Sentinel One Capture Client serve as complete replacement for Webroot/Malwarebytes EndPoint Clients.
I am trying to confirm whether Sentinel One EndPoint Protection is a viable replacement for existing Webroot EndPoint Protection and MalwareBytes EndPoint protection. We have been using Webroot/Malwarebytes endpoint clients on our workstations and servers for about four or five years now. We have not encountered any compromises/issues using these products. I also need to mention we also use Cisco's Umbrella Roaming Client as well.
We also have a SonicWall TZ500W with the Comprehensive Gateway protection. We never enabled the DPI module because it caused many connection issues accessing creditable Court websites, etc.
So now SonicWall is promoting/offering their Capture Client solution that I am interested in. I wanted to purchase the Sentinel One client software a couple of years back, but they said I could not make a purchase since the minimum count they could sell is 100. We only need 25 licenses. So now that Sonicwall offers Capture Client, I want to know if its feasible to say it would actually replace both Webroot and MalwareBytes EndPoint products and not just work along side and complement them. So, I contacted Sentinel One Sales and they indicate their product serves as direct replacement. They also mentioned their clients actually use Capture Client exclusively.
I have concern about a complete replacement solution. I just want to ensure if we decide to deploy Sentinel One Capture Client as the sole Anti-Virus and Anti-Malware solution it performs as well or better than the existing endpoint products combined. I am also concerned about deploying Sentinel One on our domain controllers, SQL servers, Exchange servers, and file servers.
We also have a SonicWall TZ500W with the Comprehensive Gateway protection. We never enabled the DPI module because it caused many connection issues accessing creditable Court websites, etc.
So now SonicWall is promoting/offering their Capture Client solution that I am interested in. I wanted to purchase the Sentinel One client software a couple of years back, but they said I could not make a purchase since the minimum count they could sell is 100. We only need 25 licenses. So now that Sonicwall offers Capture Client, I want to know if its feasible to say it would actually replace both Webroot and MalwareBytes EndPoint products and not just work along side and complement them. So, I contacted Sentinel One Sales and they indicate their product serves as direct replacement. They also mentioned their clients actually use Capture Client exclusively.
I have concern about a complete replacement solution. I just want to ensure if we decide to deploy Sentinel One Capture Client as the sole Anti-Virus and Anti-Malware solution it performs as well or better than the existing endpoint products combined. I am also concerned about deploying Sentinel One on our domain controllers, SQL servers, Exchange servers, and file servers.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your feedback. I was hoping I would get more responses. It never panned out. Both you provided very good points that need to be considered. Still up in the air as far as making a decision. Thank you regardless!!
You're very welcome cmp119. Sorry you didn't get more input, but I'm pleased I was able to help a little.
Regards, Andrew
Regards, Andrew
Glad I could help...thanks for the points!
DPI is enabled by default so someone had to have disabled at some point. I'd recommend AGSS which provides CAPTURE ATP for the network and DEFINITELY configure DPI - this is a security 101 mandatory function and without it you can not achieve security baseline. You cannot stop Ransomware and other encrypted attacks/payloads without DPI running coupled with AGSS. Plus without AGSS you cannot stop Zero-Day, Unknowns, Spectre/Meldown, and Fileless attacks at the gateway. Encrypted traffic on the web is now at 73% and growing - this means unless you can decrypted it you cannot inspect it and if you cannot inspect it you cannot stop it. Just because you have had a good run without infection doesn't mean you can rest on your laurels; make no mistake there are vulnerabilities in your current security posture.
I'd be more concerned you don't have DPI configured than rolling out a tried and proven endpoint security. You can roll CAPTURE Client out in a phased implementation monitoring & reporting only, then action later after your internal evaluation period is up.
Again let me know if you have any questions!