Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs Trellix ESM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
2nd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
89
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (5th)
Trellix ESM
Ranking in Security Information and Event Management (SIEM)
22nd
Average Rating
7.4
Number of Reviews
36
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 10.8%, down from 12.8% compared to the previous year. The mindshare of Trellix ESM is 0.8%, down from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Nitin Arora - PeerSpot reviewer
Nov 2, 2022
Gives us one place to investigate and respond to threats, and automation eliminates manual work
They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.
Daniel Durian - PeerSpot reviewer
Aug 19, 2024
Helps to monitor and detect cyberattacks
I use Trellix ESM to monitor inbound communication from known threat hosts and detect cyberattacks. It's also useful for outbound communication, but we block threat communication via a firewall The tool's effectiveness depends on how you define your log sources. To build visibility of incoming…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The analytic rule is the most valuable feature."
"Sentinel has reduced the work involved in the event investigation by quite a lot."
"The machine learning and artificial intelligence on offer are great."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The solution's technical support is great."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"Trellix ESM is very user-friendly."
"The product’s most valuable feature is log monitoring."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
 

Cons

"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"We are invoiced according to the amount of data generated within each log."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The only thing is sometimes you can have a false positive."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"The product's stability is an area of concern where improvements are required."
"The solution needs to improve case management. The UI is confusing."
"There should be support for multitenancy in the product."
"The product is mature and needs little improvement, but we could enhance the customized dashboarding based on use cases."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
 

Pricing and Cost Advice

"Sentinel is a pay-as-you-go solution. To use it, you need a Log Analytics workspace. This is where the logs are stored and the cost of Log Analytics is based on gigabytes... On top of that, there is the cost of Sentinel, which is about €2 per gigabyte. If a customer has an M365 E5 license, the logs that come from Microsoft Defender are free."
"The combination of the ease of accessibility and the free cost of the service is great. But we buy storage based on our events per second and on how many sources are integrated into the solution."
"I'm not happy with the pricing on the integration with Defender for Endpoint. Defender for Endpoint is log-rich. There is a lot of information coming through, and it is needed information. The price point at which you ingest those logs has made a lot of my customers make the decision to leave that within the Defender stack."
"Microsoft can enhance the licensing side. I feel there is confusion sometimes... They should have a single license in which we have the opportunity to use the EDR or CASB solution."
"Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."
"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
"It is priced fairly given the value that you get from the use of the product. The biggest mistake people make with Microsoft Sentinel is not understanding the pricing model and the amount of data that they are going to be running through the tool because you are paying based on the flow. You are paying based on the amount of data that is moving through the tool. People do not plan, and therefore, they get surprised by the cost associated with using the tool. They connect everything because they want to know everything, but connecting everything is very expensive."
"Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
"The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."
"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."
"We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees."
"It is an inexpensive product. We purchase its yearly license."
"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."
"The product is slightly expensive."
"The pricing is fair."
"The cost is dependent on the customer's environment and requirements."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Government
8%
Manufacturing Company
8%
Educational Organization
74%
Financial Services Firm
4%
Computer Software Company
4%
Government
3%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What do you like most about McAfee ESM?
The solution's technical support is great.
What is your experience regarding pricing and costs for McAfee ESM?
Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar.
What needs improvement with McAfee ESM?
The product is mature and needs little improvement, but we could enhance the customized dashboarding based on use cases.
 

Also Known As

Azure Sentinel
McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager
 

Learn More

Video not available
 

Overview

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport
Find out what your peers are saying about Microsoft Sentinel vs. Trellix ESM and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.