Battle Carbon Black, Cynet360 or Crowdstrike

[guarana]

If you'd have to choose an EDR solution from one of these 3 vendors

- Carbon Black Response
- Cynet360
- Crowdstrike Falcon

for a large enterprise IT environment (100.000+ endpoints), which would you go for, and why (price does not count)?
The only response feature needed is to isolate the client network-wise, which all 3 fulfill.

Best regards,
Veloxy

 

[Mahesh Sudula]

As per NSS LABS reports
Carbon Black Response stood first followed by below
TREND MICRO, PALO ALTO, ENDGAME i personally recommend
My friend medium scaled enterprise uses Trend..it is very good

 

[Ink]

You might be out on a limb here. The problem with asking "the best solution" is that is does not fit everyone's needs. Like consumer products, you don't need the best, but a balanced solution for Enterprise.

So I have to ask again, why have you decided to compare these 3 products, and exclude all others? (See edit).

Edit: "The only response feature needed is to isolate the client network-wise, which all 3 fulfill."

Since I have no knowledge of Commercial Enterprise products, I cannot make any recommendation.

 

[guarana]

Most other vendors, such as Cylance, Palo Alto, Symantec, Fireeye, etc. were previously checked in terms of their functionality and enterprise readiness. Various factors were chosen and lead to a list of points for each product. To narrow down the choice, the top 3 products were chosen. According the rating, Carbon Black was also leading the list. Cynet is a solution which was the choice of some colleagues due to good experience. In terms of functionality Cynet is superior to CB Response, which is due to the nature of the product, as it tries to be a NG AV with strong response capabilities while CB Respomse tries to be a good forensic and SOC product with the focus on detection.

I think it cannot be told, which solution is the best, as every company has individual requirements.

Therefore, my question would rather be: has anyone got experience with the rollout of any of those 3 products?

 

[Jindrak]

If I remember the NSS NGAV report, it specifically states that Cb scored as high as it did solely because of its application white/black listing capabilities (from their Cb Protect product), and they also stated that such extensive whitelisting would not be reasonable for many companies.

I currently work for an MSSP, and two of our customers use Cb Defense, and one uses both Cb Defense & Cb Response. Both Defense & Response can isolate hosts, but they are two very different products. Response is more of the Incident Response and Forensics product and doesn't actually have their full AV solution and protection like Defense does. Cb Defense has a limited response capability as you can have the agent go into "Live Response" mode, but the commands available are very limited, basically command line browsing, delete/rename/create files and not much else.

The other two products I have not personally used or have experience with, but I would be wary of Cynet simply because of how unknown it is at this time compared to more established vendors. From other people I know, CrowdStrike is nice, but it depends on how "deep" of their security stack you buy, as they have multiple components, as does FireEye, which I do have experience with. I would rather recommend Endgame or SentinelOne, as they are single agent/single products instead of being split into multiple like FE, CS, Cb, etc.

I would also look into EnSilo and Darktrace for their AI & automation capabilities.