Endpoint Detection and Response – compare CrowdStrike & Secdo

While Crowdstrike and Secdo are both endpoint-based solutions, the value proposition and use cases provided by each are different

Had we not had Secdo running, we would not have come to the close visibility that we needed to reconstruct the attack. We wouldn't have known about it.
Golan Ben-Oni
CIO, IDT Corporation

Overview

    Secdo CrowdStrike
CATEGORIZATION  

An endpoint-based software solution with a strong Incident Response capabilities that focuses on augmenting and automating the skills, capabilities and effectiveness of security operations.

An endpoint-focused MSSP with a NGAV protection platform that concentrates on preventing malware.

DAY TO DAY  

A high-touch, incident response solution used by the SOC and CIRT/Hunting/IT Security teams on a daily basis to detect, hunt, investigate and respond to any type of threat including malware and insider threats.

A ‘set and forget’ solution intended as a low-touch, first layer of defense that attempts to prevent malware-based threats.

CATEGORIZATION
    Secdo CrowdStrike
CATEGORIZATION  

An endpoint-based software solution with a strong Incident Response capabilities that focuses on augmenting and automating the skills, capabilities and effectiveness of security operations.

An endpoint-focused MSSP with a NGAV protection platform that concentrates on preventing malware.

DAY TO DAY
    Secdo CrowdStrike
DAY TO DAY  

A high-touch, incident response solution used by the SOC and CIRT/Hunting/IT Security teams on a daily basis to detect, hunt, investigate and respond to any type of threat including malware and insider threats.

A ‘set and forget’ solution intended as a low-touch, first layer of defense that attempts to prevent malware-based threats.

Feature comparison

    Secdo CrowdStrike
Visibility  

Collects events at the thread-level, including file activity and enables a simple search UI to query anything.

Collects events at the process-level, but does not provide a friendly search UI.

NGAV (Prevention)  

Does not provide NGAV.

Does provide NGAV.

On-Premise  

Can run both on-prem and in the cloud.

Does not support on-prem.

Customized Detection (BIOCS)  

Enables customized BIOCs which can be added by the customer.

Does not support customized BIOCs.

Threat Intelligence  

Provides BIOC feeds and integrates with any threat intelligence feed.

Provides its own threat intelligence as a service.

Automated Investigation  

Automatically ingests 3rd-party alerts and performs full investigation for each alert in real-time.

Does not provide ingestion of 3rd party alerts or automated investigation.

Live Response  

Provides a powerful "LIVE REMOTE" response console with command-line shells, python shells, task manager, memory dumps, screen capture, isolation, remediation, process termination, IceBlock, and more.

Does not provide live response.

Scalable Response  

Secdo, through its python runtime engine, provides over 100 response capabilities that can be executed at scale.

Does not provide any scalable response.

Visibility
    Secdo CrowdStrike
Visibility  

Collects events at the thread-level, including file activity and enables a simple search UI to query anything.

Collects events at the process-level, but does not provide a friendly search UI.

NGAV (Prevention)
    Secdo CrowdStrike
NGAV (Prevention)  

Does not provide NGAV.

Does provide NGAV.

On-Premise
    Secdo CrowdStrike
On-Premise  

Can run both on-prem and in the cloud.

Does not support on-prem.

Customized Detection (BIOCS)
    Secdo CrowdStrike
Customized Detection (BIOCS)  

Enables customized BIOCs which can be added by the customer.

Does not support customized BIOCs.

Threat Intelligence
    Secdo CrowdStrike
Threat Intelligence  

Provides BIOC feeds and integrates with any threat intelligence feed.

Provides its own threat intelligence as a service.

Automated Investigation
    Secdo CrowdStrike
Automated Investigation  

Automatically ingests 3rd-party alerts and performs full investigation for each alert in real-time.

Does not provide ingestion of 3rd party alerts or automated investigation.

Live Response
    Secdo CrowdStrike
Live Response  

Provides a powerful "LIVE REMOTE" response console with command-line shells, python shells, task manager, memory dumps, screen capture, isolation, remediation, process termination, IceBlock, and more.

Does not provide live response.

Scalable Response
    Secdo CrowdStrike
Scalable Response  

Secdo, through its python runtime engine, provides over 100 response capabilities that can be executed at scale.

Does not provide any scalable response.

Recommendations

Organizations looking to:

Augment/automate internal security operations including SOC and CIRT/Hunting teams


Buy Secdo

Organization looking for:

A set-and-forget NGAV/EPP and hunting as a service


Buy Secdo

Organization that:

Manage their own SOC


Buy Secdo for the SOC/CIRT and Crowdstrike Falcon as NGAV/EPP

Reference Customers

With Secdo, we were able to bring the volume of suspicious alerts from 1,500 to 60 a day with only two actual incidents, entirely manageable by our staff
Michael Livni
CISO, Valley National Bank

Awards & Recognition