Discussion in 'Business & Enterprise Computing' started by Rea:Per, Jul 30, 2018.
so what prompted the switch (or attempted switch) from webroot to sophos?
Yeah I was reading about this the other day, anti-ransomware caching sounds great in theory for workstation IO but not server IO...
We also utilise Sophos SG UTM so I'm interested on the XG UTM and Sophos Intercept X interoperability. We have looked at NextGen stuff cylance, carbon black etc. All the AI stuff is great but I'm pragmatic and think that a solution solely relying on AI/ML rather than traditional signature based has a gap in your defences. I'm also keen on EDR to aid in review/remediation in event of outbreaks.
We're in the middle of a switch from webroot to crowdstrike because our parent company already has 30k seats and webroot can't compare with the pricing. I haven't nearly gotten my head around it yet, compared to webroot it's incredibly complex. EDR seems to be it's bailiwick though.
The one issue we had with Webroot in the years we've been using it is a massive performance hit if you use the built in system optimiser, it's an option under policies that you will apply to various groups/endpoints. We had it scheduled for twice a week, and twice a week like clockwork at those times system performance would crawl to a halt. It took us a long time to figure out the reason behind it though as users being users swore it happened every single day and we couldn't find an event in our environment that matched.
Other than that I still swear by webroot.
I’m still running it and we have migrated the entire company to it now. It’s pretty good, very little issues if any. A huge caveat and it’s huge, not that I care that much, but there is no quarantine section. So if a file is deleted because it thinks it’s a PUA or a false positive.... it’s gone
Other than that, can recommend.
Just to chip in for a second, SEP and similar are foremost signature based AV.
Comparing them to Crowdstrike/Carbon Black etc. is not really apples to apples, they are immensely more complex and offer very different functionality. If you only intend to use a tool for AV and don't have anybody that's dedicated to look at what Crowdstrike and the like flag, you're probably wasting your money as you're not taking advantage of the feature set.