Microsoft Defender for Endpoint

In our organization, we use Microsoft Defender for Endpoint to protect against malware, phishing, and other advanced threats. It provides real-time threat detections and automated remediations. This application assists us in improving endpoint compliance and centralized control.

• Strong Microsoft ecosystem.
• Integrating multiple security tools.
• Threat detections and remediations.
• Licensing is expensive.

In our organization, we primarily focus on the Microsoft ecosystem. We manage approximately 20,000 endpoints, such as laptops and virtual servers. Although we have Mac & Linux, it's very limited, as the majority of our infrastructure is based on Windows.

Trellix Endpoint Security ENS and Cisco Secure Endpoint

Sentinel, FortiClient

We used Defender to replace Sophos. Being included as part of the Microsoft 365 package saved us the entirety of the cost of the previous provider. It also provides significantly more detailed security insights into our devices. Dashboard scores are used to help proactively respond to threats. The software also includes threat assessment to see all of the vectors an attacker would use.

• Was able to alert us to a malicious event overnight, tracking the incident end-to-end.
• Gives management clear insight into the security footprint of the company.
• Saved several thousand dollars a year in 3rd party antivirus costs.

We are currently deployed to around 200 total PCs and servers. Our PCs are mostly Windows 11 with a few Windows 10 PCs that are in the process of being replaced. Our servers are entirely Windows-based, with most using Server 2019. We are not currently using Defender on mobile devices.

Sophos Managed Detection and Response

Microsoft Intune, Microsoft Exchange Online Archiving, VMware vSphere

We use Microsoft Defender for Endpoint as an antivirus to protect our systems from different types of malware. It helps us uncover attacks which are happening on our machines. Also, it is useful in getting timely alerts for such attacks.

• It has reduced the expert manpower requirement to less than 50% for detection
• For initial configuration, it took lots of time.

Mostly Windows clients (around 100 computers)

Sophos Intercept X

Sophos Intercept X

It's our primary EDR on client and servers.

• As a partner and as a reseller, we recommend it to every customer. The problem of the challenge here is that other EDRs are sold as a lower price and not every customer understands the value of having this type of application and this type of features on their environment.

We are protecting 250 Windows clients and 150 windows and Linux Servers

CrowdStrike Falcon

First thing I use in this product for no more than the employee devices, right? One of the key features that the for Endpoint is giving us is the vulnerabilities for those devices and also no more what are the vulnerabilities score that we have in the company. It's helping us to address those vulnerabilities, giving us all the recommendations and really like how this has been working for us to know more how we expose it to our devices to specific attacks.

• I think the positive is the investment, right? So even if you have your license because you're using a licensing environment and just to have it there, my speech is always regarding using what you have and if you have a good tool that has been categorizing as one of the best tools, so why don't use it, right? So my thing, I think the positive thing is use it working because it's integrated, it's native for the consoles and other products and I think that will be the best impact that I will be provided to customer.

In my company, yes. Currently we have 200, but I have been working with companies that they have more than 3000 devices working with Different For. We use all platforms.

Microsoft Entra ID, Microsoft Defender for Cloud Apps