Try our new research platform with insights from 80,000+ expert users

RiskIQ Illuminate vs Trellix Network Detection and Response comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

RiskIQ Illuminate
Average Rating
0.0
Number of Reviews
1
Ranking in other categories
Attack Surface Management (ASM) (30th)
Trellix Network Detection a...
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Advanced Threat Protection (ATP) (14th), Network Detection and Response (NDR) (12th)
 

Mindshare comparison

RiskIQ Illuminate and Trellix Network Detection and Response aren’t in the same category and serve different purposes. RiskIQ Illuminate is designed for Attack Surface Management (ASM) and holds a mindshare of 0.2%, down 0.6% compared to last year.
Trellix Network Detection and Response, on the other hand, focuses on Advanced Threat Protection (ATP), holds 4.8% mindshare, down 4.9% since last year.
Attack Surface Management (ASM)
Advanced Threat Protection (ATP)
 

Featured Reviews

SimonClark - PeerSpot reviewer
Able to discover unpatched servers, offers good stability, and scales very well
A low-cost service to evaluate the risk score of a supply chain would be very helpful. This could be useful for insurance companies offering cyber insurance to enterprise customers, providing the insurer with a valuable way to unobtrusively, quickly, and frequently assess their customers and apply appropriate premiums for the level of risk. This would also be useful for enterprises. They could, for example, assess companies prior to a merger or acquisition. What would also be useful for any enterprise would be if their supply chain has some kind of direct digital access to parts of their network.
BiswabhanuPanda - PeerSpot reviewer
Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one
The in-depth investigation capabilities are a major advantage. When the system flags something as malicious, it provides a packet capture of that activity within the environment. That helps my team quickly identify additional context that most other tools wouldn't offer – like source IP or base64 encoded data. We can also see DNS requests and other details that aren't readily available in solutions like Check Point or others that we've tried. The detection itself is solid, and their sandboxing is powerful. There's a learning curve – you need a strong grasp of OS-level changes, process forking, registry changes, and the potential impact of those. But with that knowledge, the level of information Trellix provides is far greater than what we've seen elsewhere. The real-time response capability of Trellix has been quite effective, although it's not very fast. The key is this solution's concept of 'preference zero.' They don't immediately act on a zero-day. For example, the solution has seen a piece of malware for the first time. It'll let it in, then do sandboxing. Maybe after four or five minutes, it identifies that specific file's DNX Secure Store as malicious. At that point, they update the static analysis engine, and it gets detected if anything else tries to download the same file. There is that initial 'preference zero' concept, like with Panda. You may not hold traffic in the network. That's standard in the industry; we don't do much about it. To address that, we also have endpoint solutions. We use SentinelOne in our environment, which helps us identify threats like Western Bureaus and others.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is stable with 12 years of established historical data."
"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."
"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."
"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."
"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."
"I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."
"Support is very helpful and responsive."
"We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. With Trellix, we easily confirmed that there was no lateral network involvement and that nothing else was infected. It helped us correlate the events and feel confident in our containment."
"The server appliance is good."
 

Cons

"A low-cost service to evaluate the risk score of a supply chain would be very helpful."
"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."
"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."
"We'd like the potential for better scaling."
"The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would help in network detection response."
"Technical support could be improved."
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."
"Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard."
 

Pricing and Cost Advice

Information not available
"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."
"The tool is a bit pricey."
"It's an expensive solution."
"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."
"The pricing is a little high."
"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."
"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."
"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."
report
Use our free recommendation engine to learn which Attack Surface Management (ASM) solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
21%
Financial Services Firm
11%
Real Estate/Law Firm
8%
Comms Service Provider
7%
Financial Services Firm
15%
Comms Service Provider
11%
Computer Software Company
10%
Manufacturing Company
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What do you like most about FireEye Network Security?
We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. With Trellix, we easily confirmed that there was no lateral network involvement an...
What is your experience regarding pricing and costs for FireEye Network Security?
While I do not handle pricing directly, it is known that there is a variety of customers with different licensing needs, which depends on the organization's size and policy.
What needs improvement with FireEye Network Security?
The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would help in network detection response. Networking often involves complexity that c...
 

Also Known As

RiskIQ Digital Threat Management
FireEye Network Security, FireEye
 

Overview

 

Sample Customers

DocuSign, Outbrain, The Economist Group, Rackspace, The Citizen Lab
FFRDC, Finansbank, Japan Advanced Institute of Science and Technology, Investis, Kelsey-Seybold Clinic, Bank of Thailand, City of Miramar, Citizens National Bank, D-Wave Systems
Find out what your peers are saying about CrowdStrike, Trend Micro, Darktrace and others in Attack Surface Management (ASM). Updated: April 2025.
848,716 professionals have used our research since 2012.