Looking to move from that traditionally endpoint security into a new solution that better protects our endpoints not only against AV, but malware and unknown threats, etc. Also, as the team here is very limited, need something that can look after itself and doesn’t need a lot of baby sitting. Sends pertinent notifications and won’t inundate you.
Been looking at Huntress, seems very hands off, leverages Defender now, looks like a good solution. Started a trial with their solution. A few other, larger, companies in my space though I know are using SentinelOne. I’m still waiting for pricing but I’m guessing it’s going to be more, but their product also seems more robust, looking at the Singularity Control solution.
Question is, how to decide? I have about 150 endpoints. Nothing to complicated. I know @LTS_Tom indicated they use both and I’m sure that is even better, but we will only be able to afford one, so how do I choose? One is a bit cheaper, but will do the job, one is pricier but is it worth the extra expense?
If anyone has experience with either that they could post briefly about, I would appreciate it. What did you like, not like, etc.
Hey Tom, Now that you have been using S1 Complete and NinjaOne (Assumption from videos) are you still using Huntress? If so, what benefit are you getting from it? We are looking at switching to the S1 Complete package in Ninja. Which is a huge upgrade from Webroot! Lol! We also have Huntress and Emsisoft that we are going to replace with S1. So I am looking for any input.
@LTS_Tom if you had to pick only one, would you go with S1 Complete or Huntress + Managed Defender? Seems like they are competing projects and not complimentary.
I’m using NinjaOne and Malwarebytes but looking to replace Malwarebytes.
Hi @LTS_Tom.
Obligatory salute and thanks for all the content.
I’ve been watching your Huntress and SentinelOne videos with a view to using both in my MSP offering/stack.
With regard to Host Isolation, for both. They similarly block traffic to other nodes and gateway etc. which is great but I’m just wondering if you can only mitigate through the respective Sentinel/Huntress portals. I presume this locking down blocks remote access via the screenconnect etc.? If that is the case, you are limited to go out on site to wipe the machine if for some reason the mitigation didn’t work? Has that ever happened?
Thanks and keep up the great work.
I can only speak to the SentinelOne solution, but correct, the host is isolated from everything except the S1 portal. S1 does provide a LOT of resources though to remotely manage and remediate a system but yes, if you needed to wipe it, you’d need to go onsite to do so.
But using the system state roll back and such for remediation, this should almost never be the case.
Their Remote Shell is a pretty powerful tool as well, allowing remote powershell and bash commands.
Both S1 & Huntress lock down to only them. When there has been the need for host isolation there is usually the need to wipe that system because I don’t trust it anymore.
