Sophos vs Crowdstrike
Posted by NorthPole2022@reddit | sysadmin | View on Reddit | 22 comments
Our company is looking at weighing the benefits between the two. Anyone have any tips and pros and cons to both? We currently use Sophos and use their encryption. We will also be looking for an MDR solution.
Fickle_Bit1481@reddit
My org has used Sophos for years and just recently upgraded to MDR. I’ve never used Crowdstrike so I can’t compare the two.
The MDR onboarding was pretty simple, really the only part that took any time was making a few changes to our policies that they recommended. The endpoint agent is on the heavy side for resource usage, but it does offer a lot of functionality (endpoint web filter, application control, etc). Generally, it seems the MDR team is on top of things. Biggest drawback is their standard support is pretty awful, but it’s been rare for us to need them.
Character-Rush-5074@reddit
Crowdstike made windows explorer slow for us
llDemonll@reddit
It’s hard to beat Crowdstrike. We have Falcon Complete and Overwatch and it’s essentially hands-off for us.
klaymon1@reddit
Another vote for CS. Yeah, we had the issue, but we were back up about 3 hours after start of business. Shit happens. It saved my bacon a couple of times.
ArchonTheta@reddit
Media blew it up as usual. Reason most companies were down as because their IT departments were lazy.
jimmytickles@reddit
Uhh. Lazy my ass. It required manually touching most machines in almost all scenarios. That's a butt load of time even if you have the luxury of being able to do it yourself. Add another layer of having to walk a user through it and you just increased that exponentially. We had about 300-350 machines affected, almost entirely remote workers and it took us about 4,12 hour days with as many hands as we could quickly bring up to speed and help us.
wells68@reddit
"Essentially" being the key word here? Has CrowdStrike made any public statement about how they might actually test updates on a mix real-world servers before release? Or have they just said something like, "We've taken steps to ensure this will not happen again?," and then minimally tweaked their Content Validator and template thingies?
Did you know that a month or so before the big CrowdStroke incident they released an update that spiked processors for hours, fixed that particular issue, but didn't take it as a warning that their QA was flawed?
llDemonll@reddit
They released a workflow on how their definition updates are now tested, yes. All customers id presume were sent the same docs we were.
wells68@reddit
A web search didn't turn up such a workflow. Does it address staging updates?
"This biggest issue here is that CrowdStrike didn’t stage and verify the update and pushed the update out without knowing there was a major outage-causing issue." - Mitch Ashley, Futurum Group
llDemonll@reddit
their definition updates now follow the same approval and check process that software updates do
bbqwatermelon@reddit
Those automated blue screens were soo hands off :-P
jimmytickles@reddit
Is Sophos Encryption still pre-boot?
Alert-Main7778@reddit
Sophos MDR has been incredible for us.
boftr@reddit
Anything specifically you could share?
Alert-Main7778@reddit
It just does it all - USB restrictions, app restrictions, and MDR is the icing on the cake. It really helps you sleep at night. I have had almost zero issues with Sophos over the years. It really is set it and (almost) forget it. Their dashboard is great for making sure you're running best-practices and if you pay up MDR answers any question you might have.
boftr@reddit
Thanks for expanding. Good to hear.
SystemAdminDude@reddit
just install an ad blocker and you’re good
Scall123@reddit
r/shittysysadmin is leaking
Just-Parsing-Through@reddit
Both good- although I prefer CS support over sophos. I have access to both consoles, CS is more feature rich but sometimes you get overwhelmed by the dashboard. Sophos has a better looking UI but I do not feel the devs give it the time of day when issues are reported or shortcoming are discovered..
CS wins it for me
disclosure5@reddit
I mean, have you actually priced Crowdstrike?
Honestly I've deployed both and all the secrecy around Crowdstrike just put me off, an that's before we get into it being completely unreasonable to buy in a smaller business.
Lucar_Toni@reddit
(Sophos Employee Here):
I can comment on Sophos:
If you already have Sophos installed, the onboarding process for Sophos MDR is pretty straight forward, the endpoint will install the needed components (like it did with encryption) and does not need additional changes.
You need to apply the new MDR License, add your contacts and give general context about you as a customer and the onboarding will straightforward.
Same for Servers: Sophos will install the MDR Server protection within minutes.
ryalln@reddit
Got crowdstrike here and hate to interface. Mostly hands off but something about it just sucks. Features and shit it can do i enjoy