|Carbon Black Defense||CROWDSTRIKE FALCON INSIGHT||CYCLANCEOPTICS|
|Ease of deployment and configuration||cWatch EDR can be deployed through GPO (Group Policy Object) or by remote script execution over Comodo One.||
Nowhere near cWatch EDR
≤ 100 Up to 16 hours
≤ 300 Up to 24 hours
≤ 500 Up to 35 hours
≤ 750 Up to 48 hours
≤ 1,000 Up to 58 hours
≤ 2,000 Up to 67 hours
≤ 3,000 Up to 77 hours
|it is advertised that it can be deployed up to 70k endpoints in a day.
Still not comparable to cWatch EDR
No specific number has been reached.
|SIEM Integration||cWatch EDR is a product of cWatch family and so it provides SIEM integration.||
No in house SIEM tool.
Only over third parties.
|Done through Falcon SIEM connector||Only over third parties.|
|Vendor Supplied IOCs||cWatch EDR comes with a full set of recommended IOCs. In addition to this, customers can define infinitely many number of IOCs to satisfy their needs.||Supports inputting condition based rules but in a very limited way.||Supports inputting condition based rules but in a very limited way.||Heavily depends on AI rather than IOC definitions. It is likely to have outdated software.|
|MSSP Support||cWatch EDR provides full support on SMBs and enterprises with tendency towards managed endpoint security services.||No MSP support.||Does NOT support managed threat hunting.||Does NOT support managed threat hunting.|
|Detection||Carbon Black Defense||CROWDSTRIKE FALCON INSIGHT||CYCLANCEOPTICS|
|Device & File Trajectory||cWatch EDR allows users to track suspicious/malicious processes taking place in an endpoint with full visibility into the events resulted by those processes. In addition, Comodo AEP users can also track blocked and quarantined files.||Does NOT provide where the file has traveled from the aspect of file.||No device trajectory||Provides file and device trajectory.|
|Integrated File Analysis||Very well employed.
Valkyrie deploys two types of technologies - Automatic analysis and Human Expert analysis. The techniques used for automatic analysis include Static Analysis, Dynamic Analysis, Valkyrie Plugins and Embedded Detectors, Signature Based Detection, Trusted Vendor and Certificate Validation, Reputation System and Big Data VirusScope Analysis System.
CrowdStrike does not have a sandbox, but instead uses machine learning.
Cylance is focused on antivirus and employs algorithms as its only detection method
|Full Attack Chain Visualization||
cWatch EDR provides visualization for 3 stages of the attack.
Early warning: Customer defined IOCs and COMODO's recommended rule set flags alerts for suspicious events resulting in reduced dwell time.
Detection: Attack vectors are visualized, and full attack chain can be seen.
Post-detection: Visualizations of the past attacks help accumulate a knowledge base for future attacks.
Provides good enough visibility into the environment.
Lateral movement can be traced as well as the source of the attack vectors.
CrowdStrike does not provide
Needs Improvement on attack chain visualizations.
Lacks summarized data visualizations as well.