Try our new research platform with insights from 80,000+ expert users
RiaanDu Preez - PeerSpot reviewer
Senior Cyber Security Specialist Architect at Cyberlinx
Reseller
Top 5Leaderboard
Has behavior monitoring, DLP, and access control
Pros and Cons
  • "The most useful features are behavior monitoring, DLP, and access control. The automation has gotten much better in the last two years than when it was McAfee. It works better now and integrates more smoothly."
  • "I'd like the tool to become more like an XDR, with one management system and endpoint activation."

What is our primary use case?

I've used Trellix EDR to improve endpoints and servers' security and feed into MDR solutions.

What is most valuable?

The most useful features are behavior monitoring, DLP, and access control. The automation has gotten much better in the last two years than when it was McAfee. It works better now and integrates more smoothly.

What needs improvement?

I'd like the tool to become more like an XDR, with one management system and endpoint activation.

For how long have I used the solution?

I have been using the solution for seven years. 

Buyer's Guide
Trellix Endpoint Detection and Response (EDR)
November 2024
Learn what your peers think about Trellix Endpoint Detection and Response (EDR). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.

What do I think about the stability of the solution?

Sometimes, stability issues come from incorrect partner deployments, not Trellix EDR itself.

What do I think about the scalability of the solution?

I rate the tool a seven out of ten. To improve it, I'd like a cloud-based management system where I only need to put a correlator at the client's site, as CyberArk does. The best setup would be cloud management, a manager in a VM, and super agents on endpoints.

How are customer service and support?

My opinion about technical support might be biased because I have direct access to top-level senior staff. I know some people struggle with support if they go through normal channels.

How would you rate customer service and support?

Positive

How was the initial setup?

Setting up the solution is easy for me because I've been in cybersecurity for almost 30 years, but new users might find it hard. Depending on the client's needs, it can be set up on-premises, in a private or hybrid cloud, or fully in the cloud. Setting it up can take a few days for small environments or months for big companies with thousands of endpoints.

What's my experience with pricing, setup cost, and licensing?

Pricing is a problem in South Africa. It could be cheaper here. The rand-to-dollar exchange rate makes it expensive for us. A 25 dollar endpoint cost becomes quite significant when converted to rand.

What other advice do I have?

Our clients are usually medium-sized and enterprise businesses. Overall, I would recommend Trellix EDR to others. I'd rate it eight and a half out of ten. No EDR or XDR solution gets a nine from me right now because they all have room for improvement. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Senior Vice President IT at a tech services company with 11-50 employees
Reseller
Top 5
A scalable solution that provides a one-click recovery of encrypted files and excellent threat-hunting features
Pros and Cons
  • "The product provides a one-click recovery of encrypted files."
  • "The CPU utilization of the product is quite high compared to its competitors."

What is most valuable?

The product provides a one-click recovery of encrypted files. Threat hunting is marvelous.

What needs improvement?

The product must improve the ability to work with different operating systems like Windows and macOS. The CPU utilization of the product is quite high compared to its competitors. The agent file size is higher. The number of services that run on a system is quite high. Other EDR solutions have only a single service running on it.

For how long have I used the solution?

I have been working with the product from the day of inception. I am using the latest version of the solution.

What do I think about the stability of the solution?

The stability is good. I rate the stability a nine and a half out of ten.

What do I think about the scalability of the solution?

I rate the tool’s scalability a ten out of ten. The solution is suitable for small, medium, and large enterprises.

How are customer service and support?

The support is great.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is simple. It can be done in a couple of days. The solution is cloud-based.

What's my experience with pricing, setup cost, and licensing?

The product’s aggressiveness in competing with the competitor's pricing is almost nil. The pricing is always high. I rate the pricing a three and a half out of ten.

Which other solutions did I evaluate?

We can compare the tool with SentinelOne and CrowdStrike. Kaspersky and Trend Micro cannot compete against the solution.

What other advice do I have?

People must always evaluate the product first. They must see the difference in manageability and flexibility of the licenses. They must also consider the manageability and flexibility of the software before making a decision. Overall, I rate the solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Buyer's Guide
Trellix Endpoint Detection and Response (EDR)
November 2024
Learn what your peers think about Trellix Endpoint Detection and Response (EDR). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
Sampath Acharya - PeerSpot reviewer
Technical Associate at Valuepoint Systems
Reseller
Top 5
Helpful to detect malware and threats
Pros and Cons
  • "The most valuable feature of the solution is its area for threat detection."
  • "When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required."

What is our primary use case?

I use the solution in my company for malware detection. My customers are mostly banking and government organizations.

What is most valuable?

The most valuable feature of the solution is its area for threat detection.

What needs improvement?

When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required.

The tool's support needs to improve in the areas of response it provides to users.

For how long have I used the solution?

I have been using Trellix Endpoint Detection and Response (EDR) for two and a half years.

What do I think about the stability of the solution?

Stability-wise, I rate the solution an eight out of ten.

What do I think about the scalability of the solution?

Scalability-wise, I rate the solution an eight out of ten.

How are customer service and support?

I rate the technical support a seven and a half out of ten.

How would you rate customer service and support?

Neutral

How was the initial setup?

The solution is SaaS-based, and we have deployed it using the hybrid cloud model.

The tool's deployment phase is a lengthy process. For one endpoint, it takes 15 to 20 minutes.

What was our ROI?

The tool is cost-effective. Many agents need to be installed, and on-premises integration is required.

What other advice do I have?

I haven't worked on the tool to see how it works for security workflow.

My customers have not seen any challenges while working with Trellix Endpoint Detection and Response (EDR) in terms of integrations.

The tool does not support any AI and security initiatives.

The tool is suitable for enterprise companies.

If businesses are completely on the cloud, then the tool is not required. If a company has a hybrid cloud model with an on-premises model, then it will be a good tool to use.

I rate the tool an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
PeerSpot user
Bernard Van Den Heuvel - PeerSpot reviewer
Professional Services Manager at Concanon LLC
Real User
Top 10
A user-friendly and integrated solution that includes EDR and antivirus
Pros and Cons
  • "The biggest strength of the solution is that it's an integrated product that includes EDR and antivirus."
  • "Some modules that are doing machine learning and artificial intelligence are blocking our processes."

What is our primary use case?

We're looking at the logs, and the customer defines the solution's use cases.

What is most valuable?

Trellix Endpoint Detection and Response is a user-friendly solution. The biggest strength of the solution is that it's an integrated product that includes EDR and antivirus. It's not like you have different technologies for different solutions.

What needs improvement?

Some modules that are doing machine learning and artificial intelligence are blocking our processes.

For how long have I used the solution?

I have been using Trellix Endpoint Detection and Response for one year.

What other advice do I have?

Overall, I rate Trellix Endpoint Detection and Response an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Abdullah Al Hadi - PeerSpot reviewer
Information Security Engineer at Nhq Distribution Ltd
Real User
Top 5Leaderboard
Helps to detect and identify critical management activities with dashboard to analyze data
Pros and Cons
  • "The dashboard makes it easier and more effective to analyze data."
  • "The dashboard is split across different platforms. For example, if you want information on Incident Detection, you have to access one dashboard, and for DLP reporting, there's a separate platform. This fragmentation means you can't access everything from a single dashboard."

What is our primary use case?

We use the solution to detect and identify critical management activities. Within the network level, you can understand what is happening in the environment. Organizations using complex systems for various purposes can easily identify shared activity within the environment. There is a detection base that allows us to identify and manage threat events. The solution also includes licenses for forensic investigations of any attack that occurs. Details can be found within the platform's release at the end of the month or whenever needed. Any Trellix malware activity will be displayed on the dashboard, and the moderating services will be integrated into everything we have built.

What is most valuable?

The dashboard makes it easier and more effective to analyze data. It also allows us to access the AWS analytics and system features in one place. If we need to find specific details about an endpoint, we can determine what is happening and how any organization is affected by the data provided.

What needs improvement?

The better approach is to apply the necessary improvements to make the dashboard more effective and user-friendly. If simplified, users can investigate issues in more detail by clicking on the relevant sections. Making it simpler would enhance understanding and improve the investigation process. Customers currently using the system can view everything on a single dashboard, which is very effective for understanding all scenarios and activities.

Customers rely on a single platform When they notice an incident, response, or attack. In SOC analysis teams, especially in banks or traditional organizations, the entire team needs access to the scenario on one platform. This allows them to understand the dashboard and detect any ongoing activity easily. Once they identify an issue, they can proceed with further analysis. Customers need a clear and visible platform that helps them understand when and how their site is being compromised.

The dashboard is split across different platforms. For example, if you want information on Incident Detection, you have to access one dashboard, and for DLP reporting, there's a separate platform. This fragmentation means you can't access everything from a single dashboard. Instead, you must navigate various options to find the right dashboard. This setup results in a separate view for each function. Ideally, we'd like to consolidate this into a unified platform, making it easier to identify site behaviors from one centralized dashboard.

For how long have I used the solution?

I have been using Trellix Endpoint Detection and Response (EDR) as a reseller.

What do I think about the stability of the solution?

We initially used McAfee's VSP and Varia System Enterprise products. After transitioning to Endpoint Security, particularly in version 10 or 7, we encountered performance issues on systems running Windows 7. The high resource utilization caused significant slowdowns, leading to numerous complaints, especially from Sakasho. The EDR was consuming too many system resources, which impacted overall performance. However, with the newer versions, like those in the InVision EPO, these issues seem to have been resolved, and the system now operates more efficiently. The current product is expected to be much lighter and more stable.

I rate the solution’s stability an eight out of ten.

What do I think about the scalability of the solution?

I highly appreciate service architecture. They are developing day by day.

We are an enterprise that provides solutions through Trellix EDR that various external customers use. Our solutions are deployed in a large and diverse environment, including companies, telecoms, and major banks. These organizations rely on our products for their protection needs.

How are customer service and support?

There are multiple ways to get support. You can create a case through your partner or support portal by calling. If necessary, you can raise a call and follow up immediately.

How would you rate customer service and support?

Positive

How was the initial setup?

We operate within our environment and country. One of our clients, is interested in using our on-premises solution. They are hesitant to adopt a cloud-based solution due to concerns about data security. They worry that storing data in the cloud could expose it to unauthorized access. They are confused about how the cloud handles sensitive data like CPU data and prefer to keep their information on-premises. However, other banks have embraced cloud solutions and understand their value. Over time, as more companies study and become comfortable with cloud technology, we believe others will also follow and move to the cloud. We hope to maintain their interest in our services.

What other advice do I have?

Its machine learning capability is strong, and the AI configurations and system integration enhance its effectiveness. The API solutions added to this system allow us to detect and respond to incidents quickly. The quick response is also due to Edge Solutions and specific-type solutions, enabling us to conduct thorough investigations and generate reports on the platform. 

I recommend Trellix Endpoint Detection and Response (EDR) because it offers strong capabilities. It’s worth noting that XDR solutions are also available and might be more effective. These XDR solutions are advanced technologies with enhanced features, including improved API integration.

Overall, I rate the solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Shashank-Gahoi - PeerSpot reviewer
Security Architect at a tech services company with 1,001-5,000 employees
Real User
Top 10
A scalable and easy-to-implement solution that provides timely alerts on malicious behavior in the server
Pros and Cons
  • "If there is any malicious behavior in the workstation or server, the tool stops or isolates it automatically and generates alerts."
  • "The console has a lot of bugs, and it creates many issues."

What is our primary use case?

The product works as a preventive tool. It checks for signatures as well as behaviors.

What is most valuable?

If there is any malicious behavior in the workstation or server, the tool stops or isolates it automatically and generates alerts. It creates reports on the incidents and provides the details to us. The product is very easy to scale and implement.

What needs improvement?

The product must focus on improving the appliances. The console has a lot of bugs, and it creates many issues. It is very tedious to troubleshoot the issues sometimes. The support team does not help. We solve our problems by testing things we find on Google and other forums where people give suggestions about the product. The product has very limited options for creating policies. The product could provide more options for creating policies. The options must be customizable according to the user’s requirements.

For how long have I used the solution?

I have been using the solution for more than two years.

What do I think about the stability of the solution?

I rate the tool’s stability an eight out of ten.

What do I think about the scalability of the solution?

The tool is scalable. We have implemented it across the organization. I would recommend the tool for both small and large companies.

How are customer service and support?

The support team is the worst. The support team must improve its knowledge.

How would you rate customer service and support?

Negative

Which solution did I use previously and why did I switch?

We used an anti-malware solution before we started using Trellix.

How was the initial setup?

The solution is deployed on the cloud. The initial setup was simple.

What about the implementation team?

The deployment took nearly a month. Trellix’s team helped us deploy the product. They were helpful during the purchasing and implementation process. Four or five people in the organization manage and maintain the solution.

What's my experience with pricing, setup cost, and licensing?

The product’s pricing is reasonable. However, we have to have a minimum contract of three years. The licensing model is not so good. Advanced threat intelligence features are very expensive.

What other advice do I have?

We are planning to change the vendor. We have one more year of contract on the product. Companies must use EDR, but they must research before choosing vendors. Overall, I rate the solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Alex Lapinski - PeerSpot reviewer
Cyber Security & ICT Director at Polish Security Experts Association
Real User
Top 5
A solution that efficiently detects the early stages of cyberattacks and offers a sound technical support to its users
Pros and Cons
  • "It is a stable solution. Stability-wise, I rate the solution a nine out of ten...I rate the solution's technical support team a nine and a half or ten out of ten."
  • "The solution lacks the ability to integrate with external platforms. In future releases of the solution, I would like to see the solution increase its integration capabilities with external platforms."

What is our primary use case?

My company's clients use the solution to detect the early stages of attacks and to react to the strange things that happen on the endpoints.

What is most valuable?

Visualization of cyberattacks is one of the most valuable features of the solution.

What needs improvement?

It is tough to comment on what needs improvement in the solution. At the moment, it is difficult to recall and comment on what needs to improve in the solution.

The solution lacks the ability to integrate with external platforms. In future releases of the solution, I would like to see the solution increase its integration capabilities with external platforms. At this moment, I want the solution to integrate with more XDR tools. The solution should provide its users an ease of administration in future releases.

My company has spoken to McAfee about their solution being on the pricier side. So, McAfee is aware that there is room for improvement in its pricing strategy.

For how long have I used the solution?

I have been using McAfee MVISION Endpoint Detection and Response for over two years. So, my company has a partnership with McAfee. Though I don't remember the version of the solution I am working on, it is the latest one since it is a common security practice to use the updated version of the tool.

What do I think about the stability of the solution?

It is a stable solution. Stability-wise, I rate the solution a nine out of ten.

What do I think about the scalability of the solution?

I won't be able to comment on the solution's scalability since, at the moment, we do not need to consider scalability or expansion. However, it is probably easy to scale up since the solution is deployed on AWS. My company has clients who run small, medium, and enterprise-sized businesses. The number of uses using the solution depends upon the company or business size. So, there have been times when a client using the solution has over 1000 users using the tool.

How are customer service and support?

I rate the solution's technical support team a nine and a half or ten out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

The solution's initial setup process was easy and straightforward. On a scale of one to ten, where one is difficult and ten is very easy, I rate the solution's initial setup a ten out of ten. The solution is usually deployed on the cloud platform.

The solution is usually deployed on the cloud platform. Though unsure, I feel the solution is deployed using AWS since I am referring to the users in Europe. The deployment process took place over a few days. The deployment process is covered by the client and distribution services team. The deployment process involves fire and forget, wherein the agent is sent to the user. All the settings are within the agents, and only the installation needs to be done for the deployment process to be completed.

What's my experience with pricing, setup cost, and licensing?

On a scale of one to ten, where one is low and ten is high, I rate the solution's pricing an eight out of ten. McAfee MVISION Endpoint Detection and Response is pricey compared to other solutions in the market.

Though I cannot remember the approximate licensing cost of the solution, it would definitely depend upon the customer, the overall pricing of the solution, and the additional features.

One needs to incur retention costs in addition to the standard licensing fees paid for the solution.

What other advice do I have?

I would tell those planning to use the solution in the future that if they already have McAfee products, then they should go for it since the solution integrates well with other McAfee tools and with some endpoint protection platforms or DLP that are deployed on-premises.

The software will have bugs in them at some point, and bug-related issues are to be taken care of by technical support. Our company reports such issues, and the technical support team tries to resolve them. Presently, this process works well for us. Overall, I rate the product an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer2392089 - PeerSpot reviewer
information security at a insurance company with 201-500 employees
Real User
Top 10
Offers effective investigation and rule detection features but the IOC searching capabilities need to improve
Pros and Cons
  • "The investigation and rule detection feature of the solution has proven most useful for our company"
  • "The searching capabilities for the IOCs can be further improved"

What is our primary use case?

The solution is used to search the IOCs. We use it in our company when we are unable to search for multiple hashes at a time for a particular file. Without Trellix Endpoint Detection and Response (EDR), each hash needs to be executed individually in the search parameter. 

What is most valuable?

The investigation and rule detection feature of the solution has proven most useful for our company. 

What needs improvement?

The searching capabilities for the IOCs can be further improved in the product. 

For how long have I used the solution?

I have been using Trellix Endpoint Detection and Response (EDR) for one year. 

What do I think about the stability of the solution?

I would rate the stability an eight out of ten. 

What do I think about the scalability of the solution?

I would rate the scalability a five out of ten. The solution sometimes functions quite slowly, and at our company, we face multiple issues around which we regularly need to contact tech support. There are more than 1000 users of Trellix Endpoint Detection and Response (EDR) in our organization. I use the product daily in my company. 

Which solution did I use previously and why did I switch?

In my previous organization, I used to work with Cybereason instead of Trellix Endpoint Detection and Response (EDR). My present company prefers to use Trellix Endpoint Detection and Response (EDR), so I switched. 

How was the initial setup?

I would rate the initial setup an eight out of ten. 

What other advice do I have?

Trellix Endpoint Detection and Response (EDR) handles security incidents but generates multiple false positive alerts. If the solution is fine-tuned from time to time, then true positive results can be expected accurately. 

After implementing Trellix Endpoint Detection and Response (EDR) in our organization, we have witnessed great security efficiency. 

I would recommend the solution to others as it's very easy to use. I would rate the solution a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Trellix Endpoint Detection and Response (EDR) Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Trellix Endpoint Detection and Response (EDR) Report and get advice and tips from experienced pros sharing their opinions.