Try our new research platform with insights from 80,000+ expert users

Arista NDR vs Trellix Network Detection and Response comparison

Arista and Trellix are both solutions in the Network Detection and Response (NDR) category. Arista is ranked #10 with an average rating of 9.0, while Trellix is ranked #12 with an average rating of 7.4. Arista holds a 4.8% mindshare in NDaR, compared to Trellix’s 1.8% mindshare. Additionally, 100% of Arista users are willing to recommend the solution, compared to 97% of Trellix users who would recommend it.
Arista NDR
Read 14 Arista NDR reviews
  • 2,029 Views
  • 1,278 Comparison Views
100% willing to recommend
Trellix Network Detection a...
Read 38 Trellix Network Detection and Response reviews
  • 435 Views
  • 290 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Nov 6, 2024

Trellix Network Detection and Response and Arista NDR compete in the field of network security solutions. Trellix appears to have the upper hand in advanced malware detection capabilities, whereas Arista benefits from its strong real-time network traffic analysis and visualization features.

Features: Trellix offers advanced malware detection capabilities, deep packet inspection, and strong sandboxing technology. It effectively detects zero-day vulnerabilities and intrusions. Arista NDR provides comprehensive real-time network traffic analysis, high-fidelity anomaly-based detections, and superior visualization capabilities for quick threat identification.

Room for Improvement: Trellix faces challenges with user configuration flexibility and lacks comprehensive integration with other security vendors. It needs a more user-friendly interface and better advanced analytics. Arista NDR requires a stronger market presence, especially in the Middle East, more engineering resources, and improvements in customer support and integration options.

Ease of Deployment and Customer Service: Trellix is typically deployed in hybrid cloud environments with options for on-premises and public cloud, providing flexibility. Users report high satisfaction with technical support, rating it 9/10. Arista NDR focuses on on-premises deployment with hybrid cloud options and has a slightly lower customer service satisfaction rating of 8/10, noting areas for improvement.

Pricing and ROI: Trellix’s pricing is considered high compared to some competitors, but customers value its comprehensive threat detection capabilities, noting substantial ROI through effective threat prevention. Arista NDR offers competitive pricing with reasonable costs given its robust capabilities, with users noting positive returns through improved security and threat identification.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Arista NDR vs. Trellix Network Detection and Response Report (Updated: December 2024).
Buyer's Guide
Arista NDR vs. Trellix Network Detection and Response
December 2024
Download the complete report
Helped 824,053 peers since 2012
 

Categories and Ranking

Arista NDR
Ranking in Network Detection and Response (NDR)
10th
Average Rating
9.0
Reviews Sentiment
7.6
Number of Reviews
14
Ranking in other categories
Network Traffic Analysis (NTA) (6th)
Trellix Network Detection a...
Ranking in Network Detection and Response (NDR)
12th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
38
Ranking in other categories
Advanced Threat Protection (ATP) (15th)
 

Mindshare comparison

As of December 2024, in the Network Detection and Response (NDR) category, the mindshare of Arista NDR is 4.8%, down from 5.4% compared to the previous year. The mindshare of Trellix Network Detection and Response is 1.8%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Network Detection and Response (NDR)
 

Featured Reviews

reviewer1506834 - PeerSpot reviewer
Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT
One concern I do have with Awake is that, ideally, it should be able identify high-risk users and devices and entities. However, we don't have confidence in their entity resolution, and we've provided this feedback to Awake. My understanding is that this is where some of the AI/ML is, and it hasn't been reliable in correctly identifying which device an activity is associated with. We have also encountered issues where it has merged two devices into one entity profile when they shouldn't be merged. The entity resolution is the weakest point of Awake so far. Even without that it's useful because with the MNDR team, they'll at least do some of that work for us and then we can follow up on certain things. But that is something that we would want to see improved. Because we have the MNDR team, in some ways we don't work as hands-on with the interface itself as we did before. But another thing that would be helpful would be easier ways to integrate it with other systems. The integrations seem to exist, but they're a little weak in terms of how easy they are to set up, or what kind of information can be pulled in. That's something they've said that they're working on, as part of their roadmap, but that is something that I would like to see improved.
Read full review
BiswabhanuPanda - PeerSpot reviewer
Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one
The in-depth investigation capabilities are a major advantage. When the system flags something as malicious, it provides a packet capture of that activity within the environment. That helps my team quickly identify additional context that most other tools wouldn't offer – like source IP or base64 encoded data. We can also see DNS requests and other details that aren't readily available in solutions like Check Point or others that we've tried. The detection itself is solid, and their sandboxing is powerful. There's a learning curve – you need a strong grasp of OS-level changes, process forking, registry changes, and the potential impact of those. But with that knowledge, the level of information Trellix provides is far greater than what we've seen elsewhere. The real-time response capability of Trellix has been quite effective, although it's not very fast. The key is this solution's concept of 'preference zero.' They don't immediately act on a zero-day. For example, the solution has seen a piece of malware for the first time. It'll let it in, then do sandboxing. Maybe after four or five minutes, it identifies that specific file's DNX Secure Store as malicious. At that point, they update the static analysis engine, and it gets detected if anything else tries to download the same file. There is that initial 'preference zero' concept, like with Panda. You may not hold traffic in the network. That's standard in the industry; we don't do much about it. To address that, we also have endpoint solutions. We use SentinelOne in our environment, which helps us identify threats like Western Bureaus and others.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It gives us something that is almost like an auditing tool for all of our network controls, to see how they are performing. This is related to compliance so that we can see how we are doing with what we have already implemented. There are things that we implemented, but we really didn't know if they were working or not. We have that visibility now."
"Other solutions will say, "Hey, this device is doing something weird." But they don't aggregate that data point with other data points. With Awake you have what's called a "fact pattern." For example, if there's a smart toaster on the third floor that is beaconing out to an IP address in North Korea, sure that's bizarre. But if that toaster was made in North Korea it's not bizarre. Taking those two data points together, and automating something using machine-learning is something that no other solution is doing right now."
"The security knowledge graph has been very helpful in the sense that whenever you try a new security solution, especially one that's in the detection and response market, you're always worried about getting a lot of false positives or getting too many alerts and not being able to pick out the good from the bad or things that are actual security incidents versus normal day to day operations. We've been pleasantly surprised that Awake does a really good job of only alerting about things that we actually want to look into and understand. They do a good job of understanding normal operations out-of-the-box."
"This solution’s encrypted traffic analysis helps us stay in compliance with government regulations. It is all about understanding data exfiltration, what is ingressing and egressing in our network. One common attack vector is exfiltrating data using encryption. My capabilities to see potential data exfiltration over encrypted traffic is second to none now."
"When I create a workbench query in Awake to do threat hunting, it's much easier to query. You get a dictionary popup immediately when you try to type a new query. It says, "You want to search for a device?" Then you type in "D-E," and it gives you a list of commands, like device, data set behavior, etc. That gives you the ability to build your own query."
"The interface itself is clean and easy to use, yet customizable. I like that I can create my own dashboards fairly easily so that I can see what is important to me. Also, the query language is pretty easy to use. I haven't needed to use it a ton, but as I need to go in and do different queries based on their requests, it has been fairly simple to use."
"Arista NDR's scalability is very good, making it easy to add more hardware components. You can order additional hardware and integrate it by stacking it with the existing setup. This feature cannot be seen in other NDR tools."
"The most valuable feature is the ability to see suspicious activity for devices inside my network. It helps me to quickly identify that activity and do analysis to see if it's expected or I need to mitigate that activity quickly."
More Arista NDR pros
"The installation phase was easy."
"Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats."
"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."
"We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up."
"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."
"We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. With Trellix, we easily confirmed that there was no lateral network involvement and that nothing else was infected. It helped us correlate the events and feel confident in our containment."
"The solution can scale."
"The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline."
More Trellix Network Detection and Response pros
 

Cons

"I enjoy the query language, but it could be a bit more user-friendly, especially for new users who come across it... They should push it more into a natural language style as opposed to a query language."
"When I looked at the competitors, such as Darktrace, they all have prettier interfaces. If Awake could make it a little more user-friendly, that would go a long way."
"I would like to see a bit more in terms of encrypted traffic. With the advent of programs that live off the land, a smart attacker is going to leverage encryption to execute their operation. So I would like to see improvements there, where possible. Currently, we're not going to be decrypting encrypted traffic. What other approaches could be used?"
"I would like to see the capability to import what's known as STIX/TAXII in an IOC format. It currently doesn't offer this."
"There's room for improvement with some of the definitions, because I don't have time and I'm not a Tier 4 analyst. I believe that is something they're working towards."
"Arista NDR needs to open legal offices to be closer to customers and partners. It needs more visibility in the NDR market in the Middle East. While they are doing well, they lack sufficient engineers. They need to hire more engineers to meet the demand and expand their presence. The current team is good but not enough to fully capture the market."
"One thing I would like to see is a little bit more education or experience on AWS cloud for their managed services team. We've explained how we have the information set up, that the traffic coming in goes to the AWS load balancer and then gets sent on to our internal servers... but when I get notices they always tell me this traffic is coming from the IPs belonging to the load balancers, not the source IPs. So a little bit more education for their team about how AWS manages the traffic might help out."
"Be prepared to update your SOPs to have your analysts work in another tool separately. There are some limitations in the integrations right now. One of the things that I want from a security standpoint is integration with multiple tools so I don't need to have my analysts logging into each individual tool."
More Arista NDR cons
"It is an expensive solution."
"The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless."
"As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web)."
"Technical support could be improved."
"The solution's support needs to improve their support."
"A better depth of view, being able to see deeper into the management process, is what I'd like to see."
"Stability issues manifested in terms of throughput maximization."
"Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use."
More Trellix Network Detection and Response cons
 

Pricing and Cost Advice

"The solution has saved thousands of dollars within the first day. Our ROI has to be in the tens of thousands of dollars since October last year."
"We switched to Awake Security because they were able to offer a model that was significantly less expensive and the value that we get out of it is higher."
"Awake's pricing was very competitive. It's not a cheap option though. It's an investment to utilize it, but it's one that we decided was worth the cost, with the managed services. At our scale, it was a much better option to utilize their software and their managed services to handle this, rather than hiring another person to be an analyst. It was quite cost-effective for us."
"The solution is very good and the pricing is also better than others..."
"The pricing seems pretty reasonable for what we get out of it. We also found it to be more competitive than some other vendors that we've looked at."
"Because I represent a hedge fund, I have some leverage. I told them that they had to meet my conditions if they wanted me as a client. It was the same way with Awake. They wanted an initial four-year agreement. Initially, we signed on for a one-year contract, but they wanted the four-year deal when it came time for the renewal. I told them that I was not doing that. I said that they either had to do it on my terms, or I'd go somewhere else."
"Awake Security was the least expensive among their competitors. Everyone was within $15,000 of each other. The other solutions were not providing the MNDR service, which is standard with Awake Security's pricing/licensing model."
"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."
"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."
"It's an expensive solution."
"Pricing and licensing are reasonable compared to competitors."
"The tool is a bit pricey."
"When I compare this solution to its competitors in the market, I find that it is a little expensive."
"The pricing is a little high."
"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."
More Trellix Network Detection and Response pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.
See recommendations
824,053 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
10%
Government
8%
Educational Organization
8%
Financial Services Firm
19%
Comms Service Provider
10%
Manufacturing Company
9%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Arista NDR?
Arista NDR's scalability is very good, making it easy to add more hardware components. You can order additional hardware and integrate it by stacking it with the existing setup. This feature cannot...
See all answers
What is your experience regarding pricing and costs for Arista NDR?
The tool's pricing is expensive but it is competitive.
See all answers
What needs improvement with Arista NDR?
Arista NDR needs to open legal offices to be closer to customers and partners. It needs more visibility in the NDR market in the Middle East. While they are doing well, they lack sufficient enginee...
See all answers
What do you like most about FireEye Network Security?
We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. With Trellix, we easily confirmed that there was no lateral network involvement an...
See all answers
What is your experience regarding pricing and costs for FireEye Network Security?
The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced. It's a bit on the expensive side, but we don't want to compromise with cheap, less r...
See all answers
What needs improvement with FireEye Network Security?
The solution's support needs to improve their support.
See all answers
 

Comparisons

Vectra AI vs Arista NDR Logo
Vectra AI vs Arista NDR
Compared 21% of the time
Trend Micro Deep Discovery vs Arista NDR Logo
Trend Micro Deep Discovery vs Arista NDR
Compared 16% of the time
Cisco Secure Network Analytics vs Arista NDR Logo
Cisco Secure Network Analytics vs Arista NDR
Compared 15% of the time
Palo Alto Networks Advanced Threat Prevention vs Arista NDR Logo
Palo Alto Networks Advanced Threat Prevention vs Arista NDR
Compared 13% of the time
More Arista NDR Competitors
Fortinet FortiSandbox vs Trellix Network Detection and Response Logo
Fortinet FortiSandbox vs Trellix Network Detection and Response
Compared 19% of the time
Palo Alto Networks WildFire vs Trellix Network Detection and Response Logo
Palo Alto Networks WildFire vs Trellix Network Detection and Response
Compared 16% of the time
Vectra AI vs Trellix Network Detection and Response Logo
Vectra AI vs Trellix Network Detection and Response
Compared 9% of the time
Darktrace vs Trellix Network Detection and Response Logo
Darktrace vs Trellix Network Detection and Response
Compared 8% of the time
More Trellix Network Detection and Response Competitors
 

Product Reports

Buyer's Guide
Arista NDR
December 2024
Arista NDR reportDownload Arista NDR product report
Buyer's Guide
Trellix Network Detection and Response
November 2024
Trellix Network Detection and Response reportDownload Trellix Network Detection and Response product report
 

Also Known As

Awake Security Platform
FireEye Network Security, FireEye
 

Learn More

Arista
Video not available
Trellix
 

Overview

Arista NDR (formerly Awake Security) is the only advanced network detection and response company that delivers answers, not alerts. By combining artificial intelligence with human expertise, Arista NDR hunts for both insider and external attacker behaviors, while providing autonomous triage and response with full forensics across traditional, IoT, and cloud networks. Arista NDR delivers continuous diagnostics for the entire enterprise threat landscape, processes countless network data points, senses abnormalities or threats, and reacts if necessary—all in a matter of seconds. The Arista NDP platform stands out from traditional security because it is designed to mimic the human brain. It recognizes malicious intent and learns over time, giving defenders greater visibility and insight into what threats exist and how to respond to them. 

The Advent of Advanced Network Detection and Response & Why it Matters

The 5 Levels of Autonomous Security paper

Detect the undetectable and stop evasive attacks. Trellix Network Detection and Response (NDR) helps your team focus on real attacks, contain intrusions with speed and intelligence, and eliminate your cybersecurity weak points.

 

Sample Customers

- Dolby Laboratories- Seattle Genetics- ARM Energy- Ooma- Prophix- Yapstone
FFRDC, Finansbank, Japan Advanced Institute of Science and Technology, Investis, Kelsey-Seybold Clinic, Bank of Thailand, City of Miramar, Citizens National Bank, D-Wave Systems
Buyer's Guide
Arista NDR vs. Trellix Network Detection and Response
December 2024
Free Report: Arista NDR vs. Trellix Network Detection and Response
Find out what your peers are saying about Arista NDR vs. Trellix Network Detection and Response and other solutions. Updated: December 2024.
DOWNLOAD NOW
824,053 professionals have used our research since 2012.
See our Arista NDR vs. Trellix Network Detection and Response report.
See our list of best Network Detection and Response (NDR) vendors.

We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.