11-12-2019 11:44 AM
11-12-2019 11:44 AM
Has anyone found a solid feature comparison of ATP against SEP? We're using SEP right now, and I've been tasked with creating an apples to apples comparison/contrast of the two platforms. If anyone can help point me in the right direction, it would be appreciated greatly.
Just FYI, I have been to the actual ATP page and, while there is a tremendous amount of information there, I'd like to see if there's an existing compare/contrast document before I'm forced to make my own.
12-09-2019 12:57 PM
What do you mean by Swap?? If you are referring to migrating SEP to WDATP, I can share some experience. I just migrated a client workstations from McAfee Endpoint Protection to WDATP. They were more than happy with the result seen thus far.
12-09-2019 02:00 PM
@clsec So I guess one question is how did you approach the ASR and Exploit guard settings, etc as some of these can be set in Audit only mode to start with to gather intel before enbling in enforced mode?
If set in Audit only mode then you don't neccessarily have the protection enabled - so did you run them side by side - or just rip and replace? These are the sort of details we were wondering about.
Any sort of additional info would be helpful - thanks
04-09-2020 06:09 AM
@David Caddick - Apologies my response came slightly late. For the Desktop env, most of the challenges with ASR for other vendors did't show up with WDATP, we started by setting all ASR rule in monitor mode and accessed the result from the security portal. If we are confident the rule wasn't going to break stuffs, we enforce and test. It took a while for us to reach our goal (11ASR rule turned on), your developers are to be actively engaged as well because they might ave to adjust some of the codes to entertain the changes.
04-10-2020 01:01 AM
That's what we are doing now, setting ASR rules to Audit only to start with and making sure that we understand what needs to be added so that we don't inadvertanly break things as we enforce the rules.
Some tips for others that might help?
Reviewing the Audit log details from the Event Viewer looks like a big time suck, it's easier to do this from the Advanced Hunting console in either the Defender or the Threat Protection console using something like this:
The neat part of this is that you can now download this in a much easier to read spreadsheet/csv format
The other aspect I am investigating is how to run an assurance test to validate/check on the actual device that you are getting the correct settings that are required (this is tedious) so there are some tools that can help:
Next step is to see if it's possible to upload/import the resulting security into Intune as a new baseline perhaps, we'll see as we dig into this area
Socially distancing Dave ;)