Which AV solution? Sophos or Webroot

Dan
Dan used Ask the Experts™
on
I’m trying to compare the two solutions, between Webroot anywhere secure with DNS protection or Sophos interecptX advanced with EDR.
I do have a Sophos Firewall, but I’ve been using Webroot for now and just tested InterceptX and I have to decide which route to take.


Does anyone have any recommendations?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
you can get different antivirus solution and can get different advice from different persons.
no AV is perfect, every one has his limits .  

but webroot is better in case of ransomware....also in crypto ransomware  ....i prefer webroot a little bit than interecptx .
Commented:
Most modern AV solutions offer real-time scanning protection, running in the background always. This helps keep users protected without needing to remember to run a scan every time. However, these scanners are highly dependent on updating signatures every day so as not to lag behind new exploits discovered in the net. Failing to keep these solutions updated could make them practically useless.  Some additional features could be included:
• Built-in firewall functionality.
• Intrusion detection system (IDS)/intrusion prevention system (IPS) functionality.
• Application whitelisting/blacklisting functionality.
btanExec Consultant
Distinguished Expert 2018
Commented:
I think you should be asking what is the security objective that you need to achieve and thereafter look at the "want" or so called good to have. Buying just solely a security product by comparison may not be an apple to orange comparison if you do not state even what are the baseline requirements. If it is AV replacement then either one is alright but I believe you should be looking deeper into the needs from the IT or Ops angle from your company as I doubt it is an individual interests.

Requirement can be as to
  1. block sophisticated malware ("fileless" type) or APT attacks (targeted attack using zero days etc), or
  2. simply is to block ransomware type of malice that sabotage the machine, or
  3. detecting early any anomalies of indicator of compromise in the machine that may be due to Cryptomining malware, or
  4. threat that has no footprint and running only in memory, or
  5. tracing how the threat comes from USB drive and has comprehensive activity recording capability to allow forensic to be done, or
  6. able to check for IOC or signature due to announced public threats and more of threat hunting genre,
.....the list goes on

Good to have the requirement then review again the product any limitation or gaps in addressing the capability needed...
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

DanNetwork Engineer

Author

Commented:
Btan, good points, so which product meets all the specs you mentioned?
btanExec Consultant
Distinguished Expert 2018

Commented:
I will go with a Anti-malware (e.g. Malwarebyte) and level it up with a EDR solution (e.g. Carbon black). What is lacking is then a Host intrusion prevention (HIPS) which Symantec Endpoint is one option.

Coming back Webroot is more of the HIPS approach as it acts also as a gatekeeper to the traffic going out and coming in. It secures the connection and remote access via wired or wirelessly. For Sophos, it is more a Anti-malware with good ransomware prevention capability and I am not aware of the EDR aspect but if it has, the endpoint security will definitely a value add.

If I will to choose Sophos protecting the endpoint will be ore assuring with EDR. But when comes to traffic analysis and secure connection, Webroot may have an edge.

I did not delve deep as I will think you can ask the tech sales to do that for you with those req.
DanNetwork Engineer

Author

Commented:
Thanks guys for your input.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial