We performed a comparison between Cisco Secure Network Analytics and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Network Detection and Response (NDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Provides easily identifiable anomalies that you can't see with signature detections."
"The most valuable feature is anomaly detection, where it finds things that are not allowed internally."
"This product alleviates the day-to-day headaches for us, in regards to metrics."
"The most valuable features of this solution are the logging, keeping threats under control, and keeping our data and environment secure."
"The most valuable feature is integration."
"If you are using Darktrace or NAC solutions you can integrate Stealthwatch."
"I believe this solution has reduced our incident response time."
"There are already many functionalities, so I don't think there is anything to improve."
"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."
"The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline."
"The most valuable feature is the network security module."
"Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security."
"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."
"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."
"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."
"The solution can scale."
"I would like to see more expansion in artificial intelligence and machine learning features."
"It would be better to let people know, up front, that is doesn't give you nice, clear information, as seen in the demos, without Cisco ISE installed."
"Stealthwatch needs improvement when it comes to speed."
"Some of our customers find this solution to be a little bit tough because they don't understand how to configure and use it."
"Reliance on Java. Get away from that."
"I think the interface is a little lacking. The interface seems like it just needs to be modernized. It's been the same interface now, ever since I've seen it probably four years ago."
"We've had problems with element licensing costs so scalability is a concern."
"The initial setup was straightforward but required a lot of data entry, to begin with building out the server types and network types."
"The product's integration capabilities are an area of concern where improvements are required."
"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."
"A better depth of view, being able to see deeper into the management process, is what I'd like to see."
"Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier."
"The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless."
"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."
"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."
"It is an expensive solution."
More Cisco Secure Network Analytics Pricing and Cost Advice →
More Trellix Network Detection and Response Pricing and Cost Advice →
Cisco Secure Network Analytics is ranked 3rd in Network Detection and Response (NDR) with 58 reviews while Trellix Network Detection and Response is ranked 7th in Network Detection and Response (NDR) with 37 reviews. Cisco Secure Network Analytics is rated 8.2, while Trellix Network Detection and Response is rated 8.4. The top reviewer of Cisco Secure Network Analytics writes "Increased the visibility of what is happening in our network". On the other hand, the top reviewer of Trellix Network Detection and Response writes "Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one". Cisco Secure Network Analytics is most compared with Darktrace, Cisco Secure Cloud Analytics, ThousandEyes, Vectra AI and Arista NDR, whereas Trellix Network Detection and Response is most compared with Fortinet FortiSandbox, Palo Alto Networks WildFire, Fortinet FortiGate, Zscaler Internet Access and Darktrace. See our Cisco Secure Network Analytics vs. Trellix Network Detection and Response report.
See our list of best Network Detection and Response (NDR) vendors.
We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.