We just raised a $30M Series A: Read our story
2021-09-26T04:53:00Z

What are the best on-premise Endpoint Security solutions for a Tech Services company with 10,000 employees?

54

Hi dear professionals,

I'm working as the Cloud Security Architect at a Tech Sevices company with 10,000+ employees and I'm looking for suggestions about on-premise endpoint security solutions. 

Please recommend the best product/solution that fits the requirements below (salient features and expected features):

  • Endpoint Protection Platform (EPP)
  • Application Change Control (ACC)
  • File Integrity Monitoring (FIM)
  • Endpoint Detection and Response (EDR)

Expected Features:


1. Integration with NAC solution
2. Real-time scans (both new files and URLs) and scheduled scans (scanning all files against newly-deployed signatures)
3. Protection from malicious web downloads
4. Protection from exploits
5. Application and device control
6. Reports and alerts
7. Detecting alerts (ASAP)
8. Incident investigation and remediation
9. AI/MI-based behavior anomaly detection and remediation
10. Third-party integrations
11. Flexible deployment options
12. Endpoint Security Solution Threat Intelligence
13. Sandboxing is a must

ITCS user
Guest
66 Answers

author avatar
Top 5Real User

Satish,


Thank you for your well-thought-out and detailed question on this topic. Many will have many opinions on this so prepare to get a little overwhelmed.


Is this protection for your 10k+ staff or you're looking to resell this as a service?


Sophos EDR is a possible solution. They also allow demos of the product, however; it's a cloud solution - keep that in mind. The majority of these are going to be cloud-based because that's where the $$$ are at.


Sentinel One would be my product of choice for EDR and they offer on-prem or reseller options.


Depending on what firewall you're running, Cisco and Palo Alto also offer decent solutions.


I believe all the solutions listed encapsulate the goal of what you had in mind.

2021-10-04T14:52:43Z
author avatar
Top 5User

Hello, I think it doesn't make sense to just compare device protection and automated response security solutions, it's missing to protect identities, devices, and insider access. I think: The best and most valuable option is Microsoft, Microsoft 365 Defender | Microsoft Docs


Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.


With the integrated Microsoft 365 Defender solution, security professionals can stitch together the threat signals that each of these products receives and determines the full scope and impact of the threat; how it entered the environment, what it's affected, and how it's currently impacting the organization. Microsoft 365 Defender takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities.


Microsoft 365 Defender services include:
1. Microsoft Defender for Endpoint, is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
2. Microsoft Defender for Office 365, Plan 1 protects email and collaboration from zero-day malware, phish, and business email compromise, Plan 2 adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training).
3. Microsoft Defender for Identity, a cloud service that helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber-attacks and insider threats.
4. Microsoft Cloud App Security, is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all your cloud services.


If the end customer already has Microsoft 365 in companies or educational institutions, they already have the collaboration tools, only the security and endpoint management tools should be added, all with Microsoft 365 E5/A5, no more investment is being made, it is being consolidated, visibility is gained, responses are automated, the fatigue of operating so many security events that you do not have the time or personnel to review them decrease.


I hope this has generated value for you.

2021-11-06T01:01:31Z
author avatar
Top 5MSSP

Hi Satish, well i am not quite sure if only one thing will help.


What ab a Plattform, is it worth a try?


I recently had a pitch of a plattform called Tanium, i think it´s may be worth to give it a try?


Please let me now, about your opinon.



Best Regards


Norman

2021-10-28T11:08:18Z
author avatar
User

Check McAfee EPP that is the best solution that fits your expected features.


1. Integration with NAC solution ..yes 
2. Real-time scans (both new files and URLs)and scheduled scans (scanning all files against newly-deployed signatures) .. on access scans and on-demand scan and they have a web control for the URL scanning. 
3. Protection from malicious web downloads …..yes 
4. Protection from exploits … sure with Mcafee threat prevention one of the main features is exploit prevention  
5. Application and device control … yes Mcafee device control can be manage also with ePO management console 
6. Reports and alerts … yes 
7. Detecting alerts (ASAP) … yes 
8. Incident investigation and remediation …100% with Mcafee EDR
9. AI/MI-based behavior anomaly detection and remediation … Mcafee ENS ATP 
10. Third-party integrations … McAfee EPO can be integrated with more than you think 
11. Flexible deployment options … 100% with EPO you can manage and push all the Mcafee products from one  console and one server and one agent 
12. Endpoint Security Solution Threat Intelligence … McAfee TIE 
13. Sandboxing is a must … McAfee ATD

2021-10-11T21:07:56Z
author avatar
Top 5Consultant

Hi Satish,


My recommendation for your requirements will go to Sentinelone on-premise solution.


Below point are mentioned on their site, but I insist you to give at least a try as we are very satisfied with their product and support.


Easy to deploy and manage. Deploy enterprise-wide in seconds. Manage across GEOs and departments with the industry’s best console. Proven, tried, and tested. 


Our patented behavioral AI models are validated by MITRE’s ATT&CK evaluation and others, like SE Labs and VirusBulletin.

2021-10-05T16:03:53Z
author avatar
Real User

From your ask, you may need to go with a combination of solutions to provide a best-in-breed defense.  For example, the vendor offering the best EDR/XDR capability for an on-premises deployment may not be the one who provides the best endpoint anti-malware / anti-ransomware capability or the best threat intelligence.


Are you looking for a single vendor solution?  And why is sandboxing specifically a requirement?


And, as @Eric Rise ​asked - are you asking as a reseller or to deploy the solution in your own environment?


Sorry, I'm not being more specific here, but there are a lot of variables that would change the answers.

2021-10-04T18:22:00Z
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Protection for Business (EPP). Updated: November 2021.
554,676 professionals have used our research since 2012.