a year.

The fact that Covalence is backed by experts who are constantly monitoring for attacks is very important to us. One of the reasons I selected Covalence was because their founder was a big name in cybersecurity. He was Canada's number-one cybersecurity guy, and he worked with a task force that was like the MI5-equivalent of cybersecurity back in the day. That was good to know.

Also, with this product, you have access to all of these features, whereas with other systems, it seemed like if something happened, you would have to pay a consultant some crazy rate per hour to sort out your situation. Whenever something happens or I have a question about one of the endpoints, they have people to help out.

I have an account manager, which is very helpful, and we do quarterly reviews. It's a complete solution for us as a small to midsized company. There were a lot of solutions out there for enterprises, because that's where the money is, but cyberattackers don't care if you are a small or midsized company. If they can get money out of you, they're going to hit you. They shoot things out, and wherever they land is is where they go. So this was the right solution for us, and we've been really happy with it so far.

The initial deployment of Covalence was super easy. I'm an IT generalist with a certain focus on integration, e-commerce, and SQL. The diagram instructed you  to plug the blue cable in next to the blue dot. It was super dumbed-down, which was perfect for me.

As for maintenance, there was one time when they updated the endpoint agent, but it was super easy because everything is monitored. I had to update all the endpoints, and it was pretty easy, but I didn't have to update the hardware.

I did it all by myself, without any help from anyone. It was really simple.

When we were searching, it was when cybersecurity was a huge topic and there was an unclear market. It wasn't like if I needed a CRM, Salesforce was absolutely the number one, or if I needed an e-commerce system, Shopify was absolutely the number one.

And most of what was out there was built for enterprises, and they would parse out the different components. You might get one component for one thing, another component for another thing, and a third component for another aspect of cybersecurity. Each one would be about $24,000 a year. That just wasn't affordable for a small to medium business at all.

I got in touch with Arctic Wolf, but they were for the big spender, at $24,000. A lot of other companies were in the same ballpark. It was a barrier to entry, and we couldn't just shop around and try this one this year and another one next year.

When it comes to managing Covalence, it's easy in the sense that all the information is there, but it's not automatic. You can't just plug it in and go to the golf course or take a nap. Someone has to review it and follow up, especially on the endpoints. It's like the weather: things change every day. New emails come in, and that's probably the biggest attack vector. There are always new threat actors. It's not difficult, but you need to monitor it and respond to whatever shows up on your dashboard. You need to keep all your systems up-to-date, patched, and secure. It helps.

For example, Zoom updates their software just about every week. Everyone knows, "Okay, we have to update soon," because Covalence runs a comparison of identified vulnerabilities, and they always show up.

Covalence doesn't cover physical assets, but it covers all the digital resources: networks, endpoints, and the cloud. It is installed and monitoring all the traffic on all of those systems. It is the product that does everything.

If you haven't heard of Field Effect, you should consider it. What sold me is that it is a complete solution that is priced competitively. And I'm not saying that I bought it on price alone, but it ticked all the boxes that I was looking for: endpoint, network, cloud, and it wasn't $24,000 a year. For a small company, that's a sizable amount. There just wasn't an SMB product that could compete with Covalence when I was looking. Maybe there is one out there now, but I have sat in on so many presentations and I didn't see any for small and medium-sized businesses like Covalence. Maybe now that the enterprise market is saturated, Arctic Wolf is coming out with a less feature-rich product priced for small-to-medium-sized businesses. But it's hard to compete with Covalence in that market based on its feature set and cost.

The big takeaway is that we haven't been paralyzed by a cyberattack. I know it's stopping things. I don't know if there was some threat actor who tried to attack us and then said to themselves, "Oh, man, these guys have Covalence." For me, it's a case of job security that we haven't been attacked. If anything happens, they're going to look at me as the VP of IT and say, "It's your fault." But we haven't been attacked, and we see all the vulnerabilities. It's all laid out. It's monitoring every endpoint and every packet. For me, that's peace of mind.

We use Field Effect Covalence at three automotive car dealerships to monitor all of our endpoints and make sure that they comply with updates and security and to notify us of any threats or vulnerabilities that they may have.

Covalence being backed by experts who are constantly monitoring for attacks and risks is important to us.

Managing Covalence is easy.

The actions, recommendations, and observations work well and are timely. The only frustration we've had is when there is certain software that's out of date and it keeps finding traces of the software that did not get updated or uninstalled. Overall, they work very well.

Covalence's benefits were clear from the start. It revealed the significant outdatedness and deficiencies in our existing systems, and within just a few months, it identified a security vulnerability we would have completely missed otherwise.

Covalence informs us of threats with minimal false positives.

Covalence helps us mitigate security risks by recommending actions like keeping software current, removing unnecessary or unknown programs, and eliminating applications that could potentially compromise our organization.

The most valuable features are AROs, which provide timely notifications for out-of-compliance or out-of-specification detections. Additionally, the recently introduced endpoint view, which displays the health status of our network endpoints, has become an essential daily tool.

While Covalence addresses our notification and visibility needs, it falls short in keeping information up-to-date, which is where our MSP comes in to supplement its functionality.

I'd love to see a feature in Covalence that allows manually removing endpoints from the view and receiving notifications if they come back online. Currently, I use the Endpoint View daily, but some systems stay online for up to 30 days even when no longer in service. The ability to manually remove these would be very helpful. Additionally, since Covalence is a key tool for software updates and patch management notifications, it would be fantastic if it could automate some of this process or provide links to the latest software versions. While Covalence highlights the need for updates and what needs to be done, it doesn't necessarily point users to where they can find the software itself.

I have been using Field Effect Covalence for four years.

Field Effect Covalence has shown minimal stability issues, with only one incident attributable to a five-year-old hardware appliance.

Field Effect Covalence is highly scalable. It happens naturally as we add and remove devices.

The technical support team is professional, helpful, and responsive. I can't recall ever encountering an issue that they couldn't resolve.

Positive

The initial deployment of Covalence proved challenging due to my lack of experience, but subsequent deployments were much smoother as I gained familiarity with the process.

Our last two deployments took a couple of hours to complete.

I typically deploy the hardware and maybe help with the group policy. But then, for the most part, our managed service provider IT company, sets up the group policy, and it pushes it out that way the first time, and then it's just an ongoing automated process after that.

While I have not seen a quantifiable return on investment from Covalence, a major cybersecurity incident could have been incredibly expensive, highlighting its potential importance.

Field Effect Covalence's pricing is just right.

I would rate Field Effect Covalence nine out of ten.

The only maintenance Covalence requires is updating the endpoint agent twice a year, at most. These updates are released by Field Effect and necessitate modifying the group policy to reflect the new version. This is because the old group policy won't work with the updated agent.

Completely unfamiliar with Field Effect before consulting for an end user, I've come to appreciate it immensely. Now, it brings me real peace of mind.

My advice to almost everyone I've talked to about Covalence is that in the first few months, there's gonna be a lot of leg work, bringing your systems up to date and in compliance with what the AROs are recommending. But once you have them up to date and know what to look for, it's pretty easy maintenance going forward of your network.

We have integrated it with our Microsoft 365 deployment. We also use it on our endpoints, and we use it on our office network and email cloud solution.

Covalence saves me time because I don't have to threat-hunt. It does some of the threat-hunting for me. It finds the security issues we have, so we don't have to proactively investigate. Most of the investigation is done for us.

The fact that Covalence informs us of threats and how to address them really helps in large terms because we don't have security officers. It means that my operations team is actually able to deal with security issues. For an organization that doesn't invest a lot in IT, it's a worthwhile investment. I would recommend it.

For example, one type of recommendation is based on vulnerabilities, and the recommendation shows you what the vulnerability is and how to remediate it. That helps to reduce risk.

I like the proactive notifications and the security awareness that it gives. We mostly use it passively. I also like the Office 365 protection. There are user notifications about our cloud solutions and access, meaning authentication and possible breaches. Overall, the notifications and alerts are valuable.

There are also new features like the DNS protection, which is quite good.

In addition, the Covalence experts, who are constantly monitoring for attacks, are very important. During the day, their responses are very good. They are very useful.

Regarding managing the solution, it's very easy to use. We receive notifications via email, and one of my engineers uses the portal to look at the lot of them. They're very easy to understand and to take action on as well.

The tagging feature shows in the reports. The tags tell us some basic security action points. For example, they show us what we have faced during the week or the month, depending on the report, and how we can make our environment better. It is useful to us.

Our company has been using Field Effect Covalence for three years.

I've never seen any stability issues in the two years that I've been here.

Ever since I deployed the solution, I've never had to scale.

They could improve their support. My organization is in the Pacific time zone, and they operate on Eastern time. They provide support from 8 AM to 5 PM, and emergency support from 8 AM to 8 PM their time. Because this is a security solution, I would recommend that they extend their support hours and, for emergencies, even to 24/7 or 24/5.

Other than that, their support is quite thorough. They provide very excellent support. I had one negative incident, but that was a misunderstanding, so I don't see it negatively. I had a conversation with the head of support, and we managed to resolve that very easily. Generally, their support is very good.

Positive

We have appliances on-premises, we have its clients installed on our PCs, and we have connectors to our cloud, so we use it in a hybrid fashion.

The deployment of Covalence is quite easy. I was involved in deploying the appliances, and it was quite easy.

I have never seen it require any maintenance other than the replacement of the devices at end-of-life.

We were able to do it ourselves with help from their support team, but that help was minimal. They have very good support articles as well to provide that information.

Because I was remote at that time, I needed somebody to be onsite to connect the device physically, but if I had been onsite I would have done it all myself.

If a colleague were interested in a solution like this but said to me they had never heard of Field Effect, I would say that two years ago, no one had ever heard of ChatGPT. But when they gave it a try, it was amazing. I have already recommended Field Effect to one client and I would recommend it again.

My advice would be to look at your use cases and discuss them with Field Effect to see which solutions are best for you. I only use a small part of the solution, but they have penetration testing and are able to do other things that I may not use. Discuss your requirements with them, and work with them to build the best solution for you. That's the best approach.

I'm a customer of Covalence, but if I were running an MSP, this is one of the partners I'd pick.

We are dedicated to keeping our clients' fleets compliant and secure. Our proactive approach allows us to receive timely notifications when attention is needed, enabling us to act swiftly.

Our system highlights specific devices, files, or software that require attention and provides a CVE number detailing potential vulnerabilities and remediation steps. If you ever find yourself unsure about how to address an issue, their knowledgeable team is just a text message away. With real people ready to assist, they go above and beyond traditional security software to ensure your peace of mind.

Thanks to the MDR, it is easy for us to effectively develop policies to address vulnerabilities. By integrating Mobile Device Management (MDM) with our MDR, we can swiftly tackle detected issues. This combination enhances our cybersecurity posture and provides peace of mind, significantly reducing downtime. 

By proactively staying ahead of potential threats, we ensure our systems remain secure and efficient. This strategic approach not only safeguards our operations but also reinforces our commitment to maintaining a robust security environment.

The automated response feature is incredibly effective. For instance, we can automatically lock a Microsoft 365 account if a login attempt occurs from an unauthorized country. This proactive measure significantly enhances our security posture by swiftly mitigating potential risks. 

The system's ability to respond instantly to suspicious activities not only protects sensitive information but also provides peace of mind, knowing that our accounts are safeguarded against unauthorized access. Overall, this functionality is a valuable asset for maintaining robust security.

We've noticed that some alerts are indicating vulnerabilities that have already been resolved. While it's essential to stay informed about potential issues, the recurring notifications about past vulnerabilities can lead to confusion and may detract from our focus on current threats. 

Streamlining the alert system to filter out these resolved issues would enhance our efficiency and ensure that we concentrate on the most relevant and pressing security matters. Overall, refining this aspect would significantly improve our experience.

I've used the solution for two months now.

So far, we haven't had any issues; it's always been stable.

The solution is pretty scalable. You can go from a small company to a big company, from a local software agent to a network monitor.

Whenever we reached out for assistance or to whitelist a reported vulnerability that we knew was not harmful to our environment, we found the team exceptionally easy to work with.

Positive

We are in the process of integrating existing solutions with this new product. Rather than merely replacing what we have, this addition provides an opportunity to enhance our current capabilities.

The initial setup was straightforward.

Someone else acquired this solution for the company I'm working with.

As a technician, this question falls outside my role. That said, I recognize the significant benefits of a tool that accomplishes tasks in a fraction of the time compared to manual security methods.

The price is in accordance with the provided services.

We did not evaluate a different solution. 

You should certainly consider trying Field Effect; it is a robust solution that will soon be essential for any organization prioritizing security.

My workplace experienced a service security incident, and we engaged the Field Effect team to assist us with investigation and recovery. As part of their services, they implemented the Covalence monitoring solution. After the initial three-month engagement, we opted to retain the solution and continue using it.

It is of paramount importance that the surveillance system is continuously monitored for attacks and risks by a team of qualified experts. This is one of the primary reasons why we chose Field Effect.

Device management is straightforward. The solution is practically ready to use. It took less than an hour to install their appliance and agents, and it is straightforward to configure and monitor.

Tagging security threats enhances the system's learning capabilities. However, in our environment, if an event is tagged as non-threatening, the system will disregard it in the future and learn from the process.

Covalence offers a unified solution that proactively safeguards against various threats.

Covalence helps identify issues even when we're not actively looking for them. This helps our security team save around ten percent of their time.

Covalence keeps us informed of potential threats and guides how to address them if they materialize. Since its implementation, we have not encountered an actual threat, but it does alert us to potential issues.

Covalence bolstered our confidence in our security posture. As a result, we now sleep better at night knowing that Covalence safeguards our data.

It recommends actions to take to mitigate risk. This is crucial because it identifies the nature of the risk and provides solutions to address it. Therefore, it is of substantial importance, and it is our responsibility to either heed these recommendations or disregard them if we deem the risk insignificant or unrealistic.

The most valuable aspect of Field Effect Covalence is its ability to continuously monitor for and identify potential threats.

Currently, Covalence responds to threats by deleting the entire machine. However, it would be more effective if it could surgically isolate the specific malicious process instead of deleting the entire machine. This would minimize disruption and allow for a more targeted response to the threat.

I have been using Field Effect Covalence for six months.

I have noticed a slight slowdown when using the better agent on my machine, but I have never experienced a crash, to my knowledge. The slowdown is also not that significant, as it only occurs during startup.

Covalence is quite scalable. As a small organization, we believe we have ample room to grow with our current implementation. If we were to expand, we believe Covalence could scale with us by adding additional appliances.

The initial deployment was straightforward and took only one hour to complete. We were up and running quickly. We coordinated with the Field Effect's personnel and one individual from our team for the deployment.

The implementation was completed in-house.

Covalence is a threat solution that provides a high return on investment when a real threat is encountered. Fortunately, we have not yet faced such a situation. However, if we were to encounter a significant threat, I would estimate that the return on investment could be in the range of hundreds of times the cost of the solution, even with just a single incident.

The pricing was very reasonable. We were particularly impressed with their pricing model, which charges per user rather than per system. This is especially beneficial for companies like ours that have a large number of systems and therefore require multiple systems for each user. This pricing model will be much more cost-effective for us than the competition's models.

I would rate Field Effect Covalence eight out of ten.

In addition to Field Effect Covalence, we also use an antivirus, a perimeter firewall, various password protection tools, and phishing tools.

Covalence requires minimal maintenance, just the monitoring essentially. Monitoring and looking at the action alerts.

I highly recommend Field Effect for several reasons. Firstly, they cater to businesses of all sizes, from small and medium-sized enterprises to large corporations. Their pricing is competitive, and their solutions provide peace of mind by enhancing overall cybersecurity posture. I wholeheartedly endorse their services.

When comparing Field Effect's pricing model to that of its competitors, businesses should consider the importance of the granularity of threat isolation.

While we focus on being a general managed service provider rather than a specialized security solutions provider, we take security seriously. Therefore, we leverage Field Effect Covalence to comprehensively manage and monitor our client sites from a security standpoint.

Our organization currently lacks dedicated expert resources to analyze the data from the equipment. While having the equipment and ingesting information is important, it's crucial to have qualified personnel properly review the data to avoid a high rate of false negatives. Without this, the output could be unreliable and generate excessive irrelevant tickets, creating a noisy and inefficient solution. This is where Covalence shines, as their team of experts constantly monitors the data and provides valuable insights, which is immensely beneficial.

Field Effect Covalence is one of the easiest security solutions to manage. It integrates seamlessly with our existing PSA, meaning it interacts directly with our ticketing system. This eliminates the need for duplicate data entry and simplifies the workflow. Covalence identifies the actual issues, suggests appropriate resolutions, and provides supporting documentation to explain why addressing the issue is important and relevant.

When information enters our ticketing system, we categorize it based on its urgency and the action required. If it demands immediate attention, it's labeled as an "action" with high severity. Medium-severity actions require review and potential resolution within the same day. Observations, on the other hand, signal potential issues that need monitoring and assessment to determine if intervention is necessary. Recommendations, like software patches, are suggested solutions for identified problems. However, these may not always be feasible due to non-compliant or legacy applications that lack updates. In such cases, a discussion with the client is crucial to determine the best course of action. Covalence tagging simplifies this process by clearly categorizing information into three types: Actions, Recommendations, and Observations. Each ARO is further classified by severity (high, medium, and low), making it clear what needs to be done upon entry into the ticketing system.

We've experienced two key benefits from implementing Field Effect Covalence. The first, from a business owner's perspective, is risk mitigation. As someone constantly focused on minimizing vulnerability, knowing Covalence regularly reviews client sites and generates actionable reports provides immense peace of mind. It highlights areas needing improvement—something our internal team might miss. Their deeper analysis ensures no security issues fall through the cracks, fulfilling our initial purpose for bringing them on board. Second, from a client perspective, Covalence's reporting tool allows us to present monthly reports demonstrating our compliance and commitment to their security. In cases where clients hesitate to address recurring findings, the reports document their reluctance, holding them accountable. Overall, Covalence simplifies risk mitigation for both ourselves and our clients. Their independent reports offer transparency, showcasing not just outstanding issues but also their resolution speed.

While we use Covalence for monitoring and recognizing the broadness of cybersecurity, believing a single tool can't cover everything, I think cybersecurity ultimately revolves around access and firewall management. However, various aspects arise, and for actual monitoring and oversight of client activity within their site, Covalence provides comprehensive coverage.

Covalence streamlines the work of security teams by significantly reducing the need for manual research. Each ticket generated by Covalence provides clear, step-by-step instructions for resolving any identified ARO. It pinpoints non-compliant devices or applications and highlights any outstanding requirements for resolving the issue. Additionally, Covalence provides supporting documentation to explain the rationale behind each recommendation, promoting well-informed decision-making. This comprehensive approach empowers even Level 1 and Level 2 technicians to effectively address AROs and achieve timely resolutions.

Field Effect's agent includes an EDR and DNS solution, eliminating the need for separate cybersecurity tools for those functionalities.

Regarding Covalence's recommendations, some mandate specific actions to avoid vulnerabilities. Others suggest further analysis, like the example of multiple end-user VPN products. Having numerous VPNs accessing corporate data on corporate devices poses a significant challenge. However, with adequate documentation, we can effectively present this issue to clients. Ultimately, focusing on a single approved VPN and eliminating others seems like the prudent course of action to enhance security. Another example of this focus-narrowing concept applies to web browsers. The more applications and browsers running on a client's system, the higher the risk of non-compliance and the need for updates. Minimizing unnecessary tools simplifies maintenance and enhances overall security. Covalence's recommendations, along with the supporting reports, provide valuable insights for clients to improve their security posture. Discussing these findings in detail offers guidance and empowers clients to make informed decisions regarding their security infrastructure.

Individually, each aspect of Field Effect Covalence might not hold much significance. However, when combined, they create a powerful and effective system. I appreciate the "set it and forget it" nature of Field Effect Covalence. The platform keeps a watchful eye on client security, and I have confidence that any potential issues will be identified and addressed. The system generates Action Recommendation and Observation reports, which provide detailed instructions for resolving any security concerns and ensuring client compliance. This makes it remarkably easy for network management companies like ours to seamlessly handle the security needs of our clients. 

I'd like improved visibility into the backend data where logs are stored, along with integrations with a wider range of products. Field Effect Covalence already integrates with Office 365 and AWS, and has recently added Fortinet and Duo. Expanding their integrations to cover even more products would be highly beneficial.

I have been using Field Effect Covalence for five years.

Field Effect Covalence is stable. We have not encountered any issues and we don't see what is happening in the backend.

Field Effect Covalence is highly scalable. While the core agent software remains constant, the infrastructure adapts to growing data volumes. When an organization surpasses the capacity of its current appliance, simply replacing it with a more powerful one seamlessly extends the platform's capabilities. Additionally, adding appliances to accommodate new branch offices or increased data intake is straightforward. In essence, scaling Covalence is often as simple as adding or upgrading hardware, making it a flexible and adaptable solution for businesses of all sizes.

As early adopters of Field Effect Covalence, we've received exceptional technical support from their team. Their responsiveness is impressive, regardless of the ticket complexity or time of day. Even nights and weekends haven't posed a challenge – they're always available to assist. 

Positive

Previously, we used a hosted SIEM solution. However, this required dedicated security expertise for management, and it generated a significant amount of irrelevant alerts. Outsourcing SIEM monitoring has proven to be far simpler and more effective. Aside from the convenience, it's also slightly cheaper than maintaining and supporting an in-house team. Additionally, offloading liability is a major advantage. Field Effect Covalence takes ownership of SIEM monitoring and assumes responsibility for security vigilance, which we always emphasize to our clients. That's why we made the switch.

Deployment is fairly straightforward, but it needs the right hands on the job. In other words, this isn't a task for a level-one technician. While level-one and level-two staff can be helpful with routine operations, the initial setup requires a bit more expertise — someone with networking knowledge and experience. It doesn't need to be the most senior person, but just not someone starting.

The deployment process takes just one day. It involves four hours of setting up the on-premises components, followed by agent deployment and gradual activation. From this perspective, the actual onboarding is distinct from the deployment itself. The deployment itself is relatively straightforward and completed within a day. Onboarding, however, takes a little longer. This is due to the initial "noise" of the system, where security catches previously undetected issues. This thoroughness is a positive, as it ensures nothing slips through the cracks. Therefore, onboarding requires time for things to settle down and establish a regular rhythm of handling typical support tickets.

One person can complete the full deployment.

We've lost clients due to their growth or acquisition. Some who experience significant expansion build their own full-time IT departments, while others join companies with existing IT infrastructure. Notably, regardless of the reason for departure, they've all chosen to retain Field Effect Covalence.

While Field Effect Covalence's pricing seems competitive for the market, the biggest hurdle lies in the lack of dedicated security budgets within many organizations. Convincing these companies to allocate further IT expenditure specifically for security can be tough. They often struggle to justify adding another line item when they're already paying for individual security tools. This fragmented approach can leave them without a comprehensive monitoring system, which ultimately is the most critical need. So, the primary challenge isn't the price point, but rather helping companies understand the value proposition of a holistic security solution and how it complements their existing infrastructure. Once that hurdle is cleared, the current pricing of Field Effect Covalence appears reasonable.

I would rate Field Effect Covalence a nine out of ten.

Our client base varies in size, with a range of 15 to 150 users per client. The average client has 25 users.

We have some minor housekeeping tasks related to endpoint agents that don't deploy correctly, but we don't have any ongoing maintenance responsibilities.

Field Effect Covalence is a fantastic Canadian company, a testament to Canadian innovation and success. The talented team behind it began their journey in government cybersecurity. Recognizing a crucial need in the small and medium-sized business space, they leveraged their expertise to create a solution that has truly taken off. For five years now, we've been using Covalence with every client, and not a single one has experienced a breach. This is remarkable, considering that 60 percent of SMBs face a breach at some point. It speaks volumes about the effectiveness of Covalence and the expertise of its founders.

Field Effect Covalence is a reliable solution for our security monitoring needs. We haven't found anything else that compares. I appreciate the program's simple interface and the company's efficient service delivery. What truly impresses me is their client interaction. They don't just provide alerts; they explain the cause and implications, identify security gaps, showcase Field Effect's prompt resolutions, and highlight the exceptional speed of their response. This transparency and responsiveness are truly outstanding.

We use the solution as a tool to protect our endpoints against cybersecurity threats. We also use it for monitoring network traffic at our office, specifically against denial of service attacks or other cybersecurity threats.

The Covalence agent that's been installed and running on all of our user's devices is great.

I get alerts if there's malicious activity or restrictions or if any suspicious activity should emerge. That allows me to reach out to that user and investigate further.

We like that it’s backed by experts who are constantly monitoring for attacks and risks. It's very important. I've called upon them a few times. I don't need to every time. However, they've always responded extremely quickly - within minutes. They've helped me understand what the issue is and what a resolution could be.

For the most part, it's fairly easy to manage. On a scale of one to ten, I would probably say, with ten being minimal effort, zero being extremely difficult, I would put it around, you know, seven and a half or so.

We use the tagging of security threats such as actions, recommendations, observations, et cetera. For the most pressing issues, it's good.   

It doesn’t help us save time. However, it does help us be more focused on where we're spending our time.

The solution informs us of threats and how to address them. It has definitely helped with security. It gives recommendations on how to reduce our risk. That's very helpful, particularly when you have a more junior resource that's been dealing with the threat. The explanation and the description of the threat and the remedy suggested are very helpful.

I have had a couple of challenges around updates to the agents where it seems it doesn't automatically replace older versions. I've had to go in and manually remove them and do a reinstall, which is a bit cumbersome to do on all the devices. They should offer a silent install and update. I'm using InTune to install the agent on new devices; however, getting it updated to the new agent is difficult. Other than that, once it's up and running, it's pretty well a very easy advantage.

I find that sometimes it will send alerts a bit too quickly. For example, it will send me an alert if it detects that there is an older version of Windows running on a device. However, Windows forces us to update very quickly. We often get those alerts, and the updates just haven't had time to get installed yet.

As far as phishing emails in particular, it doesn't really help me in protecting against those. For that, I'm relying on Microsoft 365’s own tools. I get notified if somebody clicks on, for example, a suspicious link in an email; however, that's after the fact. I don't count on Covalent to filter out those potential emails from being delivered. We’re relying on Microsoft to do that.

We started using the solution almost two years ago. 

We haven't had any issues with crashing or downtime since we've been using it. 

We had a case where there was a power outage in the building. That created some alerts, however, when the power came back on, everything just reset, and we were fine. 

We contacted support during the initial setup and when we had to do an update. They were satisfactory. We had no complaints. 

Positive

We were not using a different solution previously.  

We do use their appliance to protect our network. However, we don't have any servers inside our network since all of our business apps are on the public cloud. 

I was involved with the initial setup of the solution. We did have some challenges getting it to work for the silent install that uses Intune. When we first tried to install it, we had difficulty getting it to do a silane install. And it took a while to get that resolved. Once we did, it worked fine, except we're having a similar kind of problem when there are updates to the agent that need to be installed. If we install it through, you know, a manual process, it works great. However, when you are trying to use Microsoft Intune, which is our endpoint device manager, there are some difficulties.

We had three members handling the installation process. 

Maintenance involves ensuring the latest version of the endpoint agent is installed on all devices. 

We handled the installation process in-house. 

The pricing is quite reasonable for the value we get out of the product.

We did look at other options, including Crowdstrike. The fact that Covalence was Canadian was important to us. The price point was attractive as well. 

We're customers and end-users.

I'd advise anyone to give it a serious look. It's a cost-effective solution compared to other options. However, they don't seem to be spending on marketing as you never hear about them really.

Look at all the features, if they're comparing it with other products, to make sure that they have everything required included. Make sure that you're looking at alternatives, considering various components. It's very easy to get confused between this agent, compared to, say, CrowdStrike's agent; however, if you need to add in the other components from CrowdStrike, do you have a comparable solution?

I'd rate the product nine out of ten. 

I am with an IT MSP or IT Managed Services Provider. We have clients who allow us to provide their IT services. We provide services for desktop support and all the way up to network administration, technical projects, and so forth.

We use Field Effect MDR for our clients as well as for ourselves, so we use it internally as well as resell it to our IT MSP clients.

Field Effect MDR is backed by experts who are constantly monitoring for attacks and risks. It is extremely important and relevant to us. Field Effect or at least the core team, comes out of offensive security with nation/state actions. That is very practical knowledge. Being able to take that and understand both from the offensive side and the defensive side is valuable. Knowing how to counter those offensive acts and how to anticipate them puts them in a great spot to understand the cyber landscape. We are able to stay on top of trends within that cyber landscape. Because they have intelligent sources or habits that they have developed from their history, it is very effective. We have a lot of trust in the leadership of Field Effect, the line managers, the SOC in charge, the forensic teams, and the incident response teams. We have very high confidence that our interests are highly regarded by them, and they are trying to protect our business, our interests, and our clients. They are also able to steer us in great directions. 

Even though they have such deep industry experience, they are willing to collaborate and listen. This is something that I would not have expected from a team like Field Effect. On the partnership side, we have used other top-tier EDR or MDR products. The products are great, but the partnerships in some cases have been just average. In some cases, they have been antagonistic, so from Field Effect, I was not expecting much, particularly having learned about their background. However, when we got working with them, it was just a revelation of how open they were to our situation and our particular needs, which are very different from their own priorities. They have been willing to work with us within reason. They have a development roadmap that they have to follow, but whenever we needed critical things to make Field Effect MDR a part of our core business and a successful part of our core business, they were very willing to listen. In many cases, they also acted on the requests. It has been a fantastic and very effective partnership.

We use its tagging of security threats as actions, recommendations, or observations. It is critical. We have used a lot of platforms, We have used the second-tier ones and also the top-tier ones in Magic Quadrant. The main issue with all of those platforms is noise. How do you improve the signal-to-noise ratio so that you are not spending a lot of your senior security analyst's time triaging non-actionable tickets, events, or alerts and they can focus on those truly actionable things that might require some level of direct incident response? With other platforms, including other top-tier platforms such as SentinelOne or CrowdStrike, we would get a lot of false positive notifications, and cutting through the noise was difficult. With Field Effect, because they use the ARO system of actions, recommendations, and observations, they have severity levels within each of those bands. I am not sure, but I believe there are five bands between each of those. We use a system called ConnectWise PSA as our ticketing system, so we are able to insert workflow rules and other automation assistance so that we can do some pre-filtering of the alerts to make sure that we direct all the high-priority notifications to our SOC team. We can either auto-close lower priority or lower severity notifications because they are non-actionable or are more informative, or we can funnel them to our regular help desk. A notification about your web browser being out of date does not need to go to the SOC. That can go to the regular service team to help walk the client through an update or do the update for them and things like that, so AROs are critical. It definitely allows us to maximize our limited and expensive resources so that we are focused on truly actionable things and not waste time on false positives.

As of now, Field Effect MDR gives us a single cybersecurity product that proactively protects all our threat surfaces, but who knows what may happen in the future. Field Effect MDR is holistic. With this one product, you get the host-based stuff. You get the network appliance. You get cloud monitoring. You get the DNS firewall. It is a much simpler product to handle from a billing perspective. From an account management perspective, the full version of Field Effect MDR is effective and easy to manage. They also have other versions, but the full product version is a one-stop shop. There is an add-on that they have probably introduced over the last year or maybe six months. It is for cloud retention. Field Effect MDR in many aspects is a SIEM, but they have not exposed all the traditional capabilities of SIEM, namely the dashboarding side or the user-facing side. It also lacked the ability for a SIEM to be a generic log aggregator or a log ingestion sync of any source of log data. They have now added that capability where you can add on log retention services if you need it for compliance or insurance or just your own digital forensics requirements. By default, it retains its own telemetry for 90 days, but if an organization wants to retain logs for 360 days or longer for compliance and data retention, they have a service for that. That is an add-on, but the core platform with its 90-day retention is usually acceptable to the majority of our clients.

Field Effect MDR most certainly helps our security team save time. It does that passively via ARO classification. The Field Effect SOC is doing its job through machine learning, human analysts, and other heuristics to make sure that events are categorized as best as they can. We can leverage their deep experience, which makes it much easier for my team. When we get an alert via Field Effect MDR, it is already packaged as an action, a recommendation, or an observation. When we get an action of medium or higher severity, that automatically goes to my company's SOC for some triaging and analysis to determine whether we need to spin up an incident response or what the proper response is to that notification. Lower-scored items, such as observations, recommendations, and low severity or priority actions, go to a SOC coordination team, which will also do some less technical triage to classify them, or it will be handled by some of our automations. The fact that AROs are being so effectively and correctly targeted allows us to focus our most senior, most expensive, and most skilled resources on things that actually matter.

We also gain efficiencies because the Field Effect SOC is collaborative. We do not just get an ARO. We are also able to initiate communication. If we have an action or event that we want to follow up on, be it an action, recommendation, or observation, we can request help. If my company SOC needs some guidance because we are not quite sure, or it is on the bubble of being actionable versus non-actionable and we want a second opinion before we close a ticket or spin up an incident for the response team, we can request help from the Field Effect SOC. They collaborate with us and explain the logic behind why they classified something like this. They listen to our points, perspectives, and considerations. They work with us to figure out whether it is something that we need to worry about, or it is something that we can defer or ignore. That is extremely helpful. With some of our other partnerships on technology products, including security products, it has been very difficult to get this level of effective collaboration from the vendor. That has been fantastic. That has allowed us to accelerate our plans. Initially, we were thinking about using Field Effect MDR only for certain clients who have purchased a higher tier or premium security service, like an MSSP service specific to security and compliance. However, given how scalable Field Effect MDR is through those efficiencies built into the platform, into their classification system of events, and indirect staff augmentation via their Field Effect SOC, we have now made Field Effect MDR the standard security platform for all of our clients, even the ones who are only on core IT support plans.

Field Effect MDR informs us of the threats that matter and how to address them. AROs are very detailed. A lot of security platforms provide that detail, so I do not know if that is especially unique in the Field Effect's case, but it is certainly effective. AROs are very well-detailed, and they describe which event triggered the alert. They explain why it is of interest but not an actual problem. They also detail the steps to remediate, mitigate, or dismiss a particular alert. They are very effective from that perspective.

They also provide us with bulletins. We have been lucky so far. None of our clients have been subject to any sort of rising threat. However, we would not necessarily know about it unless we are paying attention to security forms and other information sources. Field Effect is one of those sources. When they start to see a negative trend, they alert their community. As a channel partner of Field Effect, we get alerts, warnings, or notifications on those emerging threats. We can then alert our SOC and pay attention to some of the indicators of compromise that might not be flourishing into a full attack but are indicative of attack precursors. Those advanced alerts of emerging threats are key. Field Effect is attempting to keep us informed as a channel partner. I do not know how true that would be for a direct customer of Field Effect.

As a channel partner, we also get visibility into their development roadmap. We have influence over that roadmap. Understanding what is coming down the line in terms of feature enhancements, feature improvements, new features, new capabilities, and new services is great for us. We are a decently sized IT MSP with a growing set of MSSP services. We cannot always turn on a dime, so advanced notice, particularly in terms of forthcoming items, is very key. It allows us to help make sure that our various teams—technical teams on the SOC or the service delivery side, client-facing teams such as our account management teams, our VCIOs, our VCSOs, and marketing team—are working in a highly synchronized or collaborative manner. They can make our new services and offerings as successful as possible with minimal friction in our particular marketplace.

It is hard to take them in isolation. It is a security product, so it is all about defense and depth. You cannot be monolithic, so you have to be holistic, and that is what Field Effect MDR is. It starts with their host-based agents, their EDR agents, which are very capable, but those are bolstered by network compliance, which does network intrusion detection. We are getting visibility over the network, not just for those hosts that have a Field Effect EDR agent but also things like the Internet of Things, guest networks, or rogue devices. We definitely have visibility into all network traffic, which is very cool. They also provide a DNS firewall, so that is pretty key. These days, with zero trust, you have to assume a breach at some point. It is sad but true. Even folks like CrowdStrike, who are not necessarily getting compromised, are falling victim to their own internal processes, so having multiple layers of protection is certainly beneficial. With a DNS firewall, even if something were to go haywire, such as an intruder breaches the perimeter and gets onto an endpoint, or somehow the endpoint itself fails to be effective, we still have the ability to block those command and control hubs. That is pretty key.

Cloud monitoring is another thing that we found valuable in addition to host endpoint protection. We also have cloud monitoring in addition to the host-based agent, the secure DNS, the network intrusion detection, and the network compliance that sits on-prem monitoring all traffic. We are able to ingest all the events for all the top services, such as Microsoft 365, GCP, AWS, Dropbox, Salesforce, and ServiceNow, and make sure that we are looking at the entire distributed footprint of an organization and not just a particular endpoint or a particular office, so it is very comprehensive.

On top of all of that telemetry being captured, we have the Field Effect security operation center. Their SOC analysts are awesome. They are very flexible in terms of particular rules, which might change from organization to organization. They are able to take those particular provisioning or service definitions and still remain very responsive and according to our service level agreements. We found their SOC to be incredibly engaging. That is on the service delivery side.

We are a channel partner of Field Effect. We deal with a lot of products, but Field Effect has certainly distinguished itself as being a stellar partner. They are not just providing us with fantastic products, which are highly effective, they are also helping us. They are helping our clients. Their partner team or their marketing team helps us with go-to-market activities. It has been a fantastic relationship.

The interface is perhaps the weakest part of the entire platform, and that does not mean that it is deficient. It is just not as optimized and as efficient as other aspects of the platform. Given their background of coming from the offensive security side of things, understanding how attackers are going to operate, and having played that role in their previous careers, they have built a great platform that understands what to look for. Their threat detection, rules, and their correlation engine are amazing. They have very high accuracy. That is built throughout the platform. From the technology side, because of their experience, they know what to prioritize in terms of their development roadmap, so they get the best features out as quickly as possible, which is fantastic. There is comfort in knowing that our protected environments will be well safeguarded by the entire platform, including their security operation center.

The weak point, particularly as an MSP, because we have multiple IT clients, is that we need a multi-tenant type of interface. We need a single pane of glass that allows us to manage all of our clients, including our own tenant for our own internal use. Their web console has seen some development over the past couple of years. Their focus was perhaps not as much on the user-facing side of things as it was on the core technology or the actual cyber defense side of things, so we have had some points of challenges over the past couple of years. Over the last six months, however, there have been some pretty drastic positive changes to the user interface for the web console or the web admin console. The interface is a lot better, but there are still some gaps that we would love to see getting filled. For example, we would like to be able to export all data grids to CSV so that we could bring them into some other format to do data analysis outside of the web console. That is still a bit hard to do. However, they have added so many other quality-of-life, user efficiency, and multi-tenant management features over the last six to nine months that the interface is now much better. It is a highly usable interface now.

Field Effect MDR is a compelling platform because it is not monolithic. It is distributed, and it is layered. You have the host, DNS, network, and cloud. They have something called SEAS or Suspicious Email Analysis Service, which is awesome because everyone is suspicious of emails, perhaps even multiple times per day. If you multiply that by multiple clients and the number of users per client, you can imagine the volume of tickets that we get within our company to know if it is a phishing email. Having that service from Field Effect where they ingest an email reported by an end user and do the analysis to determine whether to trigger some sort of incident response action or to ignore it because it is legitimate. Having that is amazing. Where they have a gap currently is that they have their telemetry coming from so many different areas of an organization. Field Effect MDR is basically collecting all the data that a SIEM does. I guess to the Field Effect SOC, Field Effect MDR is a SIEM, but a lot of those SIEM capabilities are not fully exposed to end customers or MSPs, such as MSSPs or MSPs like my company. It would be awesome if somewhere on the development roadmap, they continue to evolve the platform and expose more of the native SIEM functionality so that it is available to end customers and not just to the Field Effect SOC.

The UI and SIEM capabilities are two main things that I would love to see. That would make it a slam dunk. They would then cover everything. They have a holistic security defense platform. They have log retention. They have MDR capabilities. Those are massive checklist items in an organization's cyber defense footing. An organization looks for things like compliance assessments, cyber insurance, and cybercrime coverages.

I would certainly love Field Effect to continue to be very judicious in expanding its precious development resources in the pursuit of market competitiveness. I imagine their competitors seeing the success that Field Effect MDR is having with their holistic approach, so I would expect more of that from their competitors. I see them providing a one-stop-shop type of solution. It would be incumbent for Field Effect to continue driving the initiative by expanding its universe of products and services. It would be interesting to see other elements from them that lead to good cyber hygiene. As an IT MSP or MSSP, one of the big challenges for us is a simple thing like patching. We have tools where we can pretty confidently patch operating systems such as Microsoft Windows, Linux, and macOS, but we are not able to patch third-party applications with a high success rate. That is due to a host of causes, some of which are user-driven but a lot of them are platform-related. It would be awesome if Field Effect started to include features like patch management into the mix so that we could leverage the ubiquity of Field Effect MDR to tackle one of our highest service delivery challenges. We are already using some third-party application patching tools, but even with multiple of them in play, we are far below our desired success rate for monthly application updates. I would love to have another layer to that mix to help improve our patch compliance rate. 

I have recently been exposed to an application allowlisting platform. It is very capable, and it is solving some specific needs, particularly for companies that are trying to maximize their cyber insurance spend. If you have application allowlisting deployed, some site insurers are willing to provide more coverage or reduce the premium for those clients. They see that as a very positive or defensive posture and are willing to incentivize it. Currently, Field Effect MDR does not have any form of application allowlisting capability. It would be interesting to have it added to the platform in some fashion. That would be great. The host agent in Field Effect MDR is kernel-based, so it is already well-positioned to do things like application allowlisting.

I believe it has been just over two years.

You have occasional issues with a new hire who might be just out of training, but that is very rare. The majority of times that I contact Field Effect support, I get an analyst who not only seems to be very knowledgeable about our particular deployments but is also aware of the platform and the landscape. The analyst is able to create a nice little intersection of all of those to help provide the best direct guidance for a given situation. I found them to be very effective and responsive.

They follow the sun. If we get after-hours alerts, we are still able to get hold of Field Effect SOC analysts to help us triage or respond to high-sensitivity or high-severity events. Because we are a channel partner of Field Effect, in addition to contacting support directly, I often copy our partner success manager to keep him in the loop regarding what is going on, so we usually get a very good and fast response from Field Effect support. When we have supercritical issues that require immediate and most senior attention, it is awesome to have a champion within Field Effect who knows us. We meet with our partner success manager at least monthly, but often, it is biweekly. It is great having a champion within Field Effect who can immediately escalate issues important to us or our clients. They are great, and they are greater when we get our partner rep involved.

In terms of rating, I hate giving out tens because it does not leave room for growth. I am going through SOC 2 and HIPAA compliance certification right now. I just went through this exercise of documenting all of our vendors and all of the systems that we have running. There are over a hundred, and some of those are packaged applications that we just buy. We are just using them off the shelf. With many of them, however, it is a channel relationship where we are a partner or a reseller, and we have an account rep or some sort of extended relationship, or business development relationship with a provider. Among all of our providers, I can confidently and unconditionally say that Field Effect is the best, so based on that, I would rate them a ten out of ten.

Positive

I was a part of our internal pilot, and I remember us taking a while to get the network appliance deployed. That was not because of Field Effect. When we first partnered with Field Effect, we were unfortunately still in the depths of the pandemic. This would have been 2022. We were just coming out of things. We wanted to do a pilot to evaluate it. We were doing our due diligence, but at the time, common shipping carriers were experiencing massive delays. There were transport delays and supply chain issues. Everything was up and down, so it took a while for us to get our appliance. That also caused a delay or lag in implementing the pilot. It was not due to any fault of Field Effect, but it took us a while to get Field Effect to the point where we could even begin to evaluate it. We finally got it installed and got a feel for it. 

Field Effect MDR has multiple layers. We had just come from another tier-one Magic Quadrant solution. It was also an MDR solution, but it only allowed us to have host-based agents installed. The only thing that was on the network was an appliance to collect agent telemetry that could then feed it to a SIEM. Prior to Field Effect MDR, we had to do a bunch of things with Linux boxes and so forth. It was a one-off per client to do things like SIEM integration, whereas Field Effect, out of the box, gives us multiple layers of telemetry, host, network, DNS, cloud, and email as a trailing indicator. That immediately allowed us to have much greater visibility. We had 360-degree visibility of a protected environment. That was something we had not expected or anticipated. We probably heard it during the early demonstrations and overviews from Field Effect, but we did not fully comprehend it. When we got our hands on the platform, it was pretty evident, very early on, that the platform was superior. It took us a bit longer to then do some field testing to make sure that the technology was working as well as we thought based on what it was reporting and doing. 

We then started doing some pilot tests. We did pilot tests at two clients initially and then at around five clients before we fully committed to the platform. There were upwards of 500 to 750 managed endpoints in this due diligence plus pilot phase. That was when we got to evaluate the SOC because we started getting a significant volume of alerts and AROs. We were then confidently able to say that the platform is awesome. It has multiple layers. It is distributed. It is 360 degrees. It is holistic. Their SOC is effective. They are quick. They are responsive. They are capable and competent, and they are tailored. Each client can have a different service profile, so we can adjust how aggressive or passive we want to be in a given environment based on client requirements and our requirements. That took a while to discover but not due to any failings of Field Effect. It takes a while to go through all of that due diligence and all of that hands-on testing.

Within the first quarter, we were convinced of the capability of the platform. So, after an initial sales cycle or a partnership cycle of maybe two to three months, and then another month and a half of just COVID-related shipping supply chain delays, we could get everything we needed to set up our initial due diligence environment.

A top-tier competitor to Field Effect in Magic Quadrant that we had been using until our switch to Field Effect was a great product, but each capability had an additional charge. We had to license modules separately, and each of those add-ons had to be added onto its own consumption and agreement. It was a nightmare from a billing perspective because we had multiple agreements, and each one had a jagged anniversary or a renewal anniversary. It was a nightmare, whereas Field Effect MDR is one product.

To a colleague who is interested in a cybersecurity solution but says they have never heard of the vendor Field Effect, I would ask if they have heard of CrowdStrike. Have they heard what CrowdStrike did just a couple of weeks ago? Name recognition is not necessarily the be-all and end-all. I am a motorcyclist. I am a car nut. I watch F1 which is a walking billboard of security providers. You have Darktrace. You have CrowdStrike. You have even Bitdefender out there. You have Webroot out there. You have all these folks out there. Some of these are very recognized brands or names. Are they effective forever? No.

We have had very well-recognized platforms that were horrible to operate. They were either ineffective at doing the job they were supposed to do, or they were not highly interoperable, causing lots of problems with particular operating systems. I remember an issue with the Mac platform with a very low-cost and ineffective platform. That caused us to abandon it and use a different platform for Macs because it was highly problematic. Name recognition is great, and one day, Field Effect might be up there as one of those top-tier brands where upon seeing the Field Effect logo, people would say that they are in security, they are top-tier, and they are in Magic Quadrants. It is just a matter of time. 

I would encourage people to do their due diligence and get referrals from Field Effect about partners like me or end customers. Run a pilot. Run a proof of concept. Get the product. Run it for yourself. Try it in the field. Field Effect has been pretty generous at least to the partner community. I do not know what would happen with direct customers for this, but with their channel partners, they are very willing to allow a bit of latitude in making sure that Field Effect is the best fit for an organization. So, name recognition is great, and it helps to shorten that initial introductory meeting because you already know a lot about the company. That is fantastic, but that is merely the start of the relationship. It is not the end. It would be nice if Field Effect had better name recognition, but let us look at the merits of the platform, the capabilities, the success, and the effectiveness of the platform and base our decisions on that.

It is a highly effective platform, but they have room for improvement. I would rate Field Effect MDR a nine out of ten because they have room to grow, but where they are right now is amazing. It is so much ahead of what a lot of other Magic Quadrant providers are offering, particularly in terms of the price point, the simplicity of consumption and billing, the robustness of the partnership, the effectiveness of the partnership, and the scalability that it allows our internal team to have.