ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    NG AV / Endpoint Protection in 2021

    Scheduled Pinned Locked Moved Unsolved IT Discussion
    56 Posts 12 Posters 5.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Obsolesce
      last edited by

      @obsolesce said in NG AV / Endpoint Protection in 2021:

      @scottalanmiller said in NG AV / Endpoint Protection in 2021:

      If you spend a single minute or a single dollar looking at another solution, you are losing money while increasing your risk.

      A lot of companies need the central management and reporting aspects, which means you'll be paying money for a good solution. While Defender does those, it begins to cost. At that point, there are some other worthy competitors that may be a better fit depending on environment. Such example would be Crowdstrike.

      "Need" is rarely true. "Blindly demand for no reason" is all we normally see.

      And for most of those, we've found that reporting solutions and tools that simply report on stock (free) Defender meet the needs.

      While plausible, I've never found an organization that actually had a use for the centralized console. They like it because it looks good and makes them feel good. But it was always an emotional thing, not a business one.

      1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller @dagors
        last edited by

        @dagors said in NG AV / Endpoint Protection in 2021:

        Seriously, it is a shame to know about this

        There are historical reasons why these companies are around. And while initially it feels awful, quickly it becomes "oh wait, this is great for the future overall" and you start to feel good about it.

        1 Reply Last reply Reply Quote 0
        • D
          dagors @scottalanmiller
          last edited by

          @scottalanmiller
          Thanks for the explanation!

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @dagors
            last edited by

            @dagors said in NG AV / Endpoint Protection in 2021:

            @scottalanmiller
            Thanks for the explanation!

            No problem!

            1 Reply Last reply Reply Quote 0
            • coliverC
              coliver @Obsolesce
              last edited by

              @obsolesce said in NG AV / Endpoint Protection in 2021:

              @notverypunny said in NG AV / Endpoint Protection in 2021:

              Any vendors people want to recommend or warn off with regards to endpoint and server protection? We're shopping options to replace our current NG solution. Currently on a call and it's kinda meh.... I'm not a fan of sales in any context and this seems to be lots of sizzle and not a lot of steak (or bacon... substitute your delicious protein of choice)

              Crowdstrike has worked well in a few large places I've seen. It's great cross platform.

              That's what we just moved to.

              1 Reply Last reply Reply Quote 1
              • dbeatoD
                dbeato @scottalanmiller
                last edited by

                @scottalanmiller Like what? I am confused, I have worked with many AV and Bitdefender has been one of the less problematics AV I have worked with. Most of the time Bitdefender doesn't allow something it is purely a setting that blocks access to File shares or local folders but once allowed it works same with Windows Defender has the same feature and can be annoying. Centralized management is not about knowing the status of the agents, it is also the way to manage all the settings and policies from one place instead of doing manual work on each computer (Windows Defender) to apply the changes.

                hobbit666H scottalanmillerS 4 Replies Last reply Reply Quote 1
                • hobbit666H
                  hobbit666 @dbeato
                  last edited by

                  @dbeato same never had issues with most AV.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @dbeato
                    last edited by

                    @dbeato said in NG AV / Endpoint Protection in 2021:

                    Like what? I am confused, I have worked with many AV and Bitdefender has been one of the less problematics AV I have worked with.

                    That's a low bar. You should really have like... zero problems. With Bitdefender we have issues with nearly everything. With management tools, other security tools (like Defender), with remote access, with line of business applications, with general OS performance. You name it.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @dbeato
                      last edited by

                      @dbeato said in NG AV / Endpoint Protection in 2021:

                      Most of the time Bitdefender doesn't allow something it is purely a setting that blocks access to File shares or local folders but once allowed it works same with Windows Defender has the same feature and can be annoying.

                      Right. That's a major problem unless you are billing by the hour, then creating these issues is a good thing for the pocket book. Having to log in and fix applications not working because we installed an unnecessary application to create the problem in the first place is a great way to make money quickly but isn't a good way to do IT. Blocking standard applications and requiring a human to log in (which is also often blocked by the AV) instead of "just working" like Defender does, is a HUGE problem.

                      If I was a business owner and found a company doing this to us, I'd be considering legal action. Not just putting us at risk, but then billing to fix the problem that they created. All while disabling a better AV that was already there and doesn't (typically) have these problems!

                      dbeatoD 1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller @dbeato
                        last edited by

                        @dbeato said in NG AV / Endpoint Protection in 2021:

                        Centralized management is not about knowing the status of the agents, it is also the way to manage all the settings and policies from one place instead of doing manual work on each computer (Windows Defender) to apply the changes.

                        Sure, but what settings and policies do you need? Keep the computer safe, stop monkeying about with policies. I truly believe this entire policy market is a scam. All these unnecessary settings, that put customers at risk, to justify paying for a centralized system.

                        Skip it all. Problem solved. Centralized reporting of status so that you know things are running and up to date: great. But with Defender, that's free. All the rest, I absolutely, 100% think it's BS that people are trying to charge for that.

                        Don't get me wrong, I know why it is a good market of easy money and that it is super easy to get customers to request it. But as a CIO, my job is always to educate my customers that this is not in their interest and it is all "sounds good" mombo jumbo that is hard to refute, but in practice is not in any way done for their benefit.

                        travisdh1T dbeatoD 2 Replies Last reply Reply Quote 1
                        • travisdh1T
                          travisdh1 @scottalanmiller
                          last edited by

                          @scottalanmiller said in NG AV / Endpoint Protection in 2021:

                          @dbeato said in NG AV / Endpoint Protection in 2021:

                          Centralized management is not about knowing the status of the agents, it is also the way to manage all the settings and policies from one place instead of doing manual work on each computer (Windows Defender) to apply the changes.

                          Sure, but what settings and policies do you need? Keep the computer safe, stop monkeying about with policies. I truly believe this entire policy market is a scam. All these unnecessary settings, that put customers at risk, to justify paying for a centralized system.

                          Skip it all. Problem solved. Centralized reporting of status so that you know things are running and up to date: great. But with Defender, that's free. All the rest, I absolutely, 100% think it's BS that people are trying to charge for that.

                          Don't get me wrong, I know why it is a good market of easy money and that it is super easy to get customers to request it. But as a CIO, my job is always to educate my customers that this is not in their interest and it is all "sounds good" mombo jumbo that is hard to refute, but in practice is not in any way done for their benefit.

                          I'm curious, how do you handle centralized reporting with Defender? That's still the 1 missing piece most places I deal with want, and I don't know of a way to do it with Defender itself.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @travisdh1
                            last edited by

                            @travisdh1 said in NG AV / Endpoint Protection in 2021:

                            I'm curious, how do you handle centralized reporting with Defender? That's still the 1 missing piece most places I deal with want, and I don't know of a way to do it with Defender itself.

                            Reporting on it being up to date and running? Both MeshCentral and TacticalRMM report on that. So do lots of other tools.

                            stacksofplatesS 1 Reply Last reply Reply Quote 0
                            • stacksofplatesS
                              stacksofplates @scottalanmiller
                              last edited by stacksofplates

                              @scottalanmiller said in NG AV / Endpoint Protection in 2021:

                              @travisdh1 said in NG AV / Endpoint Protection in 2021:

                              I'm curious, how do you handle centralized reporting with Defender? That's still the 1 missing piece most places I deal with want, and I don't know of a way to do it with Defender itself.

                              Reporting on it being up to date and running? Both MeshCentral and TacticalRMM report on that. So do lots of other tools.

                              Can you give a screenshot of this? I just can't conceptualize how these tools can give you a report on running, updates, number of findings, what the findings are, etc.

                              travisdh1T 1 Reply Last reply Reply Quote 1
                              • travisdh1T
                                travisdh1 @stacksofplates
                                last edited by

                                @stacksofplates said in NG AV / Endpoint Protection in 2021:

                                @scottalanmiller said in NG AV / Endpoint Protection in 2021:

                                @travisdh1 said in NG AV / Endpoint Protection in 2021:

                                I'm curious, how do you handle centralized reporting with Defender? That's still the 1 missing piece most places I deal with want, and I don't know of a way to do it with Defender itself.

                                Reporting on it being up to date and running? Both MeshCentral and TacticalRMM report on that. So do lots of other tools.

                                Can you give a screenshot of this? I just can't conceptualize how these tools can give you a report on running, updates, number of findings, what the findings are, etc.

                                I can understand how MeshCentral and TacticalRMM can keep you informed of updates, it's what they do, but how do they alert you to detections?

                                dbeatoD 1 Reply Last reply Reply Quote 0
                                • dbeatoD
                                  dbeato @travisdh1
                                  last edited by

                                  @travisdh1 It doesn't that is the issue.

                                  1 Reply Last reply Reply Quote 0
                                  • dbeatoD
                                    dbeato @scottalanmiller
                                    last edited by

                                    @scottalanmiller many applications have issues but none of them are intentional so I can understand frustration. By that definition Microsoft including Defender shouldn't be used 🙂 but again I have no idea of what NTG is dealing with those specific Bitdefender clients.

                                    1 Reply Last reply Reply Quote 0
                                    • dbeatoD
                                      dbeato @scottalanmiller
                                      last edited by

                                      @scottalanmiller A lot of Endpoint Protection have the Bitlocker Management for Encryption and other modules that go hand in hand with the Agent so there are many settings that can be used. Also most Endpoint protection systems offer the central management for Free included on the licensing which Bitdefender does have.

                                      1 Reply Last reply Reply Quote 0
                                      • IRJI
                                        IRJ
                                        last edited by

                                        What is centralized AV?
                                        AV status, alerting, and policy management

                                        A SIEM and HIDS solution provide the first two for you and there are so many mechanisms which you can use to handle policies like powershell, salt, Ansible, etc.

                                        1 Reply Last reply Reply Quote 1
                                        • IRJI
                                          IRJ
                                          last edited by

                                          Also I think centralized policy management is against the concept of zero trust. We should not br whitelisting anything, because it does not fit zero trust model. In an ideal world we are using web applications which require no exceptions.

                                          We need to get out of the mindset that poorly created applications are ok to use. But by off chance we need to make AV exceptions for a shitty app we should be able to do that for the entire organization through configuration management tool. It should be so rare and there should be no onsie or twosie exceptions (so no need for policy management).

                                          stacksofplatesS 1 Reply Last reply Reply Quote 1
                                          • stacksofplatesS
                                            stacksofplates @IRJ
                                            last edited by

                                            @irj said in NG AV / Endpoint Protection in 2021:

                                            Also I think centralized policy management is against the concept of zero trust. We should not br whitelisting anything, because it does not fit zero trust model. In an ideal world we are using web applications which require no exceptions.

                                            We need to get out of the mindset that poorly created applications are ok to use. But by off chance we need to make AV exceptions for a shitty app we should be able to do that for the entire organization through configuration management tool. It should be so rare and there should be no onsie or twosie exceptions (so no need for policy management).

                                            I agree 100%. But I still think you need reliable reporting on when things do pop up. I don't think just knowing the AV is up to date or not is enough. And you're right, an SIEM will do that for you.

                                            DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 2 / 3
                                            • First post
                                              Last post