Comodo MDR Reviews

The major use case for the product is mainly for endpoint security and endpoint management.

The biggest advantage of the product, as I see it as a reseller, is its security and reporting.

The automated incident response feature in Comodo MDR works fantastic. When customers install custom tailor-made software which is not recognized by Comodo MDR endpoint detection response tool, it runs in an isolated environment, virtual environment, sandbox environment. If it determines that this software is not secure, not verified, or not approved by system admin, it blocks the software immediately. The software will not run, and it sends a report to the admin email instantly. If there is any issue with the software or if any incident such as a malware attack or ransomware attack is happening, or something is trying to make changes to the system files, it immediately blocks the software tool and reports back to the admin. As a reseller partner and secondary admin for the customers, my team and I directly receive a mail, and we take control of that machine. It even blocks complete network access to that machine.

On the hardware side, if there is a hard disk full or RAM 90% usage or CPU 90% usage or any of these incidents, we set up an alert notification option for it. The moment these incidents occur, it sends an alert so we can recommend customers upgrade their hardware or check if there is any malfunctioning software consuming too much RAM and CPU. This incident response use case helps us keep customer machines' performance to the maximum.

The 24/7 monitoring capability supports a lot in contributing to our cybersecurity strategy. It is very much compatible with our goal.

Areas for improvement are mainly on the software side. They are trying to integrate some functionalities, but their API integration with some CRM and invoicing tools is not appropriate or 100% compatible. If I want to integrate the incidents with invoicing or with CRM and support ticket response tools such as Zoho or Zendesk, the compatibility for ticket generation and CRM is challenging for the API connectivity. This is one of the issues. However, they have integrated authentication with Microsoft and other single sign-on tools, which are amazing, but some of the integrations with other software need enhancement.

I have not had much experience with other MDR products apart from Comodo MDR. MDR mainly emerged after 2018-2019, and Comodo MDR and Kaspersky were the main players at that moment in the market, along with Symantec Endpoint Protection. These were the top three beyond McAfee and Sophos, which are more popular in Europe and the US. In the Middle East, these tools were very famous.

After COVID hit, there was not much scope for exploring or seeing other products for nearly two or three years, until 2023. After 2024, the market moved, and there are other competitors and players entering. However, I haven't had the chance to explore since when you are satisfied with a product and know its limitations and pros and cons clearly, you typically don't change every day for a different MSSP for different products.

The stability of Comodo MDR is generally very good; it is very stable. Once there is an internet connection, it updates, and all policy deployment is very quick and smooth with a very small footprint. It is a very good product.

The solution is quite scalable and pretty good in terms of versatility. For one company, I can make different groups and apply different policies: for manager users, USB drives are allowed; for staff users, USB drives are not allowed; and for servers, USB drives are also not allowed. I can assign multiple policies to multiple groups and directly assign computers. One reboot and the policy gets applied, making the deployment straightforward with versatility and scalability.

The technical support from Xcitium should be improved more. Users pay $60 per user per year, and in case there is an issue, support tickets take nearly three days or sometimes even more for a clear resolution or an answer. This slow response time is concerning, especially for a security tool, where customers need timely assistance. If I'm not able to resolve something quickly and need support, making customers wait for 72 hours or even longer is unacceptable; that's nearly a whole working week without a resolution.

Positive

I find the deployment pretty straightforward.

I believe Comodo MDR is a bit expensive. Kaspersky for the same thing is way cheaper, which is why customers tend to go for Kaspersky and ESET. Now, Sophos and some other tools are coming in as cheaper solutions from a cost perspective. The cost from Comodo MDR is around $60 per user per year, which is a bit steep per seat.

The real-time threat analysis aspect of the product helps minimize downtime. If there is an issue, there is an issue. The moment it detects a removable issue, it removes it in the background. One or two reboots are required, which is acceptable. But if it's a major issue and human intervention is required, then downtime is inevitable and not avoidable at all.

We do not work with the detailed threat forensics aspect. However, every day new threats keep coming in, and as an MSSP, we just submit it to Comodo Xcitium itself, and they take care of any forensics if required.

The quality of support deserves a rating of seven out of ten.

On a scale of one to ten, I rate Comodo MDR a nine overall.

Comodo MDR has been implemented primarily for key workstations and servers. It's managed centrally through a single location. We use it to monitor and track any suspicious activities. We benefit from 24/7 support, ensuring immediate reporting of any detected suspicious activities.

The product is fairly new compared to others like Trend Micro or Symantec. However, it offers sophisticated features, especially in scanning and analyzing activities on workstations or servers. It can prevent malicious operations from spreading to other applications or the network. This feature is particularly effective because it operates at the IO level, unlike behavior or signature analysis used by other products. It contains threats and alerts administrators about whether they are false positives or real threats that need immediate action or support recommendations.

I think having a higher level of MDR would be beneficial, although it's quite expensive. This would involve not just monitoring the network but also taking actions to stop and detect threats. We haven't implemented this yet, but we're considering it for our organization's plans.

I have been using the product for ten months. 

I rate Comodo MDR's stability as nine out of ten. 

We plan to expand the tool's usage by next year. I rate its scalability an eight out of ten. 

The tool's technical support is active and very responsive. 

Positive

I rate the tool's deployment ease as five out of ten. In our situation, our team doesn't understand what it means to configure your solution properly. Because in the end, if any security solution isn't configured correctly, it won't provide optimal protection. So, it's very clear that we need to balance the gaps in our team's skills and what the vendors can do to cover those gaps for us.

The tool's agents are deployed on-premises and connect to a very secure API to a cloud console. From the cloud console, you start managing and controlling the workstation configurations. Deployment took a few days because it included extensive orientation for our team members.

The tool's pricing is high compared to other products. If you want to target a certain quantity, it should provide discounts to enterprises.

I rate Comodo MDR an eight out of ten. 

The primary and fundamental use case of MDR lies in providing increased compatibility and reliability.

One of the most valuable features is its around-the-clock, 365-day-a-year online technical support. Since all portals and devices are managed by the principal, there is a high level of dependency and adherence to the SLA. This simplifies matters for the company, eliminating the need for involvement in planning or problem-solving.

The critical aspect is the management of the remote access, and I specifically need this to be overseen through our virtual private network. Additionally, I would appreciate the inclusion of free remote access in EDR, as a considerable number of individuals in our community may face financial constraints hindering them from affording substantial license fees per subscription. I suggest that in the scenario where an application is cloud-based, operating as software-as-a-service, the server site should exhibit one hundred percent reliability. In my experience, attempting to update a hundred clients simultaneously often encounters network glitches or issues with IPs in the cloud. They should consider adopting the desktop version as a solution.

I have been working with it for one year.

It provides outstanding stability. I would rate it ten out of ten.

It offers excellent scalability. I recommend it for medium and enterprise organizations. I would rate it ten out of ten.

The technical support is impeccable. Whenever I reach out via email regarding any issues or inquiries, especially during the product deployment phase, I receive a response within seconds, not minutes. I would rate it ten out of ten.

Positive

I have experience working with McAfee MDR, Symantec MDR, and Trend Micro MDR.

The initial setup was straightforward.

Deploying the system takes a considerable amount of time, especially when utilizing the bulk installation feature. Opting for individual client installations, on the other hand, is much quicker.

The pricing falls within the moderate range.

Overall, I would rate it ten out of ten.