Microsoft Sentinel vs Trellix ESM comparison

Microsoft and Trellix are both solutions in the Security Information and Event Management (SIEM) category. Microsoft is ranked #2 with an average rating of 8.4, while Trellix is ranked #22 with an average rating of 7.6. Microsoft holds a 10.8% mindshare in SIEM, compared to Trellix’s 0.8% mindshare. Additionally, 93% of Microsoft users are willing to recommend the solution, compared to 75% of Trellix users who would recommend it.

Microsoft Sentinel

Read 89 Microsoft Sentinel reviews

23,840 Views
13,739 Comparison Views

93% willing to recommend

Trellix ESM

Read 36 Trellix ESM reviews

3,011 Views
1,160 Comparison Views

75% willing to recommend

Microsoft Sentinel

Trellix ESM

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

Trellix ESM and Microsoft Sentinel are two comprehensive security management solutions. Microsoft Sentinel stands out with superior features, making it worth the investment.

Features: Trellix ESM provides advanced threat detection and response capabilities, integration with various security tools, and comprehensive reporting functionalities. Microsoft Sentinel offers seamless integration with Azure services, advanced AI-driven analytics, and extensive scalability. Users find Microsoft Sentinel's features more valuable for enterprise-level security management.

Room for Improvement: Trellix ESM users suggest enhancements to threat intelligence integration, more user-friendly configurations, and better user interface design. Microsoft Sentinel users request improvements in log retention policies, alignment with non-Microsoft services, and more detailed documentation. Trellix ESM requires more work on intelligence integration while Microsoft Sentinel needs to refine its retention policies and documentation.

Ease of Deployment and Customer Service: Trellix ESM's deployment process is straightforward, and it offers reliable customer support. Microsoft Sentinel, while also easy to deploy, benefits significantly from integration with Azure’s ecosystem. Some users report delays in customer service from Microsoft. Trellix ESM excels in customer support, while Microsoft Sentinel benefits from smoother integration within the Azure environment.

Pricing and ROI: Trellix ESM offers competitive setup costs and a solid return on investment through its advanced threat management capabilities. Microsoft Sentinel may come at a higher initial cost but delivers a higher ROI due to its scalable and efficient security features. Users feel the investment in Microsoft Sentinel pays off with its advanced capabilities.

To learn more, read our detailed Microsoft Sentinel vs. Trellix ESM Report (Updated: October 2024).

Buyer's Guide

Microsoft Sentinel vs. Trellix ESM

October 2024

Download the complete report

Helped 814,649 peers since 2012

Categories and Ranking

Microsoft Sentinel

Ranking in Security Information and Event Management (SIEM)

2nd

Average Rating

8.2

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (5th)

Trellix ESM

Ranking in Security Information and Event Management (SIEM)

22nd

Average Rating

7.4

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of November 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 10.8%, down from 12.8% compared to the previous year. The mindshare of Trellix ESM is 0.8%, down from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Featured Reviews

Nitin Arora

Security Delivery Senior Analyst at Accenture

Nov 2, 2022

Gives us one place to investigate and respond to threats, and automation eliminates manual work

They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.

Read full review

Daniel Durian

Senior Information Security Manager at a real estate/law firm with 10,001+ employees

Aug 19, 2024

Helps to monitor and detect cyberattacks

I use Trellix ESM to monitor inbound communication from known threat hosts and detect cyberattacks. It's also useful for outbound communication, but we block threat communication via a firewall The tool's effectiveness depends on how you define your log sources. To build visibility of incoming…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."

"The analytic rule is the most valuable feature."

"Sentinel has reduced the work involved in the event investigation by quite a lot."

"The machine learning and artificial intelligence on offer are great."

"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."

"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."

"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."

"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."

More Microsoft Sentinel pros

"The solution's technical support is great."

"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."

"Trellix ESM is very user-friendly."

"The product’s most valuable feature is log monitoring."

"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."

"The most valuable feature in ESM is its search and reporting feature. It's really nice."

"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."

"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."

More Trellix ESM pros

Cons

"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."

"We are invoiced according to the amount of data generated within each log."

"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."

"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."

"The only thing is sometimes you can have a false positive."

"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."

"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."

"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."

More Microsoft Sentinel cons

"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."

"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."

"The product's stability is an area of concern where improvements are required."

"The solution needs to improve case management. The UI is confusing."

"There should be support for multitenancy in the product."

"The product is mature and needs little improvement, but we could enhance the customized dashboarding based on use cases."

"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

"Product-wise, adding accounts on a single data source by batch would be a really great help."

More Trellix ESM cons

Pricing and Cost Advice

"Sentinel is a pay-as-you-go solution. To use it, you need a Log Analytics workspace. This is where the logs are stored and the cost of Log Analytics is based on gigabytes... On top of that, there is the cost of Sentinel, which is about €2 per gigabyte. If a customer has an M365 E5 license, the logs that come from Microsoft Defender are free."

"The combination of the ease of accessibility and the free cost of the service is great. But we buy storage based on our events per second and on how many sources are integrated into the solution."

"I'm not happy with the pricing on the integration with Defender for Endpoint. Defender for Endpoint is log-rich. There is a lot of information coming through, and it is needed information. The price point at which you ingest those logs has made a lot of my customers make the decision to leave that within the Defender stack."

"Microsoft can enhance the licensing side. I feel there is confusion sometimes... They should have a single license in which we have the opportunity to use the EDR or CASB solution."

"Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."

"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

"It is priced fairly given the value that you get from the use of the product. The biggest mistake people make with Microsoft Sentinel is not understanding the pricing model and the amount of data that they are going to be running through the tool because you are paying based on the flow. You are paying based on the amount of data that is moving through the tool. People do not plan, and therefore, they get surprised by the cost associated with using the tool. They connect everything because they want to know everything, but connecting everything is very expensive."

"Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."

More Microsoft Sentinel pricing and cost advice

"The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."

"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."

"We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees."

"It is an inexpensive product. We purchase its yearly license."

"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."

"The product is slightly expensive."

"The pricing is fair."

"The cost is dependent on the customer's environment and requirements."

More Trellix ESM pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

814,649 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

10%

Government

Manufacturing Company

Educational Organization

74%

Financial Services Firm

Computer Software Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

See all answers

What do you like most about McAfee ESM?

The solution's technical support is great.

See all answers

What is your experience regarding pricing and costs for McAfee ESM?

Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar.

See all answers

What needs improvement with McAfee ESM?

The product is mature and needs little improvement, but we could enhance the customized dashboarding based on use cases.

See all answers

Comparisons

AWS Security Hub vs Microsoft Sentinel

Compared 20% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 10% of the time

Cortex XSIAM vs Microsoft Sentinel

Compared 7% of the time

Wazuh vs Microsoft Sentinel

Compared 6% of the time

Google Chronicle Suite vs Microsoft Sentinel

Compared 5% of the time

More Microsoft Sentinel Competitors

Splunk Enterprise Security vs Trellix ESM

Compared 25% of the time

ArcSight Enterprise Security Manager (ESM) vs Trellix ESM

Compared 19% of the time

LogRhythm SIEM vs Trellix ESM

Compared 17% of the time

IBM Security QRadar vs Trellix ESM

Compared 12% of the time

Graylog Security vs Trellix ESM

Compared 5% of the time

More Trellix ESM Competitors

Product Reports

Buyer's Guide

Microsoft Sentinel

October 2024

Download Microsoft Sentinel product report

Buyer's Guide

Trellix ESM

October 2024

Download Trellix ESM product report

Also Known As

Azure Sentinel

McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager

Learn More

Microsoft

Video not available

Trellix

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Make your organization more resilient and confident with Trellix Security Operations. Filter out the noise and cut complexity to deliver faster, more effective SecOps. Integrate your existing security tools and connect with over 650 Trellix solutions and third-party products.

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport

Buyer's Guide

Microsoft Sentinel vs. Trellix ESM

October 2024

Free Report: Microsoft Sentinel vs. Trellix ESM

Find out what your peers are saying about Microsoft Sentinel vs. Trellix ESM and other solutions. Updated: October 2024.

DOWNLOAD NOW

814,649 professionals have used our research since 2012.

See our Microsoft Sentinel vs. Trellix ESM report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.