Hi, I currently have ESET Protect EDR installed on all computers and servers.
Would it be beneficial to replace ESET on the servers with CrowdStrike Falcon Enterprise?
My budget doesn’t allow for CrowdStrike licenses on all ~400 endpoints.
Yeah, you’d then go from one console to monitor to two consoles. You’ll then have two potential problems instead of one. If you can’t afford CS Falcon I’d look at Sentinel One, Uptycs, Cylance, Lima Charlie or Trellix. I omitted MDE because it takes a fair amount of elbow grease to get ASR enabled to MS recommendations, putting it out of reach for most smaller shops.
Recommend sentinel one for the price point and the purple ai is impressive. You don’t want to have to many dashboards to look at. It will become an issue from the manageability standpoint as well as correlation. Stick with one console as much as you can for EDR.
With your last statement you answered your question.
Would also agree about SentinelOne. Their price point is really good. I’ve done lots of testing with the software and have found nothing lighter and more powerful than S1. I’ve migrated thousands of endpoints from crowdstrike as well. If you want more details hit me up. I work for a reseller that has a direct relationship if you want me to put you in touch with someone.
Playing Devils advocate, “IF” you are set on moving your servers to Crowdstrike, here points I’d consider under the assumption of a Crowdstrike Complete license.
- Crowdstrike definite upgrade to ESET
- Crowdstrike would be like Cities inner wall protecting a castle while the outer wall would be ESET.
- If you have anything public facing this will easily be an upgrade not only from the protection, but from the telemetry that is provided by Crowdstrike.
- You will have to consider unifying where you are getting alerts, even if it’s going to a team channel as long as you have a centralized point.
Could you elaborate?
have found nothing lighter and more powerful than S1
That’s because you haven’t tested our solution yet 
You want one product for EDR monitoring. Most of your IIV will originate from a workstation, VPN appliance, or something of that nature. You’d want CSF or something like SentinelOne running on all your endpoints. Personally, I prefer SentinelOne (we are a reseller for it). How big is your security team and who will be monitoring everything? I would just look at adding Huntress alongside ESET. Huntress has a 24/7 SOC, basic SIEM Logging, and a few other add-ons. Bigger thing too is to make sure everything is configured correctly. Whether it’s tamper protection or valid exclusions, I have seen companies pay for CSF or S1 and then put an exclusion in for *.exe files.
Personally not a fan of EDRs that take the stace of strong controls once the endpoint/network has already been infected. But to each their own I guess.
Actually we’re not an EDR and there’s no need to quarantine the endpoint cause we prevent any infection in the first place… (we distort ransomware perception of the endpoint and prevent the attack before it even begins using a very lightweight agent [lighter than S1, CS, Sophos, etc.])
Which means your only as good as your prevention mechanisms. I’ve had many conversations around this topic. Don’t like it and will never use it. It’s like saying a plane is 100% safe because they have 7+ fail-safes for everything, like ok but doesn’t mean the thing still can’t break or in this case be bypassed… To each their own if this is the stace your taking cool but you will always have to be layered with something to provide proper protections.
We are all for layered approach because no one can guarantee a 100% prevention, detection, or anything else for that matter. That’s why we integrate with Windows Defender & Firewall and provide device control…
I find it funny that you don’t believe in prevention and yet you go for S1 which is not the best at detection… Anyways, good luck with that… 
Lol not sure where you got their metrics about detection. It’s an EDR and does exactly what an EDR should do. They also have the ability to setup star rules to get extended detection techniques. If you are thinking it should be blocking WMI queries or some attack techniques like that then you don’t understand what an EDR should be doing. I’ve yet to see S1 fail in any of my tests or vendor tests or live IR and red team tests. Would love to hear why you think it’s not the best at detection when it’s been named the industry leader multiple times.
From people reaching out to us and telling us how their S1 missed attacks (not talking about WMI queries, yeah?)… even here you’ll find some people that had this happen to them
S1 perhaps is considered industry leader, that’s because it caught the market better than others (look at what happened to CarbonBlack, Cybereason and similar)… they all work pretty much the same with different management servers and minor performance differences
If you want to see the difference between EDRs and our solution, happy to show you (I can send links… for S1 specifically we’ll need to have a quick Zoom call)