What needs improvement with Field Effect Covalence?

The solution could improved DNS filtering and fuller integration into ConnectWise PSA (I understand both are in the works). The current roaming DNS filter doesn't seem to be too complete and we're hoping to be able to eliminate purchases on other filters, such as Umbrella. The ConnectWise PSA integration is two-way but does not send our comments back to the Field Effect portal. Additionally, they have recently come out with an option that does not require a physical appliance onsite. This will be valuable for smaller locations.

Before Field Effect all we had was policies and all we could do was rely on our team members to make the right decisions and not compromise any systems or information. I'd suggest that Field Effect focus more on including things like phishing simulation and cybersecurity training. We always talk about a triangle of people, process and technology to solve any business problem. Field Effect has done wonders at covering the technology aspect of this triangle, however, to truly be a cybersecure organization, you need your people and processes to be just as secure.

We've noticed that some alerts are indicating vulnerabilities that have already been resolved. While it's essential to stay informed about potential issues, the recurring notifications about past vulnerabilities can lead to confusion and may detract from our focus on current threats. Streamlining the alert system to filter out these resolved issues would enhance our efficiency and ensure that we concentrate on the most relevant and pressing security matters. Overall, refining this aspect would significantly improve our experience.

It would be greatly beneficial to integrate compliance-related reporting directly into the portal. By doing so, users could easily monitor and evaluate compliance levels in relation to popular security standards and frameworks such as ISO 27001, NIST, CIS, and AICPA TSC. This feature would provide a comprehensive overview of adherence to common controls, enabling more efficient identification of areas needing improvement and ensuring that the organization remains aligned with critical regulatory requirements. Furthermore, it would streamline the auditing process by offering detailed insights and facilitating proactive compliance management, ultimately enhancing the organization's overall security posture.

Field Effect MDR could broaden the portfolio of supported cloud applications. They integrate about 15 to 20 out of the box, including Office 365, Azure, Salesforce and others. I'd love to see a consistent flow of new integrations, including line of business apps for critical industries and additional cloud applications that are commonly used.

It does not replace everything we need. If they can include an email filter system, that would be great.

While Covalence addresses our notification and visibility needs, it falls short in keeping information up-to-date, which is where our MSP comes in to supplement its functionality. I'd love to see a feature in Covalence that allows manually removing endpoints from the view and receiving notifications if they come back online. Currently, I use the Endpoint View daily, but some systems stay online for up to 30 days even when no longer in service. The ability to manually remove these would be very helpful. Additionally, since Covalence is a key tool for software updates and patch management notifications, it would be fantastic if it could automate some of this process or provide links to the latest software versions. While Covalence highlights the need for updates and what needs to be done, it doesn't necessarily point users to where they can find the software itself.

There are tags for security threats, but I only view them. I do not action anything. I just see what is happening. Sometimes, they are a little bit vague, and I am unsure what they mean, so I leave that to the IT experts. Overall, we are quite satisfied with their product and how it is working. I am kind of a middle person. I am not a tech person, so I do not really understand how it all works. It provides me comfort that somebody else is doing it because I do not understand it.

Covalence should provide a live view of the endpoint because the endpoint view in the portal is 5 to 15 minutes behind the actual status of the endpoint and its vulnerabilities. When it doesn't update with the actual status, it makes managing those things harder because sometimes something gets updated, and one of those vulnerabilities has gone away, but that doesn't appear in the ARO. The ARO information becomes outdated. There should be more alignment between the actual view, the endpoint view, and the ARO list. It also lacks email security, so you have to implement other things. They cover a lot but not everything.

We meet with the Field Effect team every month, and I understand that one potential project they're considering is a patch remediation component within Field Effect. The ability to directly patch machines would be a significant improvement, though I recognize it's a substantial undertaking. I believe they're exploring the feasibility of this feature, and its inclusion in the Covalence tool would be transformative, streamlining workflows and reducing reliance on additional tools. I have a couple of suggestions for improvement. First, it would be great if we could remotely remove machines from the portal, either by uninstalling the agent remotely or completely deleting the machine entry. Currently, if a machine is upgraded, especially for our smaller clients who replace machines frequently, the old machine entry remains offline or otherwise inaccessible, cluttering the portal. Having a self-service option to remove these machines would be much more efficient than contacting support every time. In the AROs tab, if we encounter multiple duplicate recommendations, it would be helpful to be able to select and resolve or dismiss them all at once. This would save time and effort when dealing with repetitive tasks.

Field Effect Covalence could benefit from enhancing its packing slip process. When receiving multiple devices simultaneously, it can be challenging to initiate setup due to inadequate labeling on the packing slips, which often fails to clarify device-to-customer associations.

It would be incredibly valuable to have the Field Effect team handle some of the third-party application patching they're currently identifying. While it's fantastic that they're proactive in this area, the time commitment is significant. Integrating patching into their existing service offering would be a game-changer. I'd love to see a tool that aids sales discovery efforts when we engage new clients. Ideally, this internal tool would scan their network environment to identify potential risks and give us a comprehensive picture of their network infrastructure. This would be a huge asset in informing our sales strategies and showcasing our expertise.

I would like Covalence to implement patch management as well. It would be beneficial to add the ability to create groups for endpoint devices within the portal.

The area where they can make it better is by giving responses to the end-user. For example, when there is an alert to the administrator, I get it. I have to copy and paste everything to everyone, telling them, "Hey, your Zoom is out of date," or "Mac user, you have to update your iOS because there's a vulnerability." And then I have to follow up with them, and it's a real pain. Also, with the email alert system, when people have suspicious emails they forward them. The analysis comes back, and I have access to it. But what I want is that if someone who is not the administrator sends in a suspicious email, they should get the email back with the response from Covalence. Now, it keeps that information in the administrator portal. But I want to get out of the way. If someone reports something, the answer should go back to that person, not to me. In some cases, it requires an admin to execute software updates, but I would like them to know exactly what they need to do to be up-to-date and have a vulnerability-free endpoint.

The tagging of ARO closure has room for improvement. Covalence needs different categorizations for closing AROs.

Over the last four years, there have been so many improvements and additions that I honestly can't think of anything else, aside from more third-party integrations with other MSP tools.

The cost of the solution has room for improvement.