u/ToKChiNe

Evaluating EDRs (CrowdStrike vs Defender vs Sophos vs WithSecure). Need real-world feedback!

Hi everyone,

I’m currently a junior/apprentice SysAdmin, and for my final graduation project, I’ve been tasked with evaluating and choosing a new EDR solution to replace our current setup: TrendMicro Security Agent.

For some context on our environment, we are relatively small: we manage about 120 user endpoints (workstations) and around 20 VMs.

The goal is to compare CrowdStrike, Microsoft Defender, Sophos Intercept X, and WithSecure.

Here is the catch: my director straight up refused to let me run a Proof of Concept (POC) for financial reasons. On top of that, every sales rep I’ve talked to has sworn on their life that their solution is the absolute best, lightweight, and most secure option on the market. Classic sales pitches, zero objective data.

Since I have to build a solid comparison matrix for my thesis without actually testing the tools in production, I desperately need your unvarnished, real-world feedback for an environment of our size.

If you have experience with any of these four solutions (or better yet, if you migrated from TrendMicro to one of them), could you share your insights on:

  1. Day-to-day management: How is the admin console? Is it intuitive or a convoluted nightmare for a solo admin/small team?
  2. Performance impact: Are the agents actually lightweight, or do they heavily impact end-user machines and VMs?
  3. Alert fatigue: How do they handle false positives? Is the tuning process straightforward?
  4. Support & Deployment: How painful is the initial rollout, and how reliable is their technical support when things hit the fan?

Any metrics, pros/cons, or horror stories you can share would be a lifesaver for my project (and my sanity).

Thanks in advance!

reddit.com
u/ToKChiNe — 8 hours ago