Re: Endpoint protection vendors

[Eric Sawyer <esawyer () NEC EDU>]

Hi Jason

2 years ago we did an RFP with Sophos, CrowdStrike, SentinelOne, and Cylance. SentinelOne and Cylance would not meet 
our budget requirements, so we did a POC with Sophos and CrowdStrike. My team liked Sophos for several reasons, but the 
endpoint agent was a resource hog, and we had occasional issues with both install and removal.

We've been very pleased with CrowdStrike and credit them with helping to really up our game in the EDR space. We 
purchased Prevent, Insight, Threat Graph, Discover, and Overwatch with premium support. The management site is a 
complex beast that takes some time to get comfortable with. They've made some improvements recently, but I would advise 
that your team utilize the CrowdStrike university subscription. We also did some pre-sales blue team exercises with 
their sales engineer to understand alerting, reporting, investigation, etc. Very useful!

The onboarding went very well. One webinar and our prevent and sensor policies were in place, alerting was set, and we 
had GPO and Intune packages for sensor deployment.

I think the best part is the follow-up support we get. Besides the monthly best practice webinars and product briefs, 
and the weekly support office hours, we have a quarterly review and health check with our technical account manager. 
Here we discuss any issues, review recent incidents for trends and whitelisting, and tweak protection policies based on 
real-time threat data. These are fantastic resources that I wish many of our SaaS providers would adopt. 

Hope this helps.
Eric Sawyer
Director of IT
New England College

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community