We currently use McAfee Endpoint Protection on our Macs and PCs. On the Macs we only use the Anti-Malware, Application Protection and Desktop Firewall modules. We really hate McAfee for many reasons so we're looking into replacing it with something else. What else is out there? I read that Symantec's product does not include a firewall, so that's out. In addition to what else is out there, I guess I should ask, what is GOOD? Is there anything out there that isn't as convoluted to deploy? Any cross-platform solutions?
Question
Alternative to McAfee ePO?
+21
+13Xprotect? In IBM's JNUC presentation their systems are using Xprotect as their front line of defense, and then Norton as an optional install if the customer requires it. It might be worth looking into. I mean we ask ourselves if these programs actually do any good. To be honest I think McAfee caused more issues in our environment, than actually caught viruses last year.
+15The mac comes with a very solid firewall called pf (man pfctl). No GUI for it though. The 'Firewall' in the GUI is an application level firewall. If you don't want to configure pf yourself, you can use a GUI tool called 'ICEFloor' which will build configs for you. Then you can distribute the config files to your clients.
+21I've been looking at pf and Icefloor for a year and I still can't make heads or tails out of it. I do know that it lacks the centralized control that our security folks love about McAfee ePO. One saving grace about McAfee is that even if you did manage to completely bungle the firewall config and block everything, it has a failsafe of being able to still communicate to the McAfee server to pull down a corrected config. From what I can tell, something like pf will let you shoot yourself in the head and then dance on your grave. That being said, McAfee is still a pain in many ways that this one saving grace can't make up for.
As for XProtect, our security folks don't trust ANYTHING that's built into any OS. They insist on installing 3rd party tools so they can check off a box on their checklist. If there were viable 3rd party disk encryption options for the Mac, they'd instantly insist on that over FileVault regardless of how bad it was. I could never live my life being THAT paranoid about anything.
+27We've been evaluating Cylance and are planning on adopting it across our entire fleet in June. So far, I've been very very impressed. Mind you, it took me a while to get over the difference in philosophy, from traditional end point security/av.
+15Yeah- PF can be complicated, but it a fantastic tool. Tell your security guys it is third party (http://www.openbsd.org/faq/pf/) just bundled with the Mac. And yes, you can lock yourself out if you screw up. But hopefully you don't screw up! However, being managed by conf files and command line tools, and judging by you posting in this forum, you should be able to manage it with casper. Just push out new config files and commands as needed.
+5We use the cloud-based SentinelOne offering. It works well, and can really lock things down if you turn on their kill or quarantine settings. It also supports a flexible command line utility, so I can reach into certain laptops (like developers) via Casper and turn off the UI in the agent. Since developers tend to build a lot of custom software packages it tends to create too many warnings and it gets annoying for them.
They also support sending logs via TLS encrypted syslog to our syslog server, so I can load them into my SIEM for monitoring/compliance. Since the SentinelOne product hashes and reports on every new file created, it serves as my software inventory tool that is kept in the SIEM and easily produces the necessary audit evidence for any auditors.
My last plug for SentinelOne is their support staff are very knowledgeable and timely in their responses.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.