- We always hear from Kaspersky customers (I've heard from some SentinelOne customers too) how it's easier to deploy their endpoints using network discovery (they first discover all machines in their network, without the need for AD) and sending endpoints remotely through the console. I think this should be looked into carefully, because the reality is - at least where we operate - that customers are more concerned from an operational point of view rather than security. They understand products are "similar" securitywise, so they are looking for products that make their life easier. Most of our deployments are using GPO, but we have potential customers that either do not have AD or are not willing to use it for endpoint deployment. Remote Deploy feature always bring customers concerns because we need to disable Defender on machines prior the deploy. I think there's room for improvement.
- Same thing for PC Inventory. They love Kaspersky because they can dinamically keep tabs on which PCs they have, CPU specs, RAM, softwares installed, etc. Again, operational point of view. With Harmony they understand they'll have better security, but they are going to increase man hours to operate it, losing operational features from Kaspersky.
- Another feature they love is the ability to disable the endpoint on the end user machine for 10 minutes using a password. It's easier to debug problems that happen. With Harmony we either give this option to the user (no need for a password or timers) - not optimal - or we need to create a policy with everything disabled and put this machine on this policy, but it takes time for the policy to update and sometimes they forget to take the machine out of the policy. Not optimal too.
- Customers always find it confusing to work with a lot of different client versions. We've seen that the evergreen client is on the roadmap and this is something they always ask about.
- Focused support: we also often hear complaints about the endpoint causing issues (they are very diverse, it's hard even to specify) that are solved as soon as the endpoint is removed. It's hard to argue with them that it wasn't the endpoint's fault. From this point we need to collect CPinfo and whatnot, but the TAC case always takes more time to reach a conclusion than the customer is willing to wait. Most of the times a change of version is recommended, which is considered by customers as a bland solution. Sometimes even to reach a conclusion that it was not endpoint's fault, just for us to install it again and experience the same issues. A revamped debug/analysis of clients issues would be very much welcomed.
For now this is what comes to mind, I'll keep you posted if I remember anything else.