SEP Replacement

Discussion in 'Business & Enterprise Computing' started by Rea:Per, Jul 30, 2018.

  1. OP
    OP
    Rea:Per

    Rea:Per Member

    Joined:
    Mar 27, 2011
    Messages:
    263
    Location:
    Sunshine Coast
    so what prompted the switch (or attempted switch) from webroot to sophos?
     
  2. Sphinx2000

    Sphinx2000 Member

    Joined:
    Sep 16, 2001
    Messages:
    7,487
    Location:
    Brisbane
    Yeah I was reading about this the other day, anti-ransomware caching sounds great in theory for workstation IO but not server IO...
     
  3. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,593
    Location:
    Canberra
    Partner status.
     
  4. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,700
    Location:
    3350
    We also utilise Sophos SG UTM so I'm interested on the XG UTM and Sophos Intercept X interoperability. We have looked at NextGen stuff cylance, carbon black etc. All the AI stuff is great but I'm pragmatic and think that a solution solely relying on AI/ML rather than traditional signature based has a gap in your defences. I'm also keen on EDR to aid in review/remediation in event of outbreaks.
     
  5. EvilGenius

    EvilGenius Member

    Joined:
    Apr 26, 2005
    Messages:
    10,273
    Location:
    Rocky
    We're in the middle of a switch from webroot to crowdstrike because our parent company already has 30k seats and webroot can't compare with the pricing. I haven't nearly gotten my head around it yet, compared to webroot it's incredibly complex. EDR seems to be it's bailiwick though.



    The one issue we had with Webroot in the years we've been using it is a massive performance hit if you use the built in system optimiser, it's an option under policies that you will apply to various groups/endpoints. We had it scheduled for twice a week, and twice a week like clockwork at those times system performance would crawl to a halt. It took us a long time to figure out the reason behind it though as users being users swore it happened every single day and we couldn't find an event in our environment that matched.

    Other than that I still swear by webroot.
     
    Last edited: May 28, 2019
  6. Skitza

    Skitza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,747
    Location:
    In your street
    I’m still running it and we have migrated the entire company to it now. It’s pretty good, very little issues if any. A huge caveat and it’s huge, not that I care that much, but there is no quarantine section. So if a file is deleted because it thinks it’s a PUA or a false positive.... it’s gone :)

    Other than that, can recommend.
     
  7. millsy_c

    millsy_c Member

    Joined:
    Mar 31, 2007
    Messages:
    12,696
    Location:
    Brisbane
    Just to chip in for a second, SEP and similar are foremost signature based AV.

    Comparing them to Crowdstrike/Carbon Black etc. is not really apples to apples, they are immensely more complex and offer very different functionality. If you only intend to use a tool for AV and don't have anybody that's dedicated to look at what Crowdstrike and the like flag, you're probably wasting your money as you're not taking advantage of the feature set.
     

Share This Page

Advertisement: