We performed a comparison between Elastic Security and Trellix Active Response based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The setup is pretty simple."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"The product detects and blocks threats and is more proactive than firewalls."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"The most valuable features are the speed, detail, and visualization. It has the latest standards."
"The visualization is very good."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"The most valuable feature for me is Discover."
"The stability of the solution is good."
"It's a little lighter compared to the older version, which was mostly signature-based."
"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."
"The solution is scalable."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"The support needs improvement."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The solution is not user-friendly."
"There isn't really a very good user experience. You need a lot of training."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"I also expected Active Response 's user interface to be much more analytical."
"There are some components on the cloud that should also reside in the on-prem deployment models but don't."
"While the product is good, we are currently facing support issues."
Earn 20 points
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 59 reviews while Trellix Active Response is ranked 57th in Endpoint Detection and Response (EDR). Elastic Security is rated 7.6, while Trellix Active Response is rated 6.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trellix Active Response writes "Lighter with good stability and pretty good technical support". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Trellix Active Response is most compared with Trellix Endpoint Security (ENS) and Trellix Endpoint Detection and Response (EDR). See our Elastic Security vs. Trellix Active Response report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.