Apex One
Apex One
  • Deployment: Mac, Windows, web-based, cloud, SaaS
  • Customer service: Phone during business hours, online
  • Alerts/notifications

Trend Micro, the company behind the Apex One product, was founded in 1988 with the initial aim of creating antivirus software. It now offers a platform of cybersecurity products covering areas such as network security and user protection. The program includes most of the key elements we recommend, such as integrations, reporting, and EDR features like anomaly detection and whitelisting/blacklisting. However, it does lack others, such as remediation management and continuous monitoring capability. The firm also offers managed services as an add-on, so businesses can outsource detection and response or extend monitoring to a 24/7 basis. 

Pros & Cons

Pros

  • Whitelisting/blacklisting capabilities
  • Part of an extensive security platform

Cons

  • No remediation management
  • No continuous monitoring functionality

Summary

Apex One
Apex One
  • Starting Price
    • Custom Quote
  • Free Trial/Demo
    not provided
  • Deployment
    Installed - Mac
    Installed - Windows
    Web-Based, Cloud, SaaS
  • Support Options
    Business Hours
    Online
  • Whitelisting/Blacklisting
    yes
Features
  • Deployment: Mac, Windows, web-based, cloud, SaaS
  • Customer service: Phone during business hours, online
  • Alerts/notifications
CrowdStrike Falcon Logo
CrowdStrike Falcon
  • Deployment: Web-based, cloud, SaaS
  • Customer service: 24/7 (live rep), online
  • Anomaly/malware detection

CrowdStrike was launched in 2011 with the goal of moving beyond just malware identification toward the identification of those initiating the attacks. Its Falcon Insight cloud-based offering makes a strong showing when it comes to capabilities: It includes core elements such as integrations, reporting, malware detection, remediation management, and whitelisting/blacklisting, as well as nice-to-have functionalities like continuous monitoring and notifications. Its automated detection feature allows for a more streamlined monitoring process and also reduces alert fatigue by prioritizing alerts sent to users. 

Pros & Cons

Pros

  • Remediation management
  • Whitelisting/blacklisting capabilities

Cons

  • No Mac or Windows installation options

Summary

CrowdStrike Falcon Logo
CrowdStrike Falcon
  • Starting Price
    • Custom Quote
  • Free Trial/Demo
    15-Day Free Trial
  • Deployment
    Web-Based, Cloud, SaaS
  • Support Options
    24/7 (Live Rep)
    Online
  • Whitelisting/Blacklisting
    yes
Features
  • Deployment: Web-based, cloud, SaaS
  • Customer service: 24/7 (live rep), online
  • Anomaly/malware detection
McAfee Endpoint Security
McAfee Endpoint Security
  • Deployment: Windows, web-based, cloud, SaaS, iPhone/iPad, Android
  • Customer service: Phone during business hours, online
  • Anomaly/malware detection

McAfee is a well-known name in the computer security software field, with a history going back more than 30 years. Its cloud product offers critical functionalities like anomaly detection and remediation management as well as integrations and reporting but is missing an important capability — namely, whitelisting/blacklisting. Additional components include continuous monitoring and alerts/notifications. Users can take advantage of the program’s AI-guided process for investigating and remedying threats. 

Pros & Cons

Pros

  • AI-guided investigation functionality
  • Mobile product option available

Cons

  • No whitelisting/blacklisting functionality
  • Customer support during business hours only

Summary

McAfee Endpoint Security
McAfee Endpoint Security
  • Starting Price
    • Custom Quote
  • Free Trial/Demo
    Free Demo and Free Trial
  • Deployment
    Installed - Windows
    Web-Based, Cloud, SaaS
    iPhone / iPad
    Android
  • Support Options
    Business Hours
    Online
  • Whitelisting/Blacklisting
    no
Features
  • Deployment: Windows, web-based, cloud, SaaS, iPhone/iPad, Android
  • Customer service: Phone during business hours, online
  • Anomaly/malware detection
SentinelOne Endpoint Protection Platform
SentinelOne Endpoint Protection Platform
  • Deployment: Mac, Windows, web-based, cloud, SaaS
  • Customer service: 24/7 (live rep), phone during business hours, online
  • Anomaly/malware detection

The SentinelOne company was established by a collection of defense and intelligence experts. It aims to use AI and machine learning to protect against cyber threats. The company’s Endpoint Protection Platform offers the essential features of an EDR product while also supplying monitoring and notification functionalities. It’s one of the two providers on this list that have a Mac installation deployment option, as well as 24/7 live rep support. 

Pros & Cons

Pros

  • Robust features coverage
  • Integration capabilities

Cons

  • Advanced EDR features only available via higher-tier packages

Summary

SentinelOne Endpoint Protection Platform
SentinelOne Endpoint Protection Platform
  • Starting Price
    • Custom Quote
  • Free Trial/Demo
    Free Trial
  • Deployment
    Installed - Mac
    Installed - Windows
    Web-Based, Cloud, SaaS
  • Support Options
    24/7 (Live Rep)
    Business Hours
    Online
  • Whitelisting/Blacklisting
    yes
Features
  • Deployment: Mac, Windows, web-based, cloud, SaaS
  • Customer service: 24/7 (live rep), phone during business hours, online
  • Anomaly/malware detection
VMware Carbon Black Cloud Logo
VMware Carbon Black Cloud
  • Deployment: Windows, web-based, cloud, SaaS
  • Customer service: Phone during business hours
  • Remediation management

VMware’s suite of security products uses behavioral analytics to thwart cybersecurity threats and attacks. Its Carbon Black platform is made up of a number of security software products, including both on-premises and cloud options. The company’s cloud offering features a good selection of critical EDR capabilities, such as whitelisting/blacklisting and anomaly detection, while also providing valuable extra components like continuous monitoring. 

Pros & Cons

Pros

  • Robust features coverage
  • Whitelisting/blacklisting capabilities

Cons

  • Customer support during business hours only
  • No free trial

Summary

VMware Carbon Black Cloud Logo
VMware Carbon Black Cloud
  • Starting Price
    • Custom Quote
  • Free Trial/Demo
    Free Demo
  • Deployment
    Installed - Windows
    Web-Based, Cloud, SaaS
  • Support Options
    Business Hours
  • Whitelisting/Blacklisting
    yes
Features
  • Deployment: Windows, web-based, cloud, SaaS
  • Customer service: Phone during business hours
  • Remediation management

How We Chose the Best Endpoint Detection and Response Software

With the increasing complexity and frequency of cyber threats and cyberattacks, it’s not surprising that there are a number of companies and products in the endpoint detection and response software space. In evaluating the options, we looked at three components that we believe are crucial to selecting an EDR product: 

EDR Features

A solid endpoint detection and response software program should have certain core capabilities, such as malware detection. However, for small businesses in particular, a competitive offering should provide a good variety of features that also ensure effective coverage of cybersecurity and intelligence needs. Contenders on this list were assessed based on whether they included key functions such as remediation management and whitelisting/blacklisting. 

Integrations

Few, if any, software products exist in isolation. The efficient transfer of information between systems can be a critical advantage in any business endeavor, but perhaps even more so when it comes to cybersecurity risks and management. As such, one of the criteria we used to narrow down the list of EDR candidates was whether pre-built integrations with other common partner tools were part of the package. 

Reports

Users need the ability to pull useful information out of software so they can make decisions about where best to deploy attention and/or funds. Detailed reports are an essential element of an EDR offering; they can be an important tool for security teams and leaders in their efforts to assess and improve security practices.