We performed a comparison between Trellix Endpoint Security and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The common and advanced security policies for threat hunting and blocking attacks are valuable."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"Microsoft Defender XDR is scalable."
"The integration between all the Defender products is the most valuable feature."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"The summarization of emails is a valuable feature."
"The central management console is powerful. You can manage endpoints, DLP, encryption, and all the other features from a single console."
"I have found many of the features to be useful."
"What I like best is the integrated end-to-end security that works with the security information and events manager."
"The endpoint protection and disk encryption features are the most valuable."
"Their malware detection rate is excellent for all type of devices and the anti-theft products are good and easy to use."
"Automatic user recovery prior to Windows booting up."
"Dynamic Application Containment."
"It provides a lot of information and great visibility, with really great options for managing the environment."
"The MITRE ATT&CK correlation is most valuable."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"The product is easy to customize."
"Its cost-effectiveness is the most valuable aspect."
"Wazuh has very flexible and robust features."
"The deployment is easy and they provide very good documentation."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"The licensing is a nightmare and has room for improvement."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"Advanced attacks could use an improvement."
"There are times the solution has some additional software added that is not fully integrated properly, such as Exchange Group Sheild. It is quite old and is not fully integrated properly and could be improved."
"Trellix lacked email protection when it was a McAfee product. They added this feature during the merger with FireEye, but it hasn't been fully integrated. The core features will be integrated into the next release. FireEye has several solutions for EDR and sandboxing."
"The solution's technical support should be improved since we faced a lot of issues with the support. There were some delays in responses from the technical support."
"The solution should provide a more easy way to uninstall it on specific stations."
"It would be helpful if the controlling of connections coming to the PC could be done from McAfee's side so that we can block those connections."
"I would like to have the ability to have more control over the deployment in the next release. If you have this console in the cloud, you cannot make pilot groups for deploying the agents. We only have the current group. So, as soon as you inject the software, it will go directly into production, which doesn't work for us. We need to build up pilot groups slowly. We already requested to have this feature on the cloud, and we are still waiting."
"The solution needs to offer better local technical support."
"I've encountered minor challenges related to encryption."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"While it is scalable, it can suffer from reduced latencies."
"Its configuration process is time-consuming."
Trellix Endpoint Security is ranked 10th in Extended Detection and Response (XDR) with 95 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Trellix Endpoint Security is rated 8.0, while Wazuh is rated 7.4. The top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and Trend Micro Deep Security, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our Trellix Endpoint Security vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.