As a previous BitDefender/GravityZone MDR user, we got about 3 alerts in 9 months across ~100 orgs. The Microsoft/Cloud MDR didn’t pick anything up when there were very obvious compromises and it would turn into 8 hour calls with their devs to try to see why it didn’t work (the devs were great though and open/honest about the product, best part about BD).
We switched to another MDR and now we get a call every ~2 weeks. Typically something dumb like someone trying to use a VPN on their work machine, but at least we know something is happening over on the SOC/MDR side lol. They’ve also thrwarted many compromises and locked out cloud accounts within 15 minutes of initial compromise.
Personally I like having the products from different vendors. Less likely to suffer a simultaneous failure due to vendor oopsie. Also Huntress is very vocal about its threat hunting activities, BD not so much.
I assumed the original poster was interested in Huntress.
We use Bitdefender MDR and like it.
MDR Foundations? That should be very affordable as far as I know 
Deep instinct plays more as an Endpoint protection platform. Little different than an MDR, but honestly just as effective in many use cases while generating a lot less false positives.
Weeks, not months. Trying to narrow down a better ETA!
Yea I would also really like to know how close it is.
DNSFilter feels more refined. Scout is solid on the back end.
I don’t understand what you’re asking exactly.
We started as a Bitdefender customer, didn’t pay for the XDR as it was pricey, when it came close to renewal we looked at MDR and it was very expensive.
As we’re already licensed for 365, it was minimal cost to move everything to Defender. With sentinel everything is in one place, and we can ingest any logs we need to.
With Bitdefender you only get the logs from their software, nothing else - so it’s largely useless. Antivirus is just one tiny piece of the landscape now for security.
And then their MDR only reviews those logs… any other MDR that works with sentinel or another SIEM means they can review and act on all our logs from everywhere.
When you said “We switched to another MDR…” which one do you mean, if you care to share?
We have been using Sophos MDR (formerly MTR) in many instances and they seem to flag everything from powershell operations to odd installs, but the environments they are in feel quiet if the users aren’t doing anything they shouldn’t be (good security training).
Ah, that makes sense, don’t put all your eggs in the same basket. But on the other hand, MDR team has direct access to developers and security researchers, which is much better than having dependency on a 3rd party (especially if it’s large org like Microsoft)
You van have the full security stack for about 15$/mo per Endpoint when purchasing through Atera RMM, very worth it for the MDR and researcher access
I’ve heard about a bundle option instead of BD + multiple add-ons. Any idea when that’s supposed to drop at Pax 8 and other resellers?
Based on your opinion, how necessary is ATS add on? What add-ons are must have and which are nice to have.
Also does BD require you have the EDR add on + Mdr or does Mdr cover that?
Hey Andrew, it’s been a few weeks since you posted this, so I was wondering if there was any update. I’m looking at getting Huntress for a new MSP and managed Defender for Endpoint would be a huge selling point.
Danke
Gonna have to evaluate Scout at some point
Ultimately, we switched to Blackpoint and we’ve been impressed with it - doesn’t mean they don’t have some flaws as well, but it’s been a great product overall and feels like they’re catching legit activity. There’s definitely a price hike, but we were acquired last year and have a lot of buying power now and got it for a great deal per endpoint.
I should also mention that we were early to Bitdefender’s MDR and there have likely been lots of improvements since we switched. We just had 2 “big” incidents where compromised accounts clearly should have been caught but we got no alerts or heads up about it. We still use their EDR for what it’s worth haha, but will likely move over to Defender within the next year.
I cannot comment on the availability through resellers (I asked our MSP team, will let you know when I hear back).
Essentially, you have two options now - you can use a la carte and build your own stack or use one of the new bundles. There are three bundles, but it boils down to this:
- Secure - Core Prevention + ATS + EDR
- Secure Plus - Secure + MDR
- Secure Extra - Secure Plus + 2 XDR sensors (Identity + Productivity)
So Secure Plus would cover both EDR + MDR for you.
As for if ATS is worth it (other add-ons depends on your needs) - 100%, I consider ATC/PI (part of ATS) one of the hidden gems of Bitdefender. It’s really a process monitoring with tons of algorithms behind it, one of the best protections against 0day vulns.
I did a write up not long time ago:
https://techzone.bitdefender.com/en/security-layers/protection/process-protection.html
“ATC is mainly concerned with finding and stopping bad processes from doing harmful things, whereas PI is all about finding and stopping any processes (even the ones we trust) from turning bad after they’ve been compromised. For instance, ATC would spot malware trying to sneak into ‘chrome.exe,’ but PI would catch ‘chrome.exe’ when it tries to do something bad after being attacked.”
We’re in private preview now! DM me your email and I’ll get you set up.
