Open Source EDR > Questions

homeredconramit · January 4, 2023, 8:01am

Hi, I am a former Endpoint Manager customer but left since it was just too complex.
My environment is a small combined office home (SOHO) network and I might qualify as MSP and I have about 50 clients, phones, tablets, laptops, desktops and a couple of servers to protect.

I am curious as to what the new OS EDR can offer and I would like to get a better explanation and a low tech worded one since I honestly do not understand a lot of the sales pitch on the main site.

What is the cost, given what I stated above?
Can I deploy this on both servers and workstations - android, ios, windows, linux?
What is required in regards to my firewall to be able to manage this centrally?
Where are the management servers located? I am in the EU and very much in to applying GDPR on everything I use. Bit of a wannabe security consultant.

melih · January 4, 2023, 12:02pm

You have two options

Setup EDR yourself using ELK etc and manage it…
Use the Xcitium MSSP platform (where everything is taken care of and all you have to do is click the deploy button)

If you want to run this as a business, then my recommendation would be to use your time for something better than messing around with ELK and managing source code and go with Xcitium MSSP platform.

The whole world is currently going towards offering MDR to their customers…all the MSPs I talk to is gearing up to offer MDR (Managed Detection Response) as a service to their customer base.
They are charging anything between $20-$40 per endpoint per month for this service.
Traditionally the costs of providing MDR has been around $12-$15…just in licenses…never mind human resource cost on top…
However, With Xcitium MSSP your buy price is around $3.25 per endpoint per month!
So now you can start selling full blown MDR service to your customers and charge $30 per month (or even $20) and only pay $3.25 to Xcitium keeping almost 90% of the profit!
This in my book, as a business owner, becomes a no brainer!
This is a HUGE business innovation where Xcitium has now invented a whole new price point for MDR for the channel.
Whoever takes advantage of this disruptive price point, creates a very nice Cybersecurity business for themselves as this is a huge disruptive innovation in the MDR market.

Xcitium has EU servers etc for GDPR.

RT-AMS-ITarian · January 5, 2023, 8:24am

@melih is right!
ITarian have worked hard with Xcitium to bring a new application to our ecosystem called “Xcitium MSSP Platform”; this enables you to have a fully managed security environment from Xcitium via the ITarian platform.

homeredconramit · January 5, 2023, 8:27am

Thanks for the reply, some answers…

I am not a reselling software business, sure in the future perhaps, but as it is now, and judging from your answer my best option might be ELK, whatever that means… Not trying to be cheap, but I need to compare with what I have and I assume each windows, android and ios device would be an endpoint, server or workstation. So with at least 20 devices, including a couple of Windows Servers, that counts towards that it will be more in one month than I pay - admittedly getting less, but almost enough - for my current solution.

I went through the setup vid at openedr.com and also noticed you have a separate community for that so I guess I should go over there eventually…

I always followed Comodo and still use some of the free products, but Itarian was a bit too complex for me. I see in the intro vid some common elements, but also a reworked and possibly simplified interface. I wish you could do a bit more profiling of the policies, like a default setup for different devices usage scenario. I tend to get lost there…

Not unfamiliar to these matters, right now I am using Kaseya with Bitdefender to handle my servers…

RT-AMS-ITarian · January 5, 2023, 8:50am

Hi @homeredconramit

I’m sorry to hear you feel ITarian is too complex; and more than open to hearing why so we can address this.

On the front of Xcitium (new name for Comodo) and ITarian; they are different products and interfaces; but share the same (term used loose as there are differences) Endpoint Manager system and way of doing things on an endpoint.

The profiles you ask for is completely possible, and yesterday a new video was uploaded which detailed how to create a profile in ITarian which can be found here

I hope this helps and explains a bit.

Regards
Robin

homeredconramit · January 5, 2023, 9:00am

Goodie…

I am sure it may be simple enough for people that work with this on a daily basis, it takes time to get used to. I do not. Having said that I really need a better than average security solution for my SOHO.

Someone read my mind about profiles… wait, that’s the same as usual, conf templates. Seen that before.

How does this work in conjunction with a OPNSense SunnyValley firewall? Can I scrap that?

RT-AMS-ITarian · January 5, 2023, 9:52am

Hi @homeredconramit

The profile creation video is a new video displaying and showing the new interface for creating policies for device based settings; these devices include:

Windows based PCs and Servers
Linux based PC’s and Servers (some limitations on features)
Mac based PC’s (some limitations on features)

We also support some basic MDM functionality for:

iOS
Android

As you can see this is 99% an RMM platform with some MDM features added. Our RMM system is starting to see the release of more SNMP based monitors and features from our beta allowing network discovery and monitors which were not shown in the video I linked you to.

A hardware firewall and management solution like OPNSense with SunnyValley installed is something we have not done, and this would be an offering from our partners for security if they had done this; then we would integrate with this to bring the reporting and alerts into our system for central management.

melih · January 5, 2023, 1:09pm

ELK is Elastic search…
You can use the Xcitium Managed (MDR) package, that handles all your security needs and managed by a SOC and its people. (this is a crazy price point for a managed security btw…others in the market charge upwards of $250 a year…)

homeredconramit · January 5, 2023, 2:44pm

Right now it wont let me register. I have sent an e-mail to support.

Probably some issue with my old Itarian account.

I did have an Itarian account for [ the mail ], and when going to Excitium EDR and enroll it tells me that e-mail is already in use.
However, when doing a pwd reset request it is not recognized, nor do I receive any e-mail. Something is obviously wrong, care to check it up?

RT-AMS-ITarian · January 5, 2023, 2:53pm

Hi @homeredconramit

Please make sure when your requesting a password reset that this is done on the correct portal, else you will not get a reset email.

If you registered with Xcitium you will be an Xcitium customer and have their version of the platform which we cannot help you with, but if you registered with ITarian you get the version I have been discussing.

If you have ITarian and you sent an email to support@itarian.com the team will get this resolved for you asap.

homeredconramit · January 5, 2023, 5:44pm

That is actually a bit of an hassle…

The support link on the OpenEDR page takes me to Comodo’s Ticket system.

www.openedr.com >
Get started >
Xcitium Login >
Support link on the page button to https://support.xcitium.com/ >
https://support.comodo.com

I have a working login for the Comodo Ticket system, made a Ticket and they responded to e-mail support@comodo.com

Listen. I was part in building up, worked in and lead a support team for a major automobile brand for almost 15 years. You have work to do.

RT-AMS-ITarian · January 5, 2023, 7:00pm

Hi @homeredconramit

This is Xcitium support not ITarian unfortunately; we are different companies who work together.

I can pass on your issue and frustration to them; but we have no control over them and their systems.

homeredconramit · January 5, 2023, 7:07pm

Thats fine, eventually I’ll get a response, and another link.

Still does not really explain how the Xcitium portal considers my Itarian portal e-mail as a valid and taken address, if they are, as you say, different companies. And fails to reset the password. But I repeat myself, I am sure it will get sorted somehow.

RT-AMS-ITarian · January 5, 2023, 7:18pm

I have our support team looking at this now as well just in case

RT-AMS-ITarian · January 5, 2023, 8:05pm

Hi @homeredconramit

Speaking with the team you have an account on the ITarian platform in the EU region, so you will need the following URL to access the system https://itarian.com/app/

Please see DM for password details on password reset.

If you still have issues or details provided do not work please click here to reset it unaided Comodo Account Management

Hopefully this solves the issue for you.

Regards
Robin

homeredconramit · January 6, 2023, 9:16am

Got that sorted, now to try the Excitium portal

Xcitium Enterprise Platform

This portal does not support your zone. Please click here to change zone

EU

Xcitium Enterprise Platform

And success.

Thanks.

homeredconramit · January 6, 2023, 10:27am

Now I am there

https://community.openedr.com/u/seccon/summary

Trying to find out what part of the interface is EDR and how to allocate seats since it tells me I don’t have any

But I will ask or find out in the relevant places.

melih · January 9, 2023, 11:51am

you don’t need to be doing all this by yourself…
Xcitium has a “White Glove Team” who can walk you through all this… Use them…(there is no charge)

homeredconramit · January 9, 2023, 1:17pm

As I wrote to @RT-AMS-ITarian I run in to a whole new set of issues with my Itarian account that seems to be triggered by my Xcitium registration.

I see now I put that in a PM, not really intentional but Discourse is almost identical whether you reply in a thread or in a PM.

RT-AMS-ITarian · January 9, 2023, 1:39pm

Lots of information sent your way!