Netwrix Endpoint Protector Reviews

We use it for detecting the traversal of data through endpoints. We keep a multi-tier isolated environment, so we have inner and outer cordons of access control. And over VPN, users could potentially be one of the exfil points, at least the privileged ones with access. Being able to identify when information enters the system and leaves, based on a number of complex criteria, because we work with medical information from all over the world, is the purpose of it in our organization.

The solution is all on-premises. We're a healthcare organization, and that's actually one of the reasons we use it. We can't have a lot of our security functionality in the cloud.

We operate a Waterfall scene mechanism. We trickle up data from a bunch of different endpoint and network solutions to a central event and processing correlation mechanism. We're able to detect when somebody accesses data internally and correlate that to a DLP event when a file lands on their system. It actually provides a data point within our global view. It's an ongoing operation.

We also use it to monitor all clipboard activity. When a detection occurs, we can generally identify it pretty quickly, but someone would have to be copying some pretty specific data to match the policies we've created. When it occurs, we know. Generally, it's also in the line of business. We have healthcare analysts here, and that's what they do all day.

There are effectively two areas of DLP to look at from a technical perspective. One is how it performs the pickup of information traversing the system and the other is how the policy engine, which analyzes the data, works. On the first aspect, CoSoSys is probably best of breed for macOS because they're reasonably well-integrated into the operating system. They're looking at the file system operations level, not at the execution level. Whereas things like Forcepoint are looking at the applications being run and they try to apply policy to that. The pickup paradigm is a lot better than their competitors.

The search for keywords, in our security operations, is critical and we use Endpoint Protector for that. We're a HITRUST-certified organization, and one of the things we need to do is be aware of the movement of personally identifiable health information. Since we work multi-nationally, we have to be able to identify PHI from across different countries and their different medical coding standards.

Another valuable feature is the  Content Aware Protection. We use the device thing to some degree, but it's the Content Aware Protection that's critical for us. That's the aspect of it which is DLP. The content protection engine is what detects the data when it's traversing, and the rest of it is other ways to lock down the system from being able to move data in and out. But the detection aspect of it, that's the really key part for us, because we have to be able to record that, even if it's completely legitimate.

It's quite easy to manage DLP in a hybrid environment because you have the centralized server that receives telemetry from all of the agents. And because that's what's forwarding the telemetry on to subsequent log ingests, you get a single data stream across all of the agents. We also have host intrusion detection, which is backing a lot of this stuff for us. We have full command execution logging in every machine. Every command that is run is recorded. We can cross-correlate very tightly between the DLP and what's being done on the machine itself. That way, we know execution and data movement.

We use the role-based access features, for the teams that administer it, to some degree, because we have an auditing agency that reviews our policy compliance. It's satisfactory. We don't have complex requirements for it. We've got a couple of internal admins with equal privileges and then we have an auditor role. It seems to work fine.

The policy engine could use a bit of work. They're definitely going in the right direction. We've been working with them over the last few weeks to try and optimize that. But it's reasonably clear that they're just not putting as much effort into the policy engine as into other things, like content discovery.

It's somewhat lacking in terms of the granularity of the policies that you can create. Because this is a Mac environment, you have slim pickings. You have really good detection mechanisms, like Code42, but a lot of those players don't operate at the medium business size. So, in terms of the market segment, CoSoSys is really the only player that will be able to still effectively pick up on it, so they're the only game in town on policy. They don't really have much competition in this segment.

I've been using CoSoSys Endpoint Protector for two years.

The stability has been quite good. They did have one shaky patch cycle in the last two years, but compared to the ginormous mess in this industry right now, they're definitely doing better than most.

The scalability works for our use case. It's actually quite resource-light for what it's doing. Being an OSSEC author, I'm writing a C application that does a lot of the same stuff for processing of live-streaming, textual telemetry. They did a lot of optimization work to make this efficient. It's an expensive operation, inherently. What they're doing is really CPU-costly. Most of the time they don't match on anything, and the worst thing that an expression engine can do is not find anything.

We are constantly growing. We're probably going to be growing by 30 or 40 percent again this year. We're going to have to bump up our license counts.

Our experience with their technical support has been better over the last year. Initially it was a little bit shaky, but they've definitely gotten better. There's always room to improve, but on a scale of one to 10, they're probably at a six or seven. They're doing better than the rest of the industry, like Cisco for example, which is a one out of 10.

We did not have a previous solution.

We just used a Zen appliance, so it was incredibly straightforward; it was effectively drop-in.

Configurations are ongoing. As we get new data in, we do continue to configure. And, obviously, with updates and new features and features being removed, changes are made all the time, but the initial deployment took about half a day.

Our implementation strategy was to understand our data first. We do a lot of in-house software development, so we understand regular expressions, pattern matching, and mechanisms like that; what's expensive and what's cheap. We defined what was identifiable in our data, figured out an identification strategy and policy mechanism first, and then went to implement it across the board. We knew that the number of endpoints we had was relatively small.

In terms of the staff employed in the deployment, we're probably not typical. We hire top-tier talent. Everybody here starts out well into the six-figure range. So it takes one of us to deploy this. We're not your average shop.

In terms of maintenance, there's the occasional update. There is almost no downtime. The hypervisor is more unstable than the VM itself.

We have about 100 people using Endpoint Protector across our organization. It's literally everybody in the organization, including me and the CTO and the CEO. We're all beholden to this. There are no exceptions.

You get ROI in the first year. Endpoint Protector is a facet of our visibility into the environment, but it's a daily-use facet. It's like the passenger-side mirror on your car; you use it all the time. You could probably live without it, but you use it all the time. It's a necessity and it's a useful one. It's one that I endorse within our company to relicense every year.

Pricing is quite reasonable. For smaller organizations, it lets them get into the product domain, whereas a lot of vendors won't even talk to them. Endpoint Protector is just about at that sweet spot of being serious enough that you have to budget for it, but at the same time, affordable enough that the value is well worth it.

I work across the industry. I've used just about every solution. In the Mac space, CoSoSys is probably the market leader, because of the level of detail that they've put into the platform is very significant. They really did bother to optimize it and to make it run efficiently. A lot of these tools are afterthoughts on Mac and, if they do run at all, they destroy the machine. When you have a bunch of engineers trying to code, they notice.

This solution is right up there with Forcepoint Data Loss Prevention and Digital Guardian, but Code42 Next-Gen DLP is probably the closest comparable thing. But that is not a data loss prevention tool, it's just an identification and tagging tool. But it has a very similar semantic of pickup and analysis. 

Endpoint Protector is in the same market space as Forcepoint, in terms of pricing, but it's an apples-to-oranges comparison. Forcepoint is pretty well-known for having a good policy engine, but their detection and pickup mechanism, especially on the Mac platform, is just not practical. I can walk around it in my sleep. Again, we hire highly-talented engineers who can do the same thing, so if one of them decided to go rogue on us, Forcepoint just wouldn't help.

In my private practice, I work with a lot of other firms, including some design firms that are Mac-based and, as they start to ramp up their security—because they're now becoming vectors of attack into their own customer bases—this product is definitely something that's on the radar.

The ability to lock down a wide variety of USB devices is a secondary thing for us, because we do central policy management through another solution, so we have devices locked down through other policy engine mechanisms. But it is very convenient how CoSoSys has implemented it. That ability is definitely on the list for us but not at the top because for us, for policy regulatory compliance, we have to be able to tell when the data is moving in and out. That's the big thing we look at.

In terms of Endpoint Protector's support for Windows, macOS, and Linux, in our case, Linux is a non-starter. We operate big-data clusters. DLP just doesn't work in that context. The information is broken out into multiple pieces and spread all over the environment and traverses between the nodes as part of computation. DLP can't work in that kind of technique. As far as the Windows mechanisms go, we currently don't have Windows workstations or any Windows assets. I'm a red-teamer by trade, one of the people who gets paid to break into places, and Windows has a shared authentication model, meaning that if I compromise one of your servers or workstations, I can basically move unfettered throughout your network. Our environment is a mix, a heterogeneous environment, so that attackers would have to adapt to every different point they want to compromise.

Overall, Endpoint Protector really provides what you expect from it. There are no huge surprises one way or another. If you do your research, it's exactly what they say in their advertisements. They are not promising things they can't deliver. It does its job well.

We use it primarily for endpoint protection. We have to be SOC 2 compliant. We have a number of standards that we have to abide by for HIPAA reasons and SOC 2 reasons, which is why we initially put it in place, but we mostly use it for endpoint protection and MDM.

We have access to some healthcare data, at times, which means that we have to follow very strict guidelines. So we need the endpoint protection.

I like the main dashboard. It's very intuitive. 

The offline temporary passcode solution is really easy to use for both the backend administrator and the users.

The granularity of the policies that you can create is pretty sufficient. We haven't had to make any super-granular policies. I understand what its capabilities are, and it is really nice to know that if we have to crack down and be a little more strict on our policies, Endpoint Protector provides those features.

It also provides us with the ability to lock down a wide variety of USB devices, which is pretty important because we don't want certain data accessed. It does a really good job when it comes to the versatility of the exit points it supports, making sure that important data does not leave our organization.

Endpoint Protector also provides a single platform to support Windows, macOS, and Linux, although we don't use Linux, we just use Windows and Mac. It makes it pretty easy for me to manage DLP in such a hybrid environment. I find it intuitive. It's pretty vital that it supports Windows and macOS because we use both types of computers in our company. It provides Zero day protection for macOS.

There are times when the server needs to be updated, and it would help if I got a notification for when the newest version comes out, because at the moment, I'm going in every now and then and checking. Sometimes it comes out and I didn't know it had come out. It would be super-helpful if I got a notification saying, "It's time to update the server."

I've been using CoSoSys for a little more than two years.

It hasn't changed much since we started using it, so I haven't really found myself having to adapt or learn anything new. It has served all the purposes that we've purchased it for, so it's pretty stable.

We have such a small team that scalability hasn't really been an issue at this point. It's easy enough for me to manage it on my own. We have fewer than 50 employees, and somewhere between 50 and 60 computers, so I haven't really encountered any scalability issues. We've adopted it 100 percent.

For the most part, their technical support has been really responsive and good about setting up time to go over things. They have been pretty timely, in general.

We didn't have anything in place before.

It's really easy to install. I had to do most of them in person. At the time, most of us were in the office, so I just had folks drop off their computers at my desk for 15 minutes while I set it up. Some took less than 15 minutes. We do have some remote workers, and I used Zoom which has a remote screen option.

It was done over the course of a couple of days, because I had 50-something devices to do.

I don't know if Endpoint Protector has this kind of feature, because I didn't need to use it. But if I had more than 50 computers, it would have been really time-consuming to do the implementation. It wasn't that bad for me, but any more than 50 computers would be a little bit of a hassle.

Our return is that it serves the purpose that we need it for.

The pricing model changed the last time that we renewed, but it's reasonable compared to what's out there.

Choosing a solution was a discussion that happened before I was in the mix. I don't know if other solutions were discussed before this one was decided upon. I do know that it was something that another employee had used before and she recommended it. I don't know if a lot of other research went on or they just said, "Okay, since someone knows it and they've used it, we'll use it too."

In terms of feature parity between Windows and macOS, with Windows it takes a lot longer to install, but that's really the main difference.

I was looking for a DLP solution and Endpoint Protector happened not only to help with that, but also with the USB management piece. As a credit union we have a lot of sensitive data, so we need to be able to see it at rest and block it, and not only on-premises, but off-premises as well. A lot of people work remotely now and this solution is really working for me because once the endpoint is on there, I'm still in control.

I've seen, through all my policies, how exit points get blocked. The eDiscovery is one of the important things in Endpoint Protector. That's been working a lot for me, especially with the remote users. The eDiscovery allows me to see data outside of the network.

I have policies right now with eDiscovery for social security number, credit card, member number, and I created a duplicate SSN. So it's finding anything where that agent is installed, anything from the computer. It's finding all that data and it's reported to me.

I don't have a single most valuable feature. Every feature is really working for me. One of the reasons I bought it was for the USB block, but that's not as much a use case anymore since I have a lot of people working remotely. It's the DLP part that is more important to me right now, to pinpoint the data that's getting moved.

The granularity enables me to not only see a file, but to read inside the file and pull out the data inside it. The granularity is really pretty good on that. It's very important. Let's say somebody just exported a file or emailed a file or uploaded a file on the internet. Seeing the inside of the file is really important to me. Whether it's encrypted or not, I still can see inside the file.

I'm the only admin on it, but the role-based access is fine. I have one user that I give access to so he can just see device control and that's it. That's all I need him to see. I was able to do that, so I'm pretty happy with the role-based access.

I use the solution's clipboard granularity feature to monitor copying and pasting to specific exit points, and it works great. People are trying to get the data any way they can, from the clipboard and things like that. I'm able to see it, report on it, and block it.

I've been using Endpoint Protector for going on two years now.

I'm pretty impressed with its stability.

I don't see any issues or limitations with scalability. As long as you have the license, everything should be fine.

I'm managing about 300 devices right now.

One of the areas where there is room for improvement is support. It takes time for them to respond. They need to respond on time. Instead of sending an email, I think it would be very helpful to say, "Let's set up a WebEx to see what's really going on," instead of the back and forth of email.

I didn't replace any solution with this one. I was looking for a USB management solution. I have competitors like ManageEngine, but when I happened to find Endpoint Protector, with the USB and the DLP side of it in one solution, it was good to have that in one platform. I was going to have to find another DLP solution to be able to manage all this.

The initial setup was straightforward for me. They have good documentation, so if you follow everything it should be fine.

My deployment took a month. The implementation strategy for the solution was to set it up, deploy it to a couple of test machines, and see how it was behaving. Once that was done, I deployed it to everybody.

It doesn't require any maintenance on my side, other than when the updates come available. I get them installed and that's it.

I deployed myself.

I have definitely seen return on the investment when it comes to satisfying my auditors. I can show them I'm looking at all these things. And I'm protecting the credit union at the same time. It's really all worth it.

I don't have any issue with the licensing and pricing. I would love for it to be cheaper, but at the same time I'm getting a lot from it.

Compared to a lot of the USB management systems out there, Endpoint Protector is the only one that comes with true USB management and the DLP side of it. I'm pretty impressed because I've used several solutions with DLP and USB management, and I've never seen granularity like this solution has.

I haven't seen any solution like Endpoint Protector. Everybody says, "USB management: We can control, we can block, etc." And you have other solutions that are DLP only. Having it all in one place is really helpful. Not only do I have the USB management side, but I can come back and say, "All right, what's in that USB? What sensitive data is in there?"

I'm in a Windows environment, but I see it does MacOS, Windows, open sources. It has all of that on the platform.

I'm not using the EasyLock USB Enforced Encryption app to automatically encrypt confidential data transferred to USB storage devices. I'm more monitoring it. But I have the option of force it to encrypt.

Overall, I've never seen a solution with this much granularity. I didn't expect that. I did the demo, but it was only when I actually put in my environment and saw things and said, "Oh, wow." The reporting and the analysis have provided a lot of lessons learned. I didn't think I could get that much information.

We use it to block USB and any external devices for read-write. We only allow people to read an external device, not to write to an external device, unless we approve it. Our main reason is that we have 30 percent of our workforce working globally around the world. In addition, a lot of them do not have WiFi access, as they are working in the desert. We needed an application that allows us to unblock or block something by giving a code and could be sent by WhatsApp or SMS.

It's hosted on the cloud, then deployed to workstations. This is a portal from the vendor that we have access to where we can see and remove the agent.

Once you put a policy in place, you can see if somebody is trying to access something, even if it's not allowed and will not go through. In IT, we need to make sure that we think first before applying the rules that we do want. We have different groups levels of access. Once you have done this correctly, then it definitely stops any misuse of data and leaks. However it is not the software. It's you, as the administrator, who has to make sure that the profiles are set up correctly.

Sometimes, we have engineers who are in the desert taking pictures with an external camera, etc., and they need to send these pictures ASAP to our online portal for reporting. These devices are normally blocked. We can then very quickly (within seconds) open up this device for a certain time to be fully accessible. Then, we do not have to worry about it because the policy will kick in after the period that we have given. This helps us a lot when people are onsite doing reviews of company sites and they need to send a report. It also gives us control of what people can access at that moment, because most of our field engineers have zero access to any external devices. They are only given the device once we decide, "Yes, they need it and for how long."

We are a pretty small company. We only have an IT engineer who administers everything along with myself. We don't have a big IT team; it's only one engineer and me. The access is great because we can do it from home. We don't need to be inside the company since all of it is cloud-based.

There are a lot of features, but the main feature is that I can use a device serial number to unlock any particular machine or for all machines. If I have a phone, like a Samsung phone, I can whitelist that specific phone for full access wherever it is plugged into any of our devices. This is the same with a USB, because most USBs come in bulk and have the same serial number. I can then whitelist that particular USB to be read-write with full access.

When you want to uninstall and reinstall, there are a lot of issues. You have to do a lot of workarounds to reinstall Endpoint Protector. This is a major issue that we have constantly because we still have old systems with XP. While there are only very few, we need to run them because there are machines attached that only run on XP. When we need to uninstall and reinstall on XP or Windows 10, we have serious issues left in the Registry Editor everywhere. There is a lot of manual interference to get the reinstallation to work. For the uninstallation of Endpoint Protector, they need to work on this so it doesn't leave any leftovers behind.

We have been using it now for a little bit over one year.

The stability is very good. I had no downtime nor any other issues. It doesn't require a lot of maintenance from our side. We don't need to go, and make sure, "Is it running or is it not running?"

Even if people are not in our LAN, it's still protected. We have tested it in various locations.

If you ever need more devices, it would be very easy to get more licenses within 24 to 48 hours.

We are using 162 licenses.

If we have an issue, their support is great. They come back normally within the same day with either a solution or remote session to assist us.

We have rarely used Endpoint Protector support directly. We have very good connections with the reseller, who has a technical support that normally responds within the same day, or at least by the next day.

We had GFI EndPointSecurity, which was a good solution. I can't say anything bad about it. However, GFI stopped developing the product. For our use of just blocking external devices, it was very good, but Endpoint Protector is quite a bit better and has many more features. Even if GFI would come back, I would not go back to them because I'm extremely happy with the functionality of Endpoint Protector.

The initial setup is very straightforward.

Because our current system is from a different vendor, we needed to have minimum downtime. When we switched the old one off, we needed to switch the new one on instantly. The groundwork was done before the old one was switched off, then deployed over the weekend. Things worked absolutely fine. We had very few systems which didn't take the implementation. They were mostly those which were not online, but the rest of them worked smoothly.

Our reseller assisted us in our initial deployment by setting up some basic rules and helping us to understand how it works. From there, we took over. They were extremely good in their technical knowledge of the system.

It all depends on how the reseller supports this installation. We had a very good overview by our reseller and support during the installation. I found the installation very straightforward and quick, but that all depends on your reseller and how good they are trained. This process was very technical for us. The reseller assisted us in switching over within two days from the old system to the new one.

It is a software where I always want it installed, then up and running. The only time that you need to look at or interfere with it is when new agents are coming in, so you can deploy them. 

It has a fair price. They just changed recently from perpetual licensing. When I bought it, I bought it on perpetual license, then they changed the whole company policy to go to subscription. It was a bit of a shock to us because we haven't upgraded it that many times. However, after speaking to CoSoSys directly, they gave us a very good renewal price.

There are many vendors out there who do protection access of external devices. However, I haven't found any vendors, other than Endpoint Protector, who let you enable or disable the device without being on a WiFi, Internet, or just by giving a code. That was our main thing because maybe 30 percent of our workforce are around the world or somewhere in the desert with extremely weak Internet connections. This solution is a very good option where you can just send them an SMS code. Then, the code that we create depends on what we say, for example, "Should they have access for the whole day or 10 minutes?" Afterwards, I don't have to double check if the system is blocked. 

Have a look at a good demo. You will see the benefits of the system. We only use it for device blocking, but there are so many other features. It depends what you want out of Endpoint Protector. An overall demo of its capabilities will let you see that it is worthwhile.

There is an application out there that does multiple things in one go. We looked only at blocking off other devices, but we are rethinking that. Next year, we will be looking to buy usage of all the other features. It would be nice to have one application that does multiple things in one go, which normally other people would use several applications and software subscriptions to do the same thing. 

There are so many policies that we have not even had time to explore all of them.

We don't use the EasyLock USB Enforced Encryption app to automatically encrypt confidential data transferred to USB storage devices. Instead, we have a secure online storage called FileShare, similar to Dropbox, but only for us. This way, people don't save it on their USB and actually have to send it directly. They can only then send it from the camera into their desktop or laptop. Then, from the laptop, they send it directly into our cloud system.

I would rate this solution as a nine out of 10.

We primarily use the solution for DLP. 

I have not found any valuable features.

I bought it for my Windows, Linux, and Mac platform. Frankly speaking, I'm not happy with the product. The reason is that they have not tested the product in their environment. You can't really install it on any endpoint, because you never know what will happen.

I have faced issues which shouldn't be related to this product. This product is purely a DLP, so it should only protect my data. I don't know what is happening with their agent or what is happening with the software, but it messes up my endpoint. For example, people are facing bandwidth issues. Before I deployed this on an endpoint, people were getting internet speeds of 40 or 50 Mbps. After deploying it, that would come down to 10 Mbps. And if I uninstalled the agent, it would go back to 50 Mbps.

In my experience, they claim their product is very good, but I don't think so.

Software should be such that if you deploy it on any machine, it should not come up with issues. If it is blocking things I can understand that the engine behind the software is very good. But it is blocking things that are not required to be blocked.

The major challenge was my Linux environment, and that is why I took this product—to get it deployed on my Linux machine. But if I want to deploy it on Linux 1, 2, or 20, or some other Linux distribution, I need to reach out to the support team to get the agents. If I have paid for licenses, they should be on the portal so I can download all the different versions freely.

If I want to install it on any machine, I need to give the version of that machine and they will give me the agent. You don't know whether that agent is the latest one or not. And if you face challenges you have to go back to the support team again and say, "I have deployed it and I'm facing this issue." They will give you another version. I can't tell you all the challenges we have faced. I have not deployed it on a single Linux machine, and it was for Linux that I bought this product. I have just put it on Windows, because on Windows I am facing fewer issues compared to Mac and Linux.

It is not a straightforward installation or a straightforward configuration, for me or the end-user.

I bought Endpoint Protector six months back.

If you talk about the server on which the application is running it's very stable. But if you talk about the agents, I have already explained how many issues I'm facing.

Whenever we contacted support they would give us a resolution and we would apply it. One issue would get resolved but another issue would come up. It's like they considered us as a tester of their application.

In our company, we provide infrastructure services. People have their own environments on their endpoints. If they come across issues, every time we talk to support they tell us to show them the environment. It is not easy for us to get a developer to give control of his or her machine to CoSoSys support in order to showcase the issue.

I mentioned one point to the support team: "Please provide us the latest version of your product." That is how it happens with all products. If your company has come up with an updated version, you should reach out to your customers. Either publish it on your website, saying that you have a new version or new agent, or send an email to all your customers. When I put this comment on the ticket, the feedback I got from a support engineer was, "Please mention this to your account manager." He should not have said that. The support team should have gone to the management team and told them about the feedback they were getting from the customer. They should have said to management, "We need to incorporate these things into the system."

I never ever tell my clients to reach out to my management if they have issues. I'm here to address those issues. If I'm unable to do that, then I will reach out to my management to tell them this customer is facing these issues and we need to address them as a high-priority.

After that, I reached out to my account manager from whom I bought this product and I told him to escalate this issue. I said, first of all, that the tech team should reach out to the customer with the latest version. And secondly, that the support guy who told me to reach out to management should not have done that. The account manager escalated it to someone but I didn't get a call back on that topic.

It's a very serious matter. I was expecting a response from the account manager or from some senior person, but I never ever heard anything from the company.

It has not been so easy to get the support that I paid for. I should get prompt support during that year.

A colleague who works with another company bought this product and he told me about it. The one thing I liked about this product was because it is for Mac, Linux, and Windows. If you go for other companies like Forcepoint or Symantec Endpoint Protection, they only give you a solution for Windows and Mac. In our company, we are about 60 percent Linux, 30 percent Windows, and 10 percent Mac.

The server setup is very easy. They have an appliance and you just decide where you want to set it up. They give you some image files. You attach that file to your server and your server is ready. After that, you need to put your own efforts into the configuration, because with these guys the support is pathetic.

If they gave it to me for free for the next year I would not go for this product. Pricing is one thing, but if they are not giving me a full, usable product, pricing hardly matters.

I have seen a demo of Forcepoint. Although it is not meant for Linux, rather for Windows and Mac, it is very easy to use. I'm thinking that if I had bought Forcepoint at least I would be okay with my Windows and Mac. Now I'm worried about all the three operating systems and I have paid a very handsome amount for the product.

In my previous company I was using Symantec and that is a wonderful product. But Linux was the challenge.

I'm just waiting for the renewal. I will not use it again in the future.

DLP means blocking something, and I have not blocked anything. If you look at my configuration, I'm just reporting things in case something happens so I can fetch the logs and show them to management. But I don't want to face an embarrassing situation in front of management, because we are in the software service. We have proper SLAs. But if management comes to me and says, "Why didn't you guys block this?" I will not have any answer.

If I knew that support was fantastic, that if I did something and I got stuck I could reach out to support and they would help me out immediately, then I would try. But if I deploy something and I come across some issues, I don't know how much time these guys will take: two days, three days, or five days. They have no SLA. We are a startup but we have proper SLAs with our end-users and clients.

If CoSoSys made some improvements in their product and to their support, no doubt it could be very good. The product is forward-looking, in my opinion, which is a requirement nowadays. But because of the pathetic support and their internal team not doing proper testing of their product... Previously, people used to work only on Windows. But now people are mainly working on Mac or Linux. And now, because of the COVID-19 situation, people are working from home and it is necessary to deploy this product on endpoints to save company data.

I use the Endpoint Protector to monitor what the users or employees are doing. I monitor employee data like what they are sending, who they are sending it to, and what kind of data they're sending.

If I want to check that data, I can download it. I am checking the backup of the Endpoint Protector data weekly. If I want to monitor previous things, I can do that with the backup of the software.

It's important to create policies to protect my company data. If I create a policy that only our attachments go through our domain, only our attachments get through and not from Google, Yahoo, and others. It's blocking attachments effectively while providing me with an alert if I included an alert policy.

Endpoint Protector by CoSoSys has some valuable features. The role-based access features for the teams that administer it is good.

The granularity of the policies is good. The versatility of exit points is good. It also supports both macOS and Windows.

A lot of things can be improved. Especially customization could be a lot better.

Sometimes there are issues like when I write a policy to block finance sites. It also blocks the banking sites I have not included. Sometimes it also blocks commands I send to the machine while using Matrix software. 

Whenever this happens, I have to go into the software and choose the packet inspection option or something similar. Then I have to send the command again to the machine, and if it doesn't work, I have to contact the support team. These are some of the issues I have dealt with.

I have been using the Endpoint Protector by CoSoSys for over six months. 

The stability, reliability, and availability of Endpoint Protector by CoSoSys is good.

Endpoint Protector by CoSoSys is scalable and that's why we use it.

The support is excellent. I got responses promptly, just like the vendor stated. If I email or call support, they are ready to assist me.

Previously, we used Symantec Endpoint Protection, but the customer support wasn't good. I also inquired about Symantec Endpoint Protection and found out from our local vendors that the support wasn't good, and they recommended CoSoSys.

I installed CoSoSys in my system and tested it for two to three days. I made some policies like data blocking policies, mail blocking policies, attachment blocking policies, and all kinds of policies we need in our company. I tested it and felt very good about it and purchased the license.

The initial setup and deployment are very easy. You can download the database directly, and you can purchase the license. After that, you can download the ETP client to install it. That's all you have to do.

The deployment takes about two hours. The company had a deployment plan and strategy, and I did the rest. 

I implemented the Endpoint Protector by CoSoSys all by myself. 

The price of Endpoint Protector by CoSoSys is more or less the same as other competing solutions.

I have installed Symantec Endpoint Protection previously, and the response wasn't good. That's why I moved to CoSoSys DLP. Before CoSoSys DLP, I checked another software, but I found it wasn't a DLP.

If you need a good DLP software to protect your data, I recommend that you go for CoSoSys without any second thought. 

Endpoint Protector by CoSoSys is a versatile solution. The important thing is to protect the data, and it does that well. I have blocked all USB connections from the users via CoSoSys Endpoint Protector. 

It's very easy to use, just download the database from the internet directly, and after getting the license key, we can install and connect to the internet. Once you purchase the license, it's very easy, and 4GB of RAM and 150GB hard disk is enough for this data.

On a scale from one to ten, I would give Endpoint Protector by CoSoSys a ten.

We have a multi-platform environment, mainly Linux and Mac.

We installed a client in our client PCs and we have a management server in the same network. So we control the workstation through that management control, we mainly enable the Endpoint Protector function for blocking USBS and other physical ports, and we have some policies to restrict data passing from one PC to another PC. Those are the main features we are using.

Endpoint Protector almost fulfills our requirements; by 60%. Compared to other solutions we feel better with CoSoSys. 

We are a research center, so control is very important for us. We don't have any in-house solutions for Mac and Linux, so CoSoSys is a very important tool for us to control and ensure our internal security. This is a very important function.

During lockdown time we needed to deploy some new policies and rules. We faced problems all the time. We communicated with CoSoSys'  technical teams and we generated support tickets. They supported us as much as possible. During that period they helped us a lot.

Because we are using it for security purposes, there is no direct impact value, but it is saving our data. That is very important. It's almost like an insurance policy.

We are happy and satisfied with the solution. When we face any problem, we contact the CoSoSys technical team support directly and they support us as much as possible.

CoSoSys provides a single platform to support Windows, MacOS and Linux. We are using hybrid deployment docs, but we're only using Linux and a Mac, not Windows.

It manages the DLP. It is easy to manage the DLP between MacOS and Linux. This is very important for us because we don't have any sort of in-house solution for data collection for the Linux and Mac environment. We are fully dependent on CoSoSys.

We are not using encryption, because the encryption depends on the server and on many other things, which will cause us to face problems.

Additionally, it has granularity features to copy, paste, and do other things.

Between PCs, there is no control, but we are interested when data is transferred to outside the PCs. At those times we use CoSoSys. CoSoSys can control most of this part.

It has absolutely, 100% helped to reduce important data from going out of our organization.

Some CoSoSys features do need to be improved. For example, in Linux a user can remove a getent anytime. There is no control there on the file structure in Linux. So if this solution could give us information on what users removed in the dashboard, it would help us. If CoSoSys applied this sort of improvement, it would help us a lot.

We have been using Endpoint Protector for two to three years.

Endpoint Protector is a very stable product.

We manage it directly and when we face any issues, we directly contact CoSoSys. There is no third party. When purchasing we use a third party for payment and other purposes as it is overseas payment, so we can't pay directly.

We are licensing from a reseller, but all our support is directly through CoSoSys.

Right now we have about 400 developers using this solution, with one person managing it and one as backup. It does not require too much manpower to manage this team.

Their support is very good. We have had very good experiences with them.

They have been responsive and they're generally knowledgeable. They always support us when we request it.

The initial setup is simple, not complex.

The initial setup did not take much time. It is a very lightweight application and it runs very smoothly. It actually took less than half a minute to setup.

You just need to install and sync with the management service and it work in the background as an agent. It is automatically up and working in the background.

The first time we needed to configure and set up synchronization and the next times, for any changes we may need, we need to apply it in the server and sync with both of them.

Prior to deploying it, we had some strategies. We set our purpose, our policy, and then based on this policy, we deployed it.

We think the pricing is very reasonable.

We searched Digital Guardian and some other solutions. We found CoSoSys is the most suitable for us.

CoSoSys completely allows combined work in Windows, Linux, and Mac and the synchronization between server and client is very easy. In addition, creating exceptions is very easy in CoSoSys compared to other solutions.

I work in Samsung, so we have many subsidiaries all over the world. Gradually we are explaining to them that we are using this solution in Bangladesh and we are expecting more organizations in Samsung to use this solution.

We have a platform to communicate with each other and share our experiences. So if any offices in Samsung begin using this process it would allow us to develop these things for Samsung more closely.

On a scale of one to ten I would give Endpoint Protector an eight. Our experience using Endpoint Protector for security purposes is very good.

We have been implementing and designing solutions with CoSoSys as a part of the Host level DLP (Data leak prevention) solution. Our major cause is to provide a solution to protect data being leaked by their users, knowingly, via any application or software like web browsers, email, SaaS applications, drive, etc., or any hardware devices through MTP/PTP (mobile phones, wifi, USB, cd/floppy, printer, or ay such devices

We have successfully implemented this solution in multiple customer environments, PAN India.

We have implemented this solution for protecting our data that may be leaked by users for their personal use.

Our concern for data protection came into the picture during the pandemic phase (COVID-19), where users were performing critical business operations from their homes. At that moment, it was observed that data needs to be protected.

We were searching for data protection solutions on Google during the time, where Endpoint Protector popped up. We connected with their team, implemented the same in our environment initially for testing purposes, and then implemented it in our environment and then in our customer's network.

The most valuable features are Device Control, Content-Aware Protection, Enforced Encryption, and eDiscovery.

Device control is a module of CoSoSys EPP where we get granular rights and controls for protection of data getting leaked from any hardware devices like USB drives, Storage media, Wi-Fi, printers, etc.

Content-Aware Protection prevents users from uploading or sharing the data or files/documents with others through any application or software like web-browsers, email, file-sharing, or remote application software. It can even prevent users from taking and/or sharing screenshots or clipboard data.

Enforced Encryption is used when you want to have only permitted or restrictive devices connecting to user systems.

eDiscovery is another module where an IT admin can find a file/resource/path/folder present in a user's system.

As a host DLP solution, it has granular controls and features. It misses Network level DLP and SaaD DLP offerings. If CoSoSys comes up with a suite of Host DLP, along with Network DLP and SaaS DLP, it will cover all of the aspects of a DLP solution.

Various other products provide us a complete suite of solutions covering Host, Network, and SaaS aspects. Examples of these are Forcepoint and Digital Guardian.

I have been deploying and presenting this solution to multiple customers, since April 2020.

There are areas where CoSoSys supports more than other vendors do. For example, they offer support for Windows, Mac, and Linux platforms, which not all of the other vendors provide.

The initial setup and installation of the server were very simple.

We implemented in-house using the admin guide that was provided.

This is a budget-friendly solution that covers all the aspects of host-level DLP.

The primary use case is to prevent data loss and data breaches from employees using endpoints such as workstations or notebooks.

They gain a lot of visibility over file transfers and user activities. For example, a company can detect when a user copies sensitive company files to an external drive. With this visibility, security is enhanced, and any unauthorized attempt to handle sensitive data can be blocked.

The most valuable aspects of the solution is the device control, which manages any portable device connected to the endpoint, and content-aware protection, which controls data in motion from the endpoint to outside, like when users try to upload data to a web browser or an instant messaging application.

Currently, for additional applications that need monitoring by the EPP, a request must be made to their technical support. It would be beneficial to add a feature allowing users to manually add applications for monitoring without depending on the vendor.

I have been working with Endpoint Protector for approximately five years.

Generally, they are very helpful when we escalate an issue. However, the time difference can make some discussions and follow-ups challenging as their working hours are based on U.S. time, while we work on Indonesian time. There's a seven-hour difference.

Positive

I have not worked with any other DLP solution before Netwrix Endpoint Protector.

I am not sure about the pricing since I handle the technical aspects, not the pricing.

I would recommend Netwrix Endpoint Protector to others.

I'd rate the solution nine out of ten.