Compare Endpoint Security Solutions

See how Cisco Secure Endpoint stacks up against competitors.

Data valid as of July 2022.

Cisco Secure Endpoint

SentinelOne Singularity

Crowdstrike Falcon

Microsoft Defender for Endpoint

Expand all

Detection

Endpoint agents required1A single lightweight Cisco Secure Endpoint agent provides all the capabilities listed in this chart, including SecureX Threat Response. Unless otherwise noted, no other Cisco product is required to meet the listed functionality.1One endpoint agent is required to achieve all the functionality described here.1One endpoint agent is required to achieve all the functionality described here.1Integrated into Windows platform. One endpoint agent is required to achieve all the functionality described here on non-Windows platforms.
A single lightweight Cisco Secure Endpoint agent provides all the capabilities listed in this chart, including SecureX Threat Response. Unless otherwise noted, no other Cisco product is required to meet the listed functionality.One endpoint agent is required to achieve all the functionality described here.One endpoint agent is required to achieve all the functionality described here.Integrated into Windows platform. One endpoint agent is required to achieve all the functionality described here on non-Windows platforms.
Continuous analysis and retrospective detectionCisco Secure Endpoint employs continuous analysis beyond the event horizon (point in time). It can retrospectively detect, alert, track, analyze, and remediate advanced malware that may at first appear clean or that evades initial defenses and is later identified as malicious. LimitedSentinelOne employs continuous analysis but retrospective detection is manual and part of threat hunting.LimitedCrowdstrike Falcon offers DVR capability down to a 5-second visibility of the endpoint. Retrospective detection is manual and part of threat hunting.LimitedDefender for Endpoint employs continuous analysis. It does not perform retrospective detection(part of threat hunting).
Cisco Secure Endpoint employs continuous analysis beyond the event horizon (point in time). It can retrospectively detect, alert, track, analyze, and remediate advanced malware that may at first appear clean or that evades initial defenses and is later identified as malicious. SentinelOne employs continuous analysis but retrospective detection is manual and part of threat hunting.Crowdstrike Falcon offers DVR capability down to a 5-second visibility of the endpoint. Retrospective detection is manual and part of threat hunting.Defender for Endpoint employs continuous analysis. It does not perform retrospective detection(part of threat hunting).
Device trajectoryDevice trajectory is continuous. Cisco Secure Endpoint and SecureX threat response map how hosts interact with files—including malware—across your endpoint environment. It can see if a file transfer was blocked or if the file was quarantined. It can scope the threat, provide outbreak controls, and identify patient zero. SentinelOne offers rich process tree for investigationsCrowdstrike provides device trajectory on a per-host basis.Microsoft uses Investigation Graph to show details on a per-host basis.
Device trajectory is continuous. Cisco Secure Endpoint and SecureX threat response map how hosts interact with files—including malware—across your endpoint environment. It can see if a file transfer was blocked or if the file was quarantined. It can scope the threat, provide outbreak controls, and identify patient zero. SentinelOne offers rich process tree for investigationsCrowdstrike provides device trajectory on a per-host basis.Microsoft uses Investigation Graph to show details on a per-host basis.
Threat visualization, investigation and containmentSecureX Threat Response builds Relations Graph to show clear and concise visualization of host interactions with malware, files, domains, and network addresses—which is key for incident investigations and rapid threat containment. It automatically enriches investigations with local/global file prevalence and, more importantly, with data from Talos threat intelligence, Umbrella (for DNS), Secure Endpoint (for global intelligence), Secure Malware Analytics (for file analysis), and more to highlight the systems under attack. Response and remediation actions are available from within investigations.LimitedSentinelOne shows per-host data, it does not show a visual representation of how different (multiple) hosts interact with malware, files, network addresses, and domains and does not offer enrichment and response capabilities.LimitedCrowdstrike Falcon, via Indicator Graph, offers visualization of incidents—but with limited enrichment capabilities, response, and remediation actions. Crowdstrike XDR is an add-on solution that may offer some of the capabilties.LimitedGraph (beta) shows the relations graph for entities(files, hosts) but with limited details and does not offer enrichment, response or remediation actions.
SecureX Threat Response builds Relations Graph to show clear and concise visualization of host interactions with malware, files, domains, and network addresses—which is key for incident investigations and rapid threat containment. It automatically enriches investigations with local/global file prevalence and, more importantly, with data from Talos threat intelligence, Umbrella (for DNS), Secure Endpoint (for global intelligence), Secure Malware Analytics (for file analysis), and more to highlight the systems under attack. Response and remediation actions are available from within investigations.SentinelOne shows per-host data, it does not show a visual representation of how different (multiple) hosts interact with malware, files, network addresses, and domains and does not offer enrichment and response capabilities.Crowdstrike Falcon, via Indicator Graph, offers visualization of incidents—but with limited enrichment capabilities, response, and remediation actions. Crowdstrike XDR is an add-on solution that may offer some of the capabilties.Graph (beta) shows the relations graph for entities(files, hosts) but with limited details and does not offer enrichment, response or remediation actions.
Dynamic file analysisSecure Malware Analytics is fully integrated into Cisco Secure Endpoint. This automated detonation engine observes, deconstructs, and analyzes using several methods. It’s effectively impervious to sandbox-aware malware at no added cost to the customer.LimitedSentinelOne does not offer file sandboxing. Customers need to add sandboxing capabilities via integrations with Alien Labs, Joe Security, Reversing Labs etc.LimitedCrowdstrike offers cloud based and on-prem sandbox deployment but does not integrate with supporting systems such as NGIPS, BDS, or BPS. It does not provide glovebox capabilities to interact safely with malware samples and observe malware behavior directly.LimitedMicrosoft offers cloud-based sandbox protection but does not support on-premises deployments. It does not integrate with supporting systems such as NGIPS, BDS, or BPS and does not provide glovebox capabilities to interact safely with malware samples and observe malware behavior directly.
Secure Malware Analytics is fully integrated into Cisco Secure Endpoint. This automated detonation engine observes, deconstructs, and analyzes using several methods. It’s effectively impervious to sandbox-aware malware at no added cost to the customer.SentinelOne does not offer file sandboxing. Customers need to add sandboxing capabilities via integrations with Alien Labs, Joe Security, Reversing Labs etc.Crowdstrike offers cloud based and on-prem sandbox deployment but does not integrate with supporting systems such as NGIPS, BDS, or BPS. It does not provide glovebox capabilities to interact safely with malware samples and observe malware behavior directly.Microsoft offers cloud-based sandbox protection but does not support on-premises deployments. It does not integrate with supporting systems such as NGIPS, BDS, or BPS and does not provide glovebox capabilities to interact safely with malware samples and observe malware behavior directly.
File analysis deployment modelCloud and on-premBoth on-prem and cloud. Secure Malware Analytics detonation technology is fully integrated in Cisco Secure Endpoint. File analysis can also be separated into an on-premises solution for customers who have cloud restrictions. Because Malware Analytics uses a proprietary analysis mechanism and 150+ other antievasion techniques, it is completely undetectable by malware trying to avoid analysis and sandboxing.LimitedSentinelOne does not offer file sandboxing. Customers need to add sandboxing capabilities via integrations with Alien Labs, Joe Security, Reversing Labs etc.LimitedCrowdstrike offers cloud based and on-prem sandbox deployment but does not integrate with supporting systems such as NGIPS, BDS, or BPS. No glovebox or reports on Org's samples like top behavioral indicators, detailed scores, sample search, or other details are available in the included SaaS sandboxLimitedMicrosoft offers cloud-based sandbox protection only but does not support on-premises deployments. It does not integrate with supporting systems such as NGIPS, BDS, or BPS. No glovebox or reports on Org's samples like top behavioral indicators, detailed scores, sample search, or other details are available in the included SaaS sandbox
Both on-prem and cloud. Secure Malware Analytics detonation technology is fully integrated in Cisco Secure Endpoint. File analysis can also be separated into an on-premises solution for customers who have cloud restrictions. Because Malware Analytics uses a proprietary analysis mechanism and 150+ other antievasion techniques, it is completely undetectable by malware trying to avoid analysis and sandboxing.SentinelOne does not offer file sandboxing. Customers need to add sandboxing capabilities via integrations with Alien Labs, Joe Security, Reversing Labs etc.Crowdstrike offers cloud based and on-prem sandbox deployment but does not integrate with supporting systems such as NGIPS, BDS, or BPS. No glovebox or reports on Org's samples like top behavioral indicators, detailed scores, sample search, or other details are available in the included SaaS sandboxMicrosoft offers cloud-based sandbox protection only but does not support on-premises deployments. It does not integrate with supporting systems such as NGIPS, BDS, or BPS. No glovebox or reports on Org's samples like top behavioral indicators, detailed scores, sample search, or other details are available in the included SaaS sandbox
Low prevalence executablesCisco Secure Endpoint will automatically identify executables that exist in low numbers across the endpoints and analyze those samples in the cloud-based sandbox to uncover new threats. Targeted malware or advanced persistent threats often start on only a few endpoints but with low prevalence.LimitedLimited capabilties. SentinelOne provides a list of installed apps but does not offer automated analysis of low prevalence executables. LimitedNo automated analysis of low prevalence executables. Global and Local Prevalence info is available in detections. Low prevalence files can be manually discovered via threat hunting. Falcon Discover provides a list of low prevalence apps and executable can be manually extracted and sent for analysis.LimitedNo automated analysis of low prevalence executables. A list of low prevalence apps and executable can be manually extracted and sent for analysis.
Cisco Secure Endpoint will automatically identify executables that exist in low numbers across the endpoints and analyze those samples in the cloud-based sandbox to uncover new threats. Targeted malware or advanced persistent threats often start on only a few endpoints but with low prevalence.Limited capabilties. SentinelOne provides a list of installed apps but does not offer automated analysis of low prevalence executables. No automated analysis of low prevalence executables. Global and Local Prevalence info is available in detections. Low prevalence files can be manually discovered via threat hunting. Falcon Discover provides a list of low prevalence apps and executable can be manually extracted and sent for analysis.No automated analysis of low prevalence executables. A list of low prevalence apps and executable can be manually extracted and sent for analysis.

Prevention

Allowlists and denylistsCisco Secure Endpoint provides the ability to override dispositions set by Talos.Override of dispositions is available.Override of dispositions is available.Override of dispositions is available.
Cisco Secure Endpoint provides the ability to override dispositions set by Talos.Override of dispositions is available.Override of dispositions is available.Override of dispositions is available.
Risk Based Endpoint SecuritySecure Endpoint is integrated with Kenna Security solution and thus enables customers to prioritize endpoint protection, enhance threat investigation to accelerate incident response. Three main use cases that are enabled with Kenna: scannerless vulnerability visibility, risk-based vulnerability context, and accurate, actionable risk scoresLimitedSentinelOne shows applications with basic CVE data but no intelligent prioritization.LimitedLimited capabilties with Falcon Spotlight. Crowdstrike uses ExPRT.AI for dynamic rating.LimitedDiscovered vulnerabilities with CVSS score only.
Secure Endpoint is integrated with Kenna Security solution and thus enables customers to prioritize endpoint protection, enhance threat investigation to accelerate incident response. Three main use cases that are enabled with Kenna: scannerless vulnerability visibility, risk-based vulnerability context, and accurate, actionable risk scoresSentinelOne shows applications with basic CVE data but no intelligent prioritization.Limited capabilties with Falcon Spotlight. Crowdstrike uses ExPRT.AI for dynamic rating.Discovered vulnerabilities with CVSS score only.
Integrated advanced threat protection (attack detonation)Cisco Secure Endpoint employs built-in sandboxing capabilities (via its full integration of Malware Analytics), plus event correlations, more than 2000+ IoCs, billions of malware artifacts, and easy-to-understand threat scores. Cisco Secure Endpoint is a full AV client as well and meets PCI/HIPAA audit requirements as an AV replacement. LimitedSentinelOne does not offer file sandboxing. Customers need to add sandboxing capabilities via integrations with Alien Labs, Joe Security, Reversing Labs etc.LimitedCrowdstrike offers cloud and on-premises deployments but does not integrate with supporting systems such as NGIPS, BDS, or BPS. No glovebox or reports on Org's samples like top behavioral indicators, detailed scores, sample search, or other details are available in the included SaaS sandboxLimitedMicrosoft offers cloud-based sandbox protection but does not support on-premises deployments. It does not integrate with supporting systems such as NGIPS, BDS, or BPS. No glovebox or reports on Org's samples like top behavioral indicators, detailed scores, sample search, or other details are available in the included SaaS sandbox
Cisco Secure Endpoint employs built-in sandboxing capabilities (via its full integration of Malware Analytics), plus event correlations, more than 2000+ IoCs, billions of malware artifacts, and easy-to-understand threat scores. Cisco Secure Endpoint is a full AV client as well and meets PCI/HIPAA audit requirements as an AV replacement. SentinelOne does not offer file sandboxing. Customers need to add sandboxing capabilities via integrations with Alien Labs, Joe Security, Reversing Labs etc.Crowdstrike offers cloud and on-premises deployments but does not integrate with supporting systems such as NGIPS, BDS, or BPS. No glovebox or reports on Org's samples like top behavioral indicators, detailed scores, sample search, or other details are available in the included SaaS sandboxMicrosoft offers cloud-based sandbox protection but does not support on-premises deployments. It does not integrate with supporting systems such as NGIPS, BDS, or BPS. No glovebox or reports on Org's samples like top behavioral indicators, detailed scores, sample search, or other details are available in the included SaaS sandbox
Extensive threat information across threat vectorsCisco Secure Endpoint is directly tied to Talos Threat Intelligence, so it can immediately see anything Talos sees. Cisco Secure Endpoint can instantly defend the endpoint against threats seen by your own or another organization's firewall, web URL, DNS entry, other endpoint, or email gateway. Cisco Secure Endpoint has a global view of threats across all threat vectors.LimitedOffers threat intelligence but lacks information from different threat vectors such as firewalls, DNS, email, and Web etc.LimitedOffers threat intelligence but lacks information from different threat vectors such as firewalls, DNS and email gateways and more.LimitedOffers threat intelligence but lacks information from different threat vectors such as firewalls, web and DNS.
Cisco Secure Endpoint is directly tied to Talos Threat Intelligence, so it can immediately see anything Talos sees. Cisco Secure Endpoint can instantly defend the endpoint against threats seen by your own or another organization's firewall, web URL, DNS entry, other endpoint, or email gateway. Cisco Secure Endpoint has a global view of threats across all threat vectors.Offers threat intelligence but lacks information from different threat vectors such as firewalls, DNS, email, and Web etc.Offers threat intelligence but lacks information from different threat vectors such as firewalls, DNS and email gateways and more.Offers threat intelligence but lacks information from different threat vectors such as firewalls, web and DNS.

Response

Threat hunting SecureX Threat Response provides incident tracking and enables rapid threat investigation and remediation with automatic data enrichments from multiple sources for accuracy. Cisco Orbital enables the capability to run live and scheduled queries against endpoints using osquery, a powerful tool that stores detailed endpoint information in tables that can be queried using SQL. Casebooks allows you to gather observables in groups (aka cases) and assign names, take notes, and add other observables directly into the cases. LimitedOffers threat hunting but does not offer integration with advanced sandbox solutions for Behavioral Indicators. No casebooks (or ribbon) to gather observables from various solutions to speed up threat hunting. Does not offer the option to hunt across other security systems.LimitedCrowdstrike uses Splunk Search for querying endpoints but does not offer integration with advanced sandbox solutions for Behavioral Indicators. It offers a limited (11) number of pre-built queries. No casebooks (or ribbon) to gather observables from various solutions to speed up threat hunting. Complicated to hunt across other security systems (requires Falcon XDR).LimitedMicrosoft uses Kusto Query Language for querying endpoints but does not offer integration with advanced sandbox solutions for Behavioral Indicators. No casebooks (or ribbon) to gather observables from various solutions to speed up threat hunting.
SecureX Threat Response provides incident tracking and enables rapid threat investigation and remediation with automatic data enrichments from multiple sources for accuracy. Cisco Orbital enables the capability to run live and scheduled queries against endpoints using osquery, a powerful tool that stores detailed endpoint information in tables that can be queried using SQL. Casebooks allows you to gather observables in groups (aka cases) and assign names, take notes, and add other observables directly into the cases. Offers threat hunting but does not offer integration with advanced sandbox solutions for Behavioral Indicators. No casebooks (or ribbon) to gather observables from various solutions to speed up threat hunting. Does not offer the option to hunt across other security systems.Crowdstrike uses Splunk Search for querying endpoints but does not offer integration with advanced sandbox solutions for Behavioral Indicators. It offers a limited (11) number of pre-built queries. No casebooks (or ribbon) to gather observables from various solutions to speed up threat hunting. Complicated to hunt across other security systems (requires Falcon XDR).Microsoft uses Kusto Query Language for querying endpoints but does not offer integration with advanced sandbox solutions for Behavioral Indicators. No casebooks (or ribbon) to gather observables from various solutions to speed up threat hunting.
Malware remediationMalicious file can be automatically quarantined or removed.Malicious file can be automatically quarantined or removed.Malicious file can be automatically quarantined or removed.Malicious file can be automatically quarantined or removed.
Malicious file can be automatically quarantined or removed.Malicious file can be automatically quarantined or removed.Malicious file can be automatically quarantined or removed.Malicious file can be automatically quarantined or removed.
Custom detectionHelps administrators quickly enforce full protection against questionable files and targeted attacks across both endpoint and network control planes based on endpoint activity.Custom detection and blocking can be done by adding custom file hashes.Custom detection and blocking can be done by adding custom file hashes. Custom detection and blocking can be done by adding custom file hashes.
Helps administrators quickly enforce full protection against questionable files and targeted attacks across both endpoint and network control planes based on endpoint activity.Custom detection and blocking can be done by adding custom file hashes.Custom detection and blocking can be done by adding custom file hashes. Custom detection and blocking can be done by adding custom file hashes.
Integrated DNS-level protectionExposes malicious domains associated with malware, giving users the ability to dynamically block access through Umbrella integration. Prevents command and control callbacks for data exfiltration, and stops execution of ransomware encryption.LimitedLimited DNS level protection capabilties.LimitedLimited DNS level protection capabilties.LimitedOffers web content filtering and web threat protection for selective platforms.
Exposes malicious domains associated with malware, giving users the ability to dynamically block access through Umbrella integration. Prevents command and control callbacks for data exfiltration, and stops execution of ransomware encryption.Limited DNS level protection capabilties.Limited DNS level protection capabilties.Offers web content filtering and web threat protection for selective platforms.

Architecture

Operating system supportWindows (7, 8, 10, 11) Windows Server 2008 R2, 2012/R2, 2016, 2019, 2022). MacOS, Linux, Android, and iOS. Cisco Secure Endpoint uniquely enables protection for iOS, as part of the Apple-Cisco API partnership.Windows, MacOS, and Linux (no mobile device protection).Windows, MacOS, and Linux (Falcon for Mobile requires additional purchase)Microsoft's primary focus is on Windows 10 and 11. Coverage for MacOS (EDR) and Linux is included though many protection features apply to Windows 10/11 exclusively (incl. auto investigation and remediation, attack surface reduction).
Windows (7, 8, 10, 11) Windows Server 2008 R2, 2012/R2, 2016, 2019, 2022). MacOS, Linux, Android, and iOS. Cisco Secure Endpoint uniquely enables protection for iOS, as part of the Apple-Cisco API partnership.Windows, MacOS, and Linux (no mobile device protection).Windows, MacOS, and Linux (Falcon for Mobile requires additional purchase)Microsoft's primary focus is on Windows 10 and 11. Coverage for MacOS (EDR) and Linux is included though many protection features apply to Windows 10/11 exclusively (incl. auto investigation and remediation, attack surface reduction).
Deployment modelBoth cloud and on premisesCisco Secure Endpoint is 100% managed in the cloud, reducing TCO. It's also offered as on-premises solution for organizations with cloud restrictions, such as the U.S. government.Both cloud and on premisesSentinelOne solution can be cloud-based or deployed on-prem.Cloud onlyDeploys only in the cloud; no on-premises installations for the private sector/air gapped networks (only Falcon Sandbox is available for on-prem deployment).Cloud onlyDeploys only in the cloud; no on-premises installations for the private sector/air gapped networks.
Cisco Secure Endpoint is 100% managed in the cloud, reducing TCO. It's also offered as on-premises solution for organizations with cloud restrictions, such as the U.S. government.SentinelOne solution can be cloud-based or deployed on-prem.Deploys only in the cloud; no on-premises installations for the private sector/air gapped networks (only Falcon Sandbox is available for on-prem deployment).Deploys only in the cloud; no on-premises installations for the private sector/air gapped networks.
Offline supportOffline protection is constant with exploit prevention, antivirus, and the Secure Endpoint engine.SentinelOne provides offline support with AI based detection.Falcon continues to run when the host is not connected to a network; however, the efficacy of this function has never been publicly proven.Defender for Endpoint offers offline protection using attack surface reduction/AV.
Offline protection is constant with exploit prevention, antivirus, and the Secure Endpoint engine.SentinelOne provides offline support with AI based detection.Falcon continues to run when the host is not connected to a network; however, the efficacy of this function has never been publicly proven.Defender for Endpoint offers offline protection using attack surface reduction/AV.
Closed-loop detection; integration with other platformsIntegrates with Cisco Firepower NGFW, Firepower NGIPS, ISE, and other platforms, such as Cisco Secure Email and Web Security. This integration is relevant when organizations own several platforms, but owning several platforms is not required to fulfill any of the funtionality of Cisco Secure Endpoint referenced in this comparison.LimitedIntegrations with SIEM and SOAR solutions, API available. SentinelOne does not have a broad security portfolio and hence offers limited integrations including with XDR. LimitedFalcon API and Falcon Streaming API for third parties, SIEM and SOAR solutions. Crowdstrike does not have a broad security portfolio and hence offers limited integrations including with XDR.Defender for Endpoint integrates with certain 3rd party SIEM solutions and Orchestration/automation platforms, MSPs. Also integrates with M365 Defender XDR solution.
Integrates with Cisco Firepower NGFW, Firepower NGIPS, ISE, and other platforms, such as Cisco Secure Email and Web Security. This integration is relevant when organizations own several platforms, but owning several platforms is not required to fulfill any of the funtionality of Cisco Secure Endpoint referenced in this comparison.Integrations with SIEM and SOAR solutions, API available. SentinelOne does not have a broad security portfolio and hence offers limited integrations including with XDR. Falcon API and Falcon Streaming API for third parties, SIEM and SOAR solutions. Crowdstrike does not have a broad security portfolio and hence offers limited integrations including with XDR.Defender for Endpoint integrates with certain 3rd party SIEM solutions and Orchestration/automation platforms, MSPs. Also integrates with M365 Defender XDR solution.

Third Party Validation

Forrester Wave: Endpoint Security Software As A Service, Q2 2021Strong PerformerStrong PerformerLeaderLeader
Strong PerformerStrong PerformerLeaderLeader
IDC MarketScape Worldwide Incident Readiness Services 2021 Market AssessmentLeader.Cisco was positioned in the Leaders category in the 2021 IDC MarketScape Worldwide Incident Readiness Services Assessment.Not included.SentinelOne was not included in the IDC MarketScape Worldwide Incident Readiness Services Assessment.Major Player.Crowdstrike is positioned in the Major Players category in the 2021 IDC MarketScape Worldwide Incident Readiness Services Assessment.Not included.Microsoft was not included in the IDC MarketScape Worldwide Incident Readiness Services Assessment.
Cisco was positioned in the Leaders category in the 2021 IDC MarketScape Worldwide Incident Readiness Services Assessment.SentinelOne was not included in the IDC MarketScape Worldwide Incident Readiness Services Assessment.Crowdstrike is positioned in the Major Players category in the 2021 IDC MarketScape Worldwide Incident Readiness Services Assessment.Microsoft was not included in the IDC MarketScape Worldwide Incident Readiness Services Assessment.
Radicati APT Protection - Market Quadrant 2021Top Player.Cisco received the highest rating and was named a Top Player. Radicati recognizes "Cisco offers a rich, highly integrated portfolio which combined with its built-in SecureX platform simplifies the security experience and allows organization to unify visibility, detection and response in order to defend against advanced APT attacks"Not included (did not meet Radicati's inclusion criteria).Not included (did not meet Radicati's inclusion criteria).Specialist.Microsoft was named a Specialist. Radicati notes "While Microsoft has been investing heavily in its anti-malware, antispam, anti-phishing, and zero-day protection capabilities, customers still report high degrees of spam, malware and other forms of attack. Most customers deploy Microsoft technologies as a baseline, while also deploying additional security solutions from other vendors for advanced protection"
Cisco received the highest rating and was named a Top Player. Radicati recognizes "Cisco offers a rich, highly integrated portfolio which combined with its built-in SecureX platform simplifies the security experience and allows organization to unify visibility, detection and response in order to defend against advanced APT attacks"Not included (did not meet Radicati's inclusion criteria).Not included (did not meet Radicati's inclusion criteria).Microsoft was named a Specialist. Radicati notes "While Microsoft has been investing heavily in its anti-malware, antispam, anti-phishing, and zero-day protection capabilities, customers still report high degrees of spam, malware and other forms of attack. Most customers deploy Microsoft technologies as a baseline, while also deploying additional security solutions from other vendors for advanced protection"

Other Services

Cybersecurity insurance/warrantyThe Cisco, Apple, Allianz, and Aon collaboration for cyberinsurance is an industry first. Collectively, we provide a holistic framework to decisively act on cyberrisk, giving organizations streamlined access to the right tools and cyberinsurance to strengthen security, reduce risk, and cover the complete cost of a breach if needed.LimitedRansomware Warranty requires strict policies to be enabled along with Volume Shadow Service(VSS) backups. Customers are required to respond to ransomware within a short interval of time to avail warranty.LimitedFalcon Complete (MDR) is required for breach warranty. Min. spend $250k+ to get $1M warranty. Requires strict controls and adherence to Measured Security Posture+Limitedvia partners (At-Bay)
Cybersecurity insurance/warrantyThe Cisco, Apple, Allianz, and Aon collaboration for cyberinsurance is an industry first. Collectively, we provide a holistic framework to decisively act on cyberrisk, giving organizations streamlined access to the right tools and cyberinsurance to strengthen security, reduce risk, and cover the complete cost of a breach if needed.Ransomware Warranty requires strict policies to be enabled along with Volume Shadow Service(VSS) backups. Customers are required to respond to ransomware within a short interval of time to avail warranty.Falcon Complete (MDR) is required for breach warranty. Min. spend $250k+ to get $1M warranty. Requires strict controls and adherence to Measured Security Posture+via partners (At-Bay)
Managed Detection and ResponseCisco Secure Endpoint Pro offers comprehensive protection via 24x7x365 correlation, threat analysis, investigation, and response by an expert team of researchers, investigators, and responders. Enables pivot to SecureX XDR to allow customers to expand the scope of investigations.SentinelOne’s Vigilance Managed Detection & Respose (MDR) service subscription is designed to supplement the endpoint security SaaS offerings. Falcon Complete MDR offers detection and response capabilities. No Falcon platform access and no direct policy changes are allowed by customers in order to retain the Breach Warranty. No pivot to XDR for customers to further investigate threats.LimitedMDR is offered via partnes like BlueVoyant and Red Canary (Defender Experts for XDR introduced in May 2022)
Cisco Secure Endpoint Pro offers comprehensive protection via 24x7x365 correlation, threat analysis, investigation, and response by an expert team of researchers, investigators, and responders. Enables pivot to SecureX XDR to allow customers to expand the scope of investigations.SentinelOne’s Vigilance Managed Detection & Respose (MDR) service subscription is designed to supplement the endpoint security SaaS offerings. Falcon Complete MDR offers detection and response capabilities. No Falcon platform access and no direct policy changes are allowed by customers in order to retain the Breach Warranty. No pivot to XDR for customers to further investigate threats.MDR is offered via partnes like BlueVoyant and Red Canary (Defender Experts for XDR introduced in May 2022)
Managed Threat HuntingTalos Threat Hunting is an analyst-centric process that enables organizations to uncover hidden advanced threats. Once threats are detected, customers are notified within their Cisco Secure Endpoint console, so they can begin remediation. The purpose is to discover and thwart attacks before they cause any damage. Customers can leverage their SecureX Threat Response to expand the scope beyond endpoints to network, DNS, Email and other solutions.SentinelOne Watchtower offers limited threat hunting capabilities. No easy pivot to XDR for customers to investigate across other systems.Falcon Overwatch provides 24/7 operations and alert prioritization. It is however limited to using endpoint data only. No easy pivot to XDR for customers to investigate across other systems.LimitedManaged threat hunting via Microsoft Threat Experts service provides Targeted Attack Notifications and Experts on Demand for engagement.(Microsoft Defender Experts for Hunting leverages XDR).
Talos Threat Hunting is an analyst-centric process that enables organizations to uncover hidden advanced threats. Once threats are detected, customers are notified within their Cisco Secure Endpoint console, so they can begin remediation. The purpose is to discover and thwart attacks before they cause any damage. Customers can leverage their SecureX Threat Response to expand the scope beyond endpoints to network, DNS, Email and other solutions.SentinelOne Watchtower offers limited threat hunting capabilities. No easy pivot to XDR for customers to investigate across other systems.Falcon Overwatch provides 24/7 operations and alert prioritization. It is however limited to using endpoint data only. No easy pivot to XDR for customers to investigate across other systems.Managed threat hunting via Microsoft Threat Experts service provides Targeted Attack Notifications and Experts on Demand for engagement.(Microsoft Defender Experts for Hunting leverages XDR).