Field Effect MDR Reviews

We operate a security operations center for several companies. We rely on Field Effect Covalence as their primary endpoint detection and response platform, making it their main line of defense. Additionally, we leverage Covalence during incident response, especially for larger events. In such cases, we prioritize the rapid deployment of Covalence to the affected client, followed by engaging Field Effect's services to effectively contain the threat.

We wanted to proactively protect our clients, and deploying Field Effect Covalence gave us peace of mind knowing they were safe.

While we offer both cloud and on-site deployments, Field Effect typically recommends on-site devices for new clients. However, we're happy to accommodate cloud-based solutions for clients with specific reservations about on-site hardware.

The 24/7 expert monitoring for attacks and risks is crucial.

Covalence is straightforward to use and easy to figure out.

The tagging system is incredibly helpful, especially when action items are generated. As soon as these appear, I can immediately contact the client by phone or message to determine whether it's a false positive, an IT team member's activity triggering the flag, or a genuine threat. This information is invaluable, as relying on a standard user checking at random intervals could easily lead to missed threats. In my case, receiving both an email and a text message on my phone for each action item is a huge advantage. Time is of the essence when dealing with incidents, so the prompt notification through the action ARO is incredibly valuable.

Covalence offers a unified cybersecurity product that proactively strengthens all of our threat surfaces, simplifying maintenance and streamlining workflows. Having multiple tools consolidated into one platform saves a significant amount of time.

It helps save our security teams a few hours per day.

Covalence has helped replace other major EDR solutions for some of our clients.

Covalence provides helpful recommendations for reducing security risks, accessible through the "AROs" tab. These recommendations go beyond basic vulnerability scanning, which the platform also offers. It can pinpoint specific machines vulnerable due to outdated software or other issues, as well as highlight potentially suspicious behavior. For instance, I've encountered situations where a user had disabled multi-factor authentication, which raises security concerns. Therefore, Covalence is valuable for identifying specific vulnerabilities and suspicious behavior associated with individual devices or accounts. 

The AROs have been incredibly helpful. They not only provide a clear overview of activity but also act as a vulnerability scanner to some extent. However, with the vast amount of logs and other data we receive daily, it's still valuable to have a concise summary of everything happening.

We meet with the Field Effect team every month, and I understand that one potential project they're considering is a patch remediation component within Field Effect. The ability to directly patch machines would be a significant improvement, though I recognize it's a substantial undertaking. I believe they're exploring the feasibility of this feature, and its inclusion in the Covalence tool would be transformative, streamlining workflows and reducing reliance on additional tools.

I have a couple of suggestions for improvement. First, it would be great if we could remotely remove machines from the portal, either by uninstalling the agent remotely or completely deleting the machine entry. Currently, if a machine is upgraded, especially for our smaller clients who replace machines frequently, the old machine entry remains offline or otherwise inaccessible, cluttering the portal. Having a self-service option to remove these machines would be much more efficient than contacting support every time.

In the AROs tab, if we encounter multiple duplicate recommendations, it would be helpful to be able to select and resolve or dismiss them all at once. This would save time and effort when dealing with repetitive tasks.

I have been using Field Effect Covalence for eight months.

I haven't encountered any stability issues with Covalence, unlike the other tools we use. Throughout my time working with Covalence, I haven't experienced any downtime or problems accessing the software or web UI. I'm incredibly impressed with its uptime.

Covalence is highly scalable, accommodating small deployments of just ten clients up to larger implementations with 500 clients. This makes it ideal for businesses of all sizes, especially those with rapidly growing client bases like our smaller clients. Additionally, replacing hardware devices is easy by contacting the Field Effect support team.

For certain tags, if a substantial action item is received, I will first offer the client brief advice before internally contacting technical support for further assistance. Overall, I've been quite satisfied with the quality of support provided. While there have been a few instances of slightly slower response times than I'd prefer, the assistance offered has been excellent. When prioritizing tasks, the immediacy of action items, particularly important ones, takes precedence over mere recommendations or observations, as the former requires prompt attention.

Positive

Before adopting Covalence, we utilized CheckLite, a similar solution developed by another company section in collaboration with an external partner. While not as sophisticated as Covalence, it served us well until our recent acquisition. Following the buyout, we transitioned to Covalence due to its greater maturity, user-friendliness, and the exceptional support provided by its team.

The initial deployment was remarkably straightforward. We simply need to provide the person working on this project with information such as network resources, hardware types, and other relevant details.

Beyond Field Effect setting up the physical device and shipping it off to the client, only one person is required for the deployment.

We work directly with Field Effect and do all the implementations in-house.

While we evaluated other options like CrowdStrike, ultimately our decision went with Covalence. This was largely influenced by three factors: our CEO's prior experience, the evolving landscape of available tools, and the existing partnership we have with Field Effect.

I would rate Field Effect Covalence a nine out of ten. I've been extremely pleased with it overall. There are just a couple of minor areas in the web portal that could be improved for easier navigation. Apart from that, I've been incredibly happy with the service.

No real maintenance is required for Covalence.

For someone unfamiliar with Field Effect, I'd start with a quick internal product demo. This highlights key features and limitations, followed by directing them to their website and comprehensive support docs. Finally, I'd share my positive firsthand experience with the software.

For large-scale deployments of Covalence, having an RMM solution or another multi-machine deployment method is crucial. While manual installation is feasible for smaller clients, efficiently managing broader deployments requires automated tools. Otherwise, the setup process itself is straightforward.

Field Effect MDR forms part of our robust security solution bundle for our clients as well as internally. It has helped us consolidate IDS/IPS functionality. 

We primarily manage IT services for clients, including infrastructure (servers, networks, storage), software (applications, security tools), user support (helpdesk, remote support), security (threat detection, compliance), and cloud services (hosting, SaaS). 

Our offerings include proactive monitoring, SLAs, scalability, and cost efficiency, providing businesses with expert support, allowing them to focus on core activities, and ensuring reliable, up-to-date systems.

The solution has helped us consolidate our security tools stack. The rich feature set has enabled us to retire a couple of individual solutions that performed only a single function. This has reduced our overall spending with a healthy ROI. 

By integrating various security functionalities into a single platform, we have streamlined our operations and improved efficiency. This consolidation has simplified our security management. It also enhanced our ability to respond to threats more effectively. 

In the past, managing multiple security tools was a complex and time-consuming task. Each tool required its own updates, maintenance, and monitoring, which often led to inefficiencies and gaps in our security posture. With the new consolidated security stack, we have a unified approach that ensures all aspects of our security infrastructure work seamlessly together.

One of the most useful and impressive features of the system is its detailed notification mechanism. Rather than merely identifying a threat or potential threat, the system goes a step further by providing actionable recommendations along with clear steps to take in response. This proactive approach ensures that technicians are not left guessing about the next steps, thereby enhancing their ability to respond swiftly and effectively. 

Moreover, the notification includes detailed information on compliance and aligns its recommendations with best practices and industry standards. This comprehensive and integrated notification system has significantly increased our efficiency in addressing security incidents, allowing us to provide prompt and well-informed resolutions. By offering a combination of threat identification, actionable guidance, and compliance information, the system has become an indispensable tool in our security infrastructure.

It would be greatly beneficial to integrate compliance-related reporting directly into the portal. By doing so, users could easily monitor and evaluate compliance levels in relation to popular security standards and frameworks such as ISO 27001, NIST, CIS, and AICPA TSC. This feature would provide a comprehensive overview of adherence to common controls, enabling more efficient identification of areas needing improvement and ensuring that the organization remains aligned with critical regulatory requirements. 

Furthermore, it would streamline the auditing process by offering detailed insights and facilitating proactive compliance management, ultimately enhancing the organization's overall security posture.

I've used the solution for four months.

The solution has been quite stable so far.

The solution is highly scalable, catering to for multiple network endpoints.

We switched solutions to consolidate our security toolset.

The initial setup was straightforward for the most part, and the management portal is very user-friendly.

We implemented the solution with our in-house team.

It is quite reasonable for the rich feature set we receive.

We use the solution as a tool to protect our endpoints against cybersecurity threats. We also use it for monitoring network traffic at our office, specifically against denial of service attacks or other cybersecurity threats.

The Covalence agent that's been installed and running on all of our user's devices is great.

I get alerts if there's malicious activity or restrictions or if any suspicious activity should emerge. That allows me to reach out to that user and investigate further.

We like that it’s backed by experts who are constantly monitoring for attacks and risks. It's very important. I've called upon them a few times. I don't need to every time. However, they've always responded extremely quickly - within minutes. They've helped me understand what the issue is and what a resolution could be.

For the most part, it's fairly easy to manage. On a scale of one to ten, I would probably say, with ten being minimal effort, zero being extremely difficult, I would put it around, you know, seven and a half or so.

We use the tagging of security threats such as actions, recommendations, observations, et cetera. For the most pressing issues, it's good.   

It doesn’t help us save time. However, it does help us be more focused on where we're spending our time.

The solution informs us of threats and how to address them. It has definitely helped with security. It gives recommendations on how to reduce our risk. That's very helpful, particularly when you have a more junior resource that's been dealing with the threat. The explanation and the description of the threat and the remedy suggested are very helpful.

I have had a couple of challenges around updates to the agents where it seems it doesn't automatically replace older versions. I've had to go in and manually remove them and do a reinstall, which is a bit cumbersome to do on all the devices. They should offer a silent install and update. I'm using InTune to install the agent on new devices; however, getting it updated to the new agent is difficult. Other than that, once it's up and running, it's pretty well a very easy advantage.

I find that sometimes it will send alerts a bit too quickly. For example, it will send me an alert if it detects that there is an older version of Windows running on a device. However, Windows forces us to update very quickly. We often get those alerts, and the updates just haven't had time to get installed yet.

As far as phishing emails in particular, it doesn't really help me in protecting against those. For that, I'm relying on Microsoft 365’s own tools. I get notified if somebody clicks on, for example, a suspicious link in an email; however, that's after the fact. I don't count on Covalent to filter out those potential emails from being delivered. We’re relying on Microsoft to do that.

We started using the solution almost two years ago. 

We haven't had any issues with crashing or downtime since we've been using it. 

We had a case where there was a power outage in the building. That created some alerts, however, when the power came back on, everything just reset, and we were fine. 

We contacted support during the initial setup and when we had to do an update. They were satisfactory. We had no complaints. 

Positive

We were not using a different solution previously.  

We do use their appliance to protect our network. However, we don't have any servers inside our network since all of our business apps are on the public cloud. 

I was involved with the initial setup of the solution. We did have some challenges getting it to work for the silent install that uses Intune. When we first tried to install it, we had difficulty getting it to do a silane install. And it took a while to get that resolved. Once we did, it worked fine, except we're having a similar kind of problem when there are updates to the agent that need to be installed. If we install it through, you know, a manual process, it works great. However, when you are trying to use Microsoft Intune, which is our endpoint device manager, there are some difficulties.

We had three members handling the installation process. 

Maintenance involves ensuring the latest version of the endpoint agent is installed on all devices. 

We handled the installation process in-house. 

The pricing is quite reasonable for the value we get out of the product.

We did look at other options, including Crowdstrike. The fact that Covalence was Canadian was important to us. The price point was attractive as well. 

We're customers and end-users.

I'd advise anyone to give it a serious look. It's a cost-effective solution compared to other options. However, they don't seem to be spending on marketing as you never hear about them really.

Look at all the features, if they're comparing it with other products, to make sure that they have everything required included. Make sure that you're looking at alternatives, considering various components. It's very easy to get confused between this agent, compared to, say, CrowdStrike's agent; however, if you need to add in the other components from CrowdStrike, do you have a comparable solution?

I'd rate the product nine out of ten. 

We offer Field Effect Covalence as a cybersecurity package for our customers primarily for on-prem networks and cloud-based storage.

Field Effect Covalence has been able to detect zero-day Trojans almost immediately after installation on client systems, which our previous solution was unable to do. The network traffic monitoring has also been able to flag any potential issues before they become a problem. This has been a great help in monitoring issues with network configuration, such as DNS errors and port configuration.

The most valuable feature is the network traffic monitoring function.

The cost of the solution has room for improvement.

I have been using the solution for four months.

I give the stability a ten out of ten.

I give the scalability an eight out of ten.

We have 60 people using the solution in our organization.

We previously used SentinelOne Vigilance but switched to Field Effect Covalence due to its more robust offering of cloud, cloud storage protection, and live agents that triage the alerts and send them to us.

The cost of the solution is high.

I give the solution a nine out of ten.

People should be prepared for the solution to quickly identify a lot of things that have gone unnoticed for some time. Field Effect Covalence is an excellent solution.

We are an MSP and have integrated Covalence as a core offering across all of our SMB clients.

Covalence is deployed to monitor the physical network, end-points, cloud (Microsoft 365/Duo/SalesForce/Azure/Google), and DNS filtering.

Covalence allowed us to replace and consolidate a number of tools which provided immediate cost savings. Additionally, Covalence filled knowledge gaps and offloaded a big portion of monitoring activity. Finally, everyone feels more secure now knowing professionals and the right tools are in place.

We like the 24/7/365 SOC. Hackers are trying to breach a business when they least expect it - that's often at night, weekends, and holidays. Covalence never sleeps or misses a second of monitoring. 

Over the last four years, there have been so many improvements and additions that I honestly can't think of anything else, aside from more third-party integrations with other MSP tools.

I've used the solution for three or four years.

The business is extremely stable. They have great funding and are fully staffed.

The initial setup is very straightforward.

We handled the setup in-house.