Hi community members,
I work as the Director of Information Technology at a legal firm and I'm looking at replacing our Symantec EDR with either SentinelOne or CrowdStrike but can't seem to get any balanced views other than those from each vendor.
Currently, I'm doing a POC on both and am interested to know: has anyone already gone through the same dilemma and which solution did you end up with?
Thanks!
We RFI/POC'd them all.
Sentinel One came out on top for every aspect of the requirements that we needed to fulfill from our architect.
That said, CrowdStrike is a good tool as well but I think ends up being more expensive. The best bang for the buck was S1.
Hi Ron - SentinelOne without a doubt - it has not been breached.
We are currently in the process of looking for "new tools" in regards to endpoint security. We use McAfee at the moment and we lean more towards S1.
But I am interested how your POCs go. Please come back with some insight!
It really depends what you want as outcomes, reporting integration with other security technologies. Be happy to discuss.
Better, I would suggest moving it to Microsoft Defender for Endpoint, which will help more in feature.
@Evgeny Belenky, I have deployed Microsoft Defender for Endpoint to 10 -12 customers and 5 of them as a replacement of CrowdSrtike.
EDR is also very accurate and easy to analyze.
For Defender, we just need to have ASR Policies defined for Block, Warn, Audit and Enable for the endpoint to action detection. Microsoft Defender for Endpoint comes with a vulnerability assessment as well. This will help remediate and keep a clean environment to avoid security attacks.
Microsoft365 is this unified tool that we can integrate with Cloud app, security Device policy and alerts.
S1 for sure.
Disconnect Falcon from the internet and it looses its ability to do anything. Falcon is still a fine product, for EDR I'd go S1.