What are the most popular XDR platforms you think will be more and more popular in the next 5 years among SMB market between these 4?

1. SentinelOne

2. Microsoft Defender

3. Crowdstrike

4. Sophos

Microsoft Defender is great cuz it is easily integrated with Microsoft products which are everywhere in any org. SentinelOne has more affordable price as I was advised by someone working in MSP. Crowdstrike is classic but I heard they made some bad choices and go downhill. No experience with Sophos so far.

Also, for those licensing, do you buy through Pax8 or Dicker Data or something similar for a good price?

The place I work at currently uses ESET Protect as the endpoint protection platform and before renewing our licenses we are deciding if we need to switch from ESET into something like SentinelOne or Defender 365. We’re in the process of ramping up the organisation’s security as well starting next year and that is one of the reasons why we’re considering this switch as well.

Our ecosystem consists mostly of Windows PCs and servers, very few Linux servers, and also some Android devices, we got Office 365, and also got some infrastructure in Azure cloud as well. The top two contenders for me right now are Defender 365 (because of the footprint MS has on us and also because the whole ecosystem will integrate well), and SentinelOne. Crowdstrike (even though I like the product) didn’t make it because our higher-ups are still uneasy with their outage incident.

How are your experiences with these two products? Would love to hear about out-of-box protections, fine-tunings and integrations, support, and administration.

And also regarding ESET, they’ve served us well over the years. I think the company is looking for something ‘modern’ but I did my research and it seems like all these products do the exact same thing.

Hi All, need some recommendations on choice of XDR. This is for the company i work for with around 500 users. Current Setup

1. On prem Fortigate firewalls with web filtering, app control for all HQ users

2. Sophos XDR on all end points with web filtering, app control for all remote users.

Proposed changes

1. Moving to PA Prisma Access Business Premium as a SASE and not renewing licenses on the fortigates and using it just for internet connectivity

2. Need to remote Sophos and replace it with another XDE

Edit - Adding more details Tldr - cortex pro for endpoint or sentinelone?

SASE - I am already sold on moving from on prem fws to SASE and have finalized prisma access. I'm getting a great deal on the pricing and have a lot of trust on pa. I'm not keen on all in one sase+ edr solutions like zscalar and cato since I want to keep sase and edr separate. This will give me more flexibility in picking the best of each and will also allow me to change vendors independently in the future if required.

Current EDR- Sophos XDR. I was kinda forced into Sophos in the beginning since we have a lot of remote users and tiny offices which meant i had to go for an edr which has basic web and application filtering capabilities. Now that I'm moving to sase I can look at pure edr and pick something stronger than Sophos and leave the web and app filtering to sase. My issues with Sophos are the following-

1. Not the strongest compared to cwd, s1 or cortex

2. Too many false positives

3. Buggy dlp implementation

4. Higher resource utilisation especially on our older hardware. Newer laptops seem to handle it okay

5. Basic threat hunting and queries. Want a more advanced option.

EDRs under consideration

I've narrowed it down to either Cortex or Sentinelone. Along with crowdstrike they have excellent results in the mitre evaluations. Crowdstrike is just too expensive so it's out of the picture. Not looking at defender for endpoint either.

I've selected Cortex pro for endpoint as an appropriate option ( decent pricing and we don't have a lot of data ingestion needs so pro per GB might end up being very expensive). Need help in selecting the appropriate sentinelone option to do a poc against ( I suspect it's sentinelone singularity complete )

PA Cortex Pro for endpoint

1. Excellent mitre results.

2. Supposed to integrate well with prisma access. I will have to verify this during the poc.

3. Supposed to be complicated with a lot of advanced querying options and raw data. Not a major concern since I'm willing to invest time to learn.

4. Limited log ingestion capabilities ( especially compared to s1) ? I need to verify this in the poc. I would need at a minimum to be able to ingest prisma access + XDR logs in one place. Ability to invest logs from fortigates / O365 would be a plus ( not mandatory). We do not have the budget for a dedicated siem tool so I would need to use log ingestion either using the sase or the XDR to work like a rudimentary siem so that I can correlate logs and alerts. We will be having strata logging license for the sase.

5. No DLP options? Will not be taking the inline DLP addon due to cost concerns. Our DLP requirements are minimal but it's a nice feature to have ( planning to atleast block files based on extensions)

Sentinelone

1. Excellent mitre results almost on par with cortex

2. Does it integrate with prisma access?

3. Read reports of sentinelone blocking legitimate applications without generating logs which would be an issue for us. Does this happen often?

4. Better DLP compared to cortex

5. More log ingestion options?

Basically do i go for Cortex or s1? Does it make sense giving up the extra features of S1 for cortex's better prisma access integration and detection rates? Since I don't have a siem, will s1 allow me to integrate logs from prisma access, fortigates and o365 and use it as a makeshift siem? Is this not possible with cortex pro for endpoint?

Thanks in advance and apologies for the long post.

For context, I have started working in the field of cybersecurity and with every other turn, the tools seem to differ for every other needs, and some are ok with multiple tools in endpoint and email security until they realised the conflicting policies.

What XDR solutions are you currently using ? What are some pros and cons in terms of efficiency, costs, vendor lock-in etc ?

Hello fellow Sysadmins,

we are currently working on a project to introduce a XDR service.

Which providers do you use and how satisfied are you with your environment?

Just interested which options (Endpoint Security + Firewall) are used in other environments.

Hi everyone,

I'm doing some research on the best XDR solutions specifically for SMBs. I work for one and we think about purchasing an XDR solution as a step up to the basic EDR.

I’d love to hear from those of you with experience in cybersecurity about what you think is most important in an XDR solution.

• What features are essential for effective threat detection and response in SMB environments?

• How important are things like integration with third-party tools, data enrichment, or ease of use in choosing an XDR?

• Are there any XDR solutions that you've seen work particularly well for SMBs? If so, what sets them apart?

• What challenges should be expected when adopting XDR for SMBs, especially around resource constraints or deployment?

Dear all,

we are a company with around 480 people, 150 Servers, 350 Clients but no IT Security Team. We are currently using Sophos Intercept X but are not really happy with it. The Dashboard is not very user friendly, the Threat Report is very hard to read and we don't get a lot of information about the threat, a lot of false positives and in general I think that Sophos is not a high tier security software.

I got the project to look for an alternative that will replace Sophos. We want EDR, MDR and maybe an XDR solution. First we thought about a SIEM but I think we need a SOC Analyst or something else who is reading SIEM logs all day long to understand what is going on in our environment. I read that some XDR solutions, like from Cybereason is a newer and better SIEM. What is your opinion on that? What can we connect with modern XDR solutions? Is it possible to connect switches and Firewalls (Sophos XG btw) to it? We definitely want to have our Azure and M365 connected.

What are some tools to check out? We had already a demo from Cybereason which was ok but I definitely want to have a demo from Croudstrike and SentinelOne. Are there other good solutions in the market? And does it even make sense to go for one tool? For me it makes sense to have everything combined.

Thanks for your input.

I'm deciding between

• crowdstrike Falcon

• Sentinelone Singularity Complete

• VMware CarbonBlack EDR

• Microsoft Defender for Endpoint

• TrendMicro XDR

This is for around 50 devices, also which would be the cheapest overall?

Looking for input on which EDR / XDR solutions have the best clients for Linux servers.

Please comment with your suggestions and input. Thanks!

Hey everyone,

I'm a software engineer, mostly focused on development, but I've recently been given an evaluation task related to SIEMs and XDR. At my current company, we're using Wazuh for our SOC needs. My job now is to see how it compares with what GCP has to offer and to look into other options like Splunk.

There's a growing interest here in leveraging AI to streamline our security operations. I've come across mentions of Mandiant(XDR) as a potential solution (which is also a part of GCP now). I also watched a video on Google Chronicle from a recent Google event. Our goal is to have an AI system that, upon detecting threats, suggests a rule – possibly for our WAF or another platform to counter such threat(s). In the video, they used some GPT-like model to generate a query, and it suggested rules based on the vulnerability.

I've done some research, including watching podcasts and that Google Chronicle video. My impression so far is that GCP's offerings, especially Chronicle, might not be as mature as some of the other options out there. Also, I was unable to find a comparison of the services online between GCP (Chronicle and Mandiant) vs Wazuh. Any guidance or insights from those who've explored this terrain would be super helpful.

Thanks in advance!