I'm in the market for a solid managed detection and response (MDR) or extended detection and response (XDR) solution. I've previously worked with CrowdStrike, and I'm exploring my options after hearing so many mixed reviews about various providers. My team is distributed across several countries, with about 400 people mainly working on developing Android and iOS applications. Our environment consists of roughly 70% macOS, 25% Windows, and 5% Linux. Given that we have a small internal team, we're particularly interested in a solution that's easy to manage. I've been looking into CrowdStrike, SentinelOne, Darktrace, and Microsoft Defender through a managed service provider. What other options should I consider?
5 Answers
We've actually found a mix of SentinelOne, Microsoft Defender, and Huntress to be a solid combo. The effectiveness always hinges on how well you deploy these solutions. We prioritize hardening and posture management over mere detection, especially with a large dev team like yours.
I’ve been using Malwarebytes Threatdown EDR for a little over a year, and it's been pretty impressive. It’s set up to be low-maintenance and has blocked some serious threats that others haven't caught. Plus, it’s become more feature-rich, and the costs are quite competitive compared to what they list on their site.
I'm a fan of SentinelOne; I find it much easier to use than CrowdStrike. Microsoft Defender can work well if your team is predominantly on Windows and you have the proper licenses. However, it can get pricey for comprehensive coverage. For larger teams, don’t underestimate the importance of setting up a proper SIEM alongside any EDR solution—it's crucial for managing security at scale.
CrowdStrike Falcon has worked really well for me in the past. I've implemented it in three different companies and it offers great visibility and integrations. The managed SOC team has also been a lifesaver for us a few times. If you're looking for reliability, I’d definitely recommend it.
It’s impressive how well CrowdStrike performs, even during crunch times.
A lot of dissatisfaction with XDR/MDR really boils down to mismatched expectations. While tools like CrowdStrike, SentinelOne, and Microsoft Defender are sound choices, the key differentiator often lies in the quality of the MDR service backing them. For a smaller team, consider focusing on the responsiveness of the SOC, how manageable the alerts are, their macOS support, and how well it integrates with existing tools. From what I've seen, Microsoft Defender for Endpoint via a reputable MSP can actually work quite well with your environment.
We face similar issues with our SaaS applications, and integrating them into a SIEM is a major hurdle for us.