We love BitDefender, but we’re considering a switch to Defender, likely with Huntress on M365 BP licenses, but perhaps E3/E5. I’m not familiar with the more expanded scope that licensing provides.
We use BD for content filtering, USB whitelisting, and their EDR and Risk Assessment (though the RA were shifting to ConnectSecure).
What gaps might we notice and need to be aware of?
What sort of management time shift might we see?
I think overall the switch to Defender with Huntress on M365 BP licenses would generally exceed the security that Bitdefender is giving you. In terms of management it would also be easier as Defender is much better integrated into the MS ecosystem. There will obviously be a learning curve but over time I think the ability to streamline it will make it more manageable. Other than that just make sure that what Defender is offering matches up to what you currently have
Just to be clear, I believe huntress integrates with Defender, not Defender for Endpoint that comes with BP.
We use BitDefender, and huntress. I looked into moving all of our AV over to huntress. The largest difference for us was needing to keep the Content Filtering. When looking into OpenDNS on top of huntress, the cost was much higher than just keeping BitDefender and running huntress where needed.
When you compare two stacks, think about capabilities. Bitdefender GravityZone gives you prevention, protection, and detection capabilities (with EDR/XDR). Or you can get detection as a service with Bitdefender MDR.
The better the first two pillars are, the less work there is for detection and response. It is still critical (e.g. our MDR reports that about 70% of security incidents start from unmanaged machines), especially for ransomware attacks, but you need to be careful how you evaluate its effectiveness. And you definitely don’t want to rely on detection more than on prevention/protection (it’s an equivalent of stopping the car by crashing with an airbag instead of using brakes).
If you have any specific questions about Bitdefender MDR, I can get you answers (I frequently interact with that team). Most of the team is based in San Antonio, they are all ex-military types - these influence how they are structured, how they operate etc…
I would summarize the major Bitdefender MDR differentiators like this:
Intelligence Team - comes from a military background of the team, the MDR team has a dedicated team (CIFC) for intelligence that is focused on supporting operations.
Baselining - the team spends quite a lot of effort in baselining your environment to understand what’s normal and what’s not.
Native XDR - Access to product developers and security researchers is a big advantage, including access to the forensics team or malware analysis if needed.
Human-led analysis - Some MDRs are not much more than automated emails (this was a big surprise to me during the MITRE MDR evaluations).
Huntress is comparable feature-wise with the basic Foundations, but there are more features available in Premium/Enterprise.
I would do Huntress + Bitdefender, before I would do anything MS Defender.
BD has tons of modules and layers. DNS, SSL inspection at the endpoint, Cloud Sandbox, etc. I am of the opinion that it is a much stronger security posture than most other endpoint securities as it leans more towards zero trust. It’s much harder to set up correctly though.
Anecdotally, there are tons of stories here about how Huntress saved someone from something nasty, often praising how many times Huntress has saved them from nasty things.
That is awesome for Huntress, but each of these stories is also an instance where the security stack failed up to the point of last resort (Huntress). These are warnings to me.
https://www.reddit.com/r/antivirus/s/dtd8kTxPIC
Pretty cool data analysis someone did of the last 5 years of AV Comparatives protection and performance testing. The short version is Bitdefender is the best on the market and beats Defender by a significant margin.
Why not use one of the Bitdefender bundles (with MDR)?
https://www.bitdefender.com/business/products/msp-security-solutions.html
I think this was announced recently (I work for Bitdefender, but not at the MSP side of business)
Just make sure to get the right Defender license.
I would get deep instinct before going that route. reduction of false positives and it works well with bit defender.
This is changing very soon!
BP comes with Defender for Business, not Defender for Endpoint. Defender for Business is basically DfEp1 but it also includes Threat & Vulnerability Management, EDR, and Auto Investigation and Remediation from DfEp2.
You can check out ScoutDNS which has done a solid job of Content filtering. Lower cost then OpenDNS/Umbrella with the same functionality.
If you could integrate non bitdefender logs into the MDR we’d have done it. But it’s so limited we have to use defender or sentinel or another siem. And at that point, why bother with bitefender as well?
Out of curiosity, why Bitdefender + Huntress instead of Bitdefender + Bitdefender MDR? 
BD has tons of modules and layers. DNS, SSL inspection at the endpoint, Cloud Sandbox, etc. I am of the opinion that it is a much stronger security posture than most other endpoint securities as it leans more towards zero trust. It’s much harder to set up correctly though.
Depends what other platforms you are integrating, whether say your firewall application leans towards 0t, whether you’re layering on another application like netskope etc
Because it’s bloody expensive.
Is that an Mdr? Looked into them and haven’t seen any updates or new articles about their product since 2022
Prefer Scout over DNSFilter? (disregarding cost)
Let me ask you, what did your group find about Defender, sentinel, or the other SIEMs that you didn’t like that lead to not using BD? I just started with their teams and am not heavily invested yet, but do plan to be currently. Thanks