What are the best on-premise Endpoint Security solutions for a Tech Services company with 10,000 employees?

Satish,

Thank you for your well-thought-out and detailed question on this topic. Many will have many opinions on this so prepare to get a little overwhelmed.

Is this protection for your 10k+ staff or you're looking to resell this as a service?

Sophos EDR is a possible solution. They also allow demos of the product, however; it's a cloud solution - keep that in mind. The majority of these are going to be cloud-based because that's where the $$$ are at.

Sentinel One would be my product of choice for EDR and they offer on-prem or reseller options.

Depending on what firewall you're running, Cisco and Palo Alto also offer decent solutions.

I believe all the solutions listed encapsulate the goal of what you had in mind.

Hello, I think it doesn't make sense to just compare device protection and automated response security solutions, it's missing to protect identities, devices, and insider access. I think: The best and most valuable option is Microsoft, Microsoft 365 Defender | Microsoft Docs

Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

With the integrated Microsoft 365 Defender solution, security professionals can stitch together the threat signals that each of these products receives and determines the full scope and impact of the threat; how it entered the environment, what it's affected, and how it's currently impacting the organization. Microsoft 365 Defender takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities.

Microsoft 365 Defender services include:
1. Microsoft Defender for Endpoint, is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
2. Microsoft Defender for Office 365, Plan 1 protects email and collaboration from zero-day malware, phish, and business email compromise, Plan 2 adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training).
3. Microsoft Defender for Identity, a cloud service that helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber-attacks and insider threats.
4. Microsoft Cloud App Security, is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all your cloud services.

If the end customer already has Microsoft 365 in companies or educational institutions, they already have the collaboration tools, only the security and endpoint management tools should be added, all with Microsoft 365 E5/A5, no more investment is being made, it is being consolidated, visibility is gained, responses are automated, the fatigue of operating so many security events that you do not have the time or personnel to review them decrease.

I hope this has generated value for you.

Hi Satish, well i am not quite sure if only one thing will help.

What ab a Plattform, is it worth a try?

I recently had a pitch of a plattform called Tanium, i think it´s may be worth to give it a try?

Please let me now, about your opinon.

Best Regards

Norman

Check McAfee EPP that is the best solution that fits your expected features.

1. Integration with NAC solution ..yes 
2. Real-time scans (both new files and URLs)and scheduled scans (scanning all files against newly-deployed signatures) .. on access scans and on-demand scan and they have a web control for the URL scanning. 
3. Protection from malicious web downloads …..yes 
4. Protection from exploits … sure with Mcafee threat prevention one of the main features is exploit prevention  
5. Application and device control … yes Mcafee device control can be manage also with ePO management console 
6. Reports and alerts … yes 
7. Detecting alerts (ASAP) … yes 
8. Incident investigation and remediation …100% with Mcafee EDR
9. AI/MI-based behavior anomaly detection and remediation … Mcafee ENS ATP 
10. Third-party integrations … McAfee EPO can be integrated with more than you think 
11. Flexible deployment options … 100% with EPO you can manage and push all the Mcafee products from one  console and one server and one agent 
12. Endpoint Security Solution Threat Intelligence … McAfee TIE 
13. Sandboxing is a must … McAfee ATD

Hi Satish,

My recommendation for your requirements will go to Sentinelone on-premise solution.

Below point are mentioned on their site, but I insist you to give at least a try as we are very satisfied with their product and support.

Easy to deploy and manage. Deploy enterprise-wide in seconds. Manage across GEOs and departments with the industry’s best console. Proven, tried, and tested. 

Our patented behavioral AI models are validated by MITRE’s ATT&CK evaluation and others, like SE Labs and VirusBulletin.

From your ask, you may need to go with a combination of solutions to provide a best-in-breed defense.  For example, the vendor offering the best EDR/XDR capability for an on-premises deployment may not be the one who provides the best endpoint anti-malware / anti-ransomware capability or the best threat intelligence.

Are you looking for a single vendor solution?  And why is sandboxing specifically a requirement?

And, as @Eric Rise ​asked - are you asking as a reseller or to deploy the solution in your own environment?

Sorry, I'm not being more specific here, but there are a lot of variables that would change the answers.