![]() The EDR from insight is honestly irreplaceable for a security team, but you don't have a security team, so why pay a ton of money to get logs that are barely going to be looked at. This makes false positive checking very simple and is nice visibility to have. All quarantined executables get uploaded to CS so you can inspect them & get automatically sandboxed so you have a report of what they do. That will save you cost there with literally the same functionality (minus the logging, which is a little sad but c'est la vie.) If that's too difficult, then gotta suck it up and go with firewall.įor FalconX, it would actually be great for your usecase due to the automatic sandboxing. If you are currently using Sophos for host based firewall, then check how hard it would be to implement a similar firewall on a GPO level for your domain. Unless you have time to put into it or are willing to work with breaking business work flows (or if you already have those set up in Sophos), you aren't going to get really anything out of Device Control or Firewall.įor Device Control, to really get your moneys worth you'd be determining what types of USB devices can get plugged in, which is way overkill for anyone that isn't expecting specifically targeted physical attacks. So people are throwing out modules, but let me break it down with a deeper explanation. It looks for true bad things instead of just scanning files all day. ![]() CrowdStrike is much more light weight since it is looking at what happens on the machine versus just scanning every file (i.e. Traditional AV uses patterns and definitions to know what a threat is - where CrowdStrike looks at full indicators and behaviors. Traditional AV just does not compare to modern tech like CrowdStrike. Also remember that sales people want sales - so if you can make a move quick they create an incentive for you (i.e. ![]() For example you can do Insight, Prevent, Control, Threat Graph Standard, and Essential Support for bare bones for what you want (plus EDR) and that may not be too much more than Pro. Remember - these are packages that you can buy (Pro) but you can buy everything relatively a la carte too. It looks like Firewall Management is in Pro - that could be removed, too. You can remove Falcon X if that saves you money. ![]() Live chat available 6-6PT M-F via the Support Portal
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |