What is our primary use case?
Malwarebytes is more of an Endpoint Protection Platform inside a NextGen AV solution. We use it to do, it does real-time protections, but our primary use for that product is compliance scanning. So traditional threat monitoring plus daily scans, full scan, system scans, etc. And it covers the signature and heuristics gap for us.
How has it helped my organization?
The fact that the agent is SaaS-based is a major improvement. So with COVID and the new permitter being the endpoint itself out in the wild, Malwarebytes allowed for protection and communication 100 percent of the time. So if it has an internet connection, we're connected and protected. So that was one of the biggest benefits. We were running Windows Defender before, which if an asset wasn't on VPN or went off-network, it was essentially out in the wind. We didn't know what was happening to it from an AV perspective.
What is most valuable?
Malwarebytes is easy to use. There's not a lot I like about it, but I will say that they have some of the best signatures out there. As far as traditional AV technology and detection solutions go, that's probably what I'd like about them the most. They have some of the best signature writers out there.
What needs improvement?
Malwarebytes is too simplistic. From a SOC IR perspective, it doesn't give you very much data around it. It doesn't tie things or provide SHA-1 and SHA-256 detection information, which makes it hard to do an additional investigation. It should give you more hash information, IOC-based information, etc. It also gives a lot of false positives. That's one of our biggest beefs.
For how long have I used the solution?
I've been using Malwarebytes for three years.
What do I think about the stability of the solution?
The Malwarebytes agent has a design flaw that impacts performance. They built it on top of ClamAV, which is okay, but they run into some problems excluding certain locations or dealing with high-performance impact solutions. If you exclude it, then it's excluded completely, and you lose telemetry on it entirely. Again, we have experienced some problems with their agents breaking in their own update processes.
What do I think about the scalability of the solution?
Scalability's fine. We never ran into any issues, and we're a large company with 17,000 users. So I think that Malwarebytes can scale just fine. But that's probably due to the solution's simple nature. The more data you're pulling back, the more complex it gets, which creates a greater load on the backend systems that they're hosting. However, Malwarebytes is pretty lean right now, so performance has never really been a problem from a console perspective.
How are customer service and support?
I'd say that Malwarebytes support is fine, but they lack maturity when it comes to enterprise-class security solutions.
Which solution did I use previously and why did I switch?
We were running Windows Defender, but we switched to Malwarebytes because it is a cloud-hosted SaaS solution that is as effective on the cloud as it is on-prem.
How was the initial setup?
Straightforward. We're a very large environment, so it took us a couple of days, but technically, you could begin deployment almost immediately. As is the case with any AV product, you have to fine-tune it to deal with false positives and performance issues. Aside from that, the deployment itself can be done very quickly. You can use SECM, PDQ. They even have their own deployment tool that you can use. It's pretty easy to get it out there.
We did the implementation ourselves. My security department partnered with our patch management and asset deployment team. We gave them the packages and the switching, then they began deployment from there. It doesn't need a lot of maintenance. About three people should do it. Whoever deployed the solution will occasionally need to redeploy or fix an agent. You also need one or two frontend security staff to operate it.
What's my experience with pricing, setup cost, and licensing?
I would say that it's affordable. It costs much less than Sentinel One, CrowdStrike, or anything of that nature. But, at the same time, you are getting what you pay for. So I would say it's one of the best when you're comparing traditional NextGen AVs like Webroot that aren't the best in the bunch. McAfee and some of those other ones bring a lot more different options to the table. But if it's just straight AV technology, I would put Malwarebytes at the top of the heap in terms of value for the money.
What other advice do I have?
I would rate Malwarebytes eight out of 10 if I'm judging it by the standards of traditional endpoint protection or NextGen AV solution. When it comes to frontend protections, it has some of the best definitions. In addition, they do traditional signature and heuristic detection a lot better than Microsoft and some other players in that space. But if you're lumping it in with other EDR solutions, it's a zero.
If you plan to use Malwarebytes, I suggest utilizing its auto-patching mechanism as much as possible and aggressively keeping it up to date.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Very interesting and honest review. If I may ask a question: From your personal point of view, not based on any specific science or feature set which product does your gut say you should go with?