I'm evaluating whether to switch our endpoint protection from Microsoft Defender E5 to Crowdstrike. Currently, all users have E5 licenses, but by transitioning to E3 and incorporating Crowdstrike, we could save a significant amount of money that we'd put towards a Managed Detection and Response (MDR) service. We already use Mimecast for email protection and have alternatives for cloud app control and vulnerability management, so we won't miss those features. Plus, we still have around 100 users who require Teams Phone licenses. While we haven't implemented Data Loss Prevention (DLP) from E5 and likely won't have the resources for it in the next year, the only feature I think we'd lose is Purview, which hasn't been vital for us. We have a mix of approximately 60% Windows and 40% Mac devices and manage about 150 servers, including 50 running various flavors of Linux. Has anyone else made this transition? Am I overlooking anything significant by downgrading from E5 to E3? What else should I consider?
4 Answers
If you're considering switching, look at what features you’re actually using from the E5 license. Stepping down to E3 will save you money, but make sure you're using at least a couple of the functionalities that E5 offers, like Power BI Pro or Teams Calling. If those aren’t part of your regular workflow, it could make more sense financially to downgrade and purchase components individually. Also, keep in mind that if you’re in an Enterprise Agreement with Microsoft, that’s likely changing when you renew. Reevaluating your license structure might be a smart move at that point.
What specific features are you looking to replace with Crowdstrike? Remember, E3 still gives you a Defender for Endpoint P1 license. Instead of fully switching to Crowdstrike, you might save more money by going straight to an MDR after downgrading. The extra features of Defender for Endpoint P2 add some investigative capabilities, but don’t significantly enhance overall protection.
Before making any decisions, have you calculated the potential savings with Crowdstrike? In my experience on a security team at a large company, we found it challenging to justify replacing Defender with Crowdstrike on workstations after already using it on servers. It might not be just about cost; compliance factors may also come into play, such as FedRAMP or other regulatory concerns that could impact your choice of vendors. That’s something to think about closely.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures