Planning Center migrates from SentinelOne EDR to Kandji, resulting in 7 key improvements
200+
mac computers
1
IT manager
7
key improvements
Designed for churches of every size, Planning Center provides a set of software tools to help churches organize information, coordinate events, communicate with their teams, and connect with their congregation.
Challenges
Data security at Planning Center is a split between two teams with separate and overlapping responsibilities. The IT team manages endpoint security and associated tools, while the Platform Operations team is responsible for network and infrastructure security, including the company’s annual SOC2 audits. Both teams are relatively small—the IT team is a team of one—which means time and resources are at a premium and efficiency is especially valuable.
Despite trying various endpoint protection solutions, the IT team found themselves still searching for that elusive perfect fit.
Malwarebytes: Planning Center found this antivirus to be resource-intensive. It caused slowdowns on endpoints and negatively impacted users.
CrowdStrike: This EDR also proved very resource-intensive on endpoints, causing performance issues, especially for developers. Compile tasks that otherwise took about 5 minutes required 30 minutes or more with CrowdStrike running, as it tried to scan inside every software container used to build code. This 6x increase in compile time was a major issue for their development team's productivity and ultimately led to its removal.
SentinelOne: Planning Center eventually settled on SentinelOne as a less resource-intensive choice for its Mac computers, but it presented other challenges:
- A longer learning curve was required: It took three to six months to get comfortable enough with SentinelOne to use it effectively
- Apple was an afterthought: SentinelOne's interface was less intuitive for managing Apple devices. Apple support felt poorly integrated into its user experience
- Workflows took too much time: Workflows were inefficient and took more time to complete when compared to other products. For example, releasing false positives from quarantine was a routine task that should have taken a few seconds, but it took over 20 clicks and several minutes.
- Support was too slow: The IT team often experienced a lag in getting responses to technical questions. Requests had to weave their way through two or three layers of junior support technicians before getting to someone who could offer a solution. This slowed down the team and made it difficult to troubleshoot time-sensitive problems.
We had difficulty with CrowdStrike and SentinelOne; they were somewhat overloaded. They were difficult to learn, difficult to navigate, and it was hard for a “one-guy team” to manage them.
Topher Ohlin IT Operations Manager
Solutions
Planning Center was already using Kandji’s device management solution to manage their Apple fleet, so migrating to Kandji’s Endpoint Detection & Response from SentinelOne seemed like an obvious way to consolidate solutions and improve efficiency. Full migration happened in 2 steps over 3 weeks:
- Week 1: Gradual implementation on all systems. Initially, Planning Center began with a cross-section of QA, developers and platform teams to test Kandji EDR on their machines. With successful early test cases in hand, they gradually extended support to the IT and Support teams, and finally to all company employees.
- Weeks 2-3: Run the same security tests on both EDR solutions, with Kandji EDR in the front and SentinelOne in the background, to compare detection rates and performance. During the test period Kandji and SentinelOne had identical threat detection performance, which gave the IT department confidence that it delivered an equivalent level of protection on the Apple endpoint.
Kandji EDR was functional within a week and I felt like I had a handle on it before the end of the month.
Topher Ohlin IT Operations Manager
Results
- Faster issue resolution: Releasing false positives from quarantine required only five clicks and a few seconds in Kandji, compared to over twenty clicks and a few minutes in SentinelOne.
- Improved efficiency: The switch to Kandji EDR saved the IT team significant time. They went from spending up to 6 hours to "minutes" each week in their EDR product. All told, the switch to Kandji delivered an approximately 15% reduction in the total time spent managing their endpoint security.
- Less upkeep: Having EDR integrated with MDM in one interface made management easier and reduced the number agents on the device and the number of tools the IT team had to monitor.
- Easier learning curve: The IT team felt confident with Kandji EDR within a month, compared to 3-6 months with SentinelOne.
- Cost-effectiveness: The IT team found that acquiring and operating Kandji EDR was more cost-effective, allowing them to allocate budget to other areas like higher-spec Mac computers for employees.
The support I have received since moving to Kandji MDM and Kandji EDR has been outstanding. Bar none, the best support we have with any of our vendors. Odds are that I'm going to get someone who knows how to answer my question at the first try, in under a minute. I do not have that experience in many places.
Topher Ohlin IT Operations Manager
This led to strategic value for the team in the form of:
- More scalable IT operations: The ease of use and time savings allowed Planning Center to manage their growing company (170+ employees) more effectively with a one-person IT department.
- A better experience for employees: The low impact on end-users contributed to better employee satisfaction with their Macs
While enjoying these improvements, Planning Center IT team reported that Kandji EDR was performing at the same level with SentinelOne on these 3 items:
- Comparable security: Planning Center found that Kandji provided similar levels of protection to SentinelOne in their testing.
- Seamless deployment: The transition was nearly invisible to end users. The IT team mentioned that when they switched from SentinelOne to Kandji, no one was interrupted, and in fact, “no one noticed.
- No performance impact: Users didn't notice any negative impact on their devices. The IT team noted that Kandji EDR was "as lightweight if not more lightweight" than SentinelOne.
Switching to Kandji EDR allowed our team to keep the same IT headcount while the company was growing. If we had continued to use SentinelOne, we may have had to hire a new person to support the company growth and manage the endpoint protection efforts required.
Topher Ohlin IT Operations Manager
Comparison of endpoint resource consumption*
Indicator | CrowdStrike | SentinelOne | Kandji EDR |
---|---|---|---|
Software Compilation Tasks | 30 min | 5 min | 5 min |
Overall comparison*
Indicator | SentinelOne | Kandji EDR |
---|---|---|
Time to Full Deployment and Peak Confidence Level | 3-6 months | 1 month |
Number of Clicks to Release False Positives From Quarantine | 25 clicks, a couple minutes | 5 clicks, a few seconds |
Time IT team spent on the EDR tool weekly | Up to 6 hrs per week | A few minutes per week |
*Lower is better
I couldn't recommend Kandji EDR highly enough. The burden to switch is low and the value proposition is very high.
Topher Ohlin IT Operations Manager
Conclusion
Planning Center was able to grow efficiently and maintain the performance they needed for their workforce while keeping their endpoints secure with Kandji. Their streamlined IT and security operations lowered costs and allowed the IT team to work on projects that could unlock more value for the organization.