Trellix Endpoint Security (ENS) Reviews

This is an anti-virus and firewall solution. We have over 5,000 users and we are customers of Trellix. 

Provides endpoint security protection against malware and the like.

Trellix tends to get in the way and really impacts the performance of the servers quite negatively.

We've been using this product for around 20 years.

I wasn't involved in the initial setup. 

I'd recommend that potential users of this solution look for something more modern, for a newer company providing innovative solutions. I rate this solution five out of 10. 

It can be used for ransomware detection and data exfiltration. It is also able to detect Remote Access Trojan (RAT).

It is easy to use, flexible, and stable. Because it is a cloud-based solution and it integrates all endpoints of the cloud, we can do an IOC-based search. It can search the entire enterprise and tell us the endpoints that are possibly compromised.

It has a feature called Isolation. If a device is compromised, we can connect it to our SOC, and no one would be able to access it. This way we can limit the damage to the network while we are investigating.

Malware detection can be better. It doesn't have support and detection for the recent malware, but it has a compensatory control where it can do the behavior-based assessment and alert you when there is something malicious or unexpected. For example, when a certain user is executing the privilege command, which is not normal. These dynamic detections are good, and they compensate for malware detection.

It has very good integrations. However, its integration with Palo Alto was not good, and they seem to be working on it at the backend. It is not very resource-hungry, but it can be even better in terms of resource utilization. It could be improved in terms of efficiency, memory sizing, and disk consumption by agents.

They have something called Managed Detection and Response. They get intel from their customers, and that intel is shared with the rest of FireEye's customers. I want to subscribe to their intel, but that is not available to us.

I have been using this solution for two years.

It is stable. The FireEye team monitors it, and in case it goes down, we get an alert saying that the device is down. We either get their help or troubleshoot it ourselves to get it up and running.

It is quite scalable. We have scaled it according to their sizing recommendations. They have devices for different bandwidths, models, and offices.

We have about 4,000 people who are using this product. In terms of our plans to increase its usage, we are currently studying two options. One of them will basically scale up to about 40,000 instances.

Their technical support is good. For each region, they seem to have got local support that takes care of all problems. They have support teams in Singapore, India, and North America.

Its initial setup was straightforward. I have done one installation that took about 90 minutes. Virtual installations are straightforward. Physical installations have got some networking interfaces, and one needs to go through the documentation to do it. If you have got the right configuration, it is straightforward.

We have about five people within SOC. We manage the engineering and deployment aspects of it. It is not very resource-hungry.

For its deployment, we just needed about four people. We deployed about 14 appliances and one cloud-based instance. We have automated the deployment. We deployed it via Puppet, so the installation was fast.

We also use CrowdStrike Falcon, which is also endpoint security. At that time, we chose the best option based on our study. Both Falcon and FireEye were doing good in the market, so we basically went ahead with what was the best at that time. We buy the licenses for both of these and then do the deployment.

We also use Sophos, but it is signature-based. We have licenses for the normal management control software of Sophos and the agents. We have not used Sophos Intercept X. My understanding is that it is an EDR, and we look forward to doing a study on it.

Based on my two years of experience with this solution, I would comfortably recommend this solution.

I would rate FireEye Endpoint Security an eight out of ten.

We use Trellix Endpoint Security for endpoint protection, including virus protection for desktops, laptops, and servers. The solution includes special dedicated modules, such as those for Microsoft SharePoint security.

Trellix Endpoint Security helps us support and secure a large number of endpoints efficiently. We have a lot of installations, supporting up to twenty thousand endpoints. With the central management system EPO, it has significantly improved our ability to manage security across these devices.

The EPO, the ePolicy Orchestrator, is the best endpoint protection central management system. 

Trellix Endpoint Security has a lot of special small modules that I like very much, such as access protection, adaptive threat prevention, exclusion capabilities, and logging capabilities. Together with disk encryption or file encryption, it provides a comprehensive solution.

The detection and response capabilities need to be improved. The product is not sharp enough in catching viruses, and we often have to use additional components alongside the pure endpoint security. Symantec, for example, might be better in this area.

We have been working with Trellix Endpoint Security for about 20 years.

The stability of the solution is very high, I'd rate it around eight or nine out of ten.

Scalability is high; I'd rate it 20 out of ten if possible.

Technical support is correct and absolutely helpful. We had some issues during the migration from McAfee to Trellix, particularly with account migrations, but generally, support has been good.

Positive

I have used Fortinet Endpoint Management, Symantec, Kaspersky, Check Point, and others. Among these, I find that the EPO system of Trellix is the best.

I like the initial setup very much because Trellix Endpoint Security has a lot of special small modules and configurations. It's flexible and allows for detailed customizations.

The pricing of the solution is correct and justified for the value it provides.

I'd rate the solution eight out of ten.

We use the product to provide system security for shared data on the network.

The platform’s most valuable features are ease of use, integration, and deployment.

The product could be flexible and offer better pricing. They should make it free, open-source software.

We have been using McAfee Endpoint Security for ten years.

The platform is stable.

The platform is scalable. A minimum of five licenses are required for ten executives.

Our IT team requires deployment assistance from the product’s technical support team.

The initial setup process is easy if you have the required technical skills. It takes 30 minutes to complete. A team of around 20 technicians is involved in the deployment.

We implement the product with the help of our technical staff.

We pay for the product’s license. They should reduce the cost or make it free, open-source software.

We evaluated three vendors. We decided to go to McAfee Endpoint Security for better availability, ease of use, and deployment.

I recommend McAfee Endpoint Security to others and rate it a seven out of ten.

We primarily use the solution for managed defense. It is a next-generation EDR, similar to Cylance and CrowdStrike. It's used for endpoint enforcement. 

It offers more plugins for endpoints in order to extend endpoint protection. There are a variety of plugin options.

The extendability is great. 

It is pretty stable.

The product is very scalable.

We find the pricing to be in line with the current market.

The solution needs to work on memory consumption. It is too high. EDRs are notorious for this. 

Technical support could be improved a bit. They are doing a lot with the acquisition and rebranding, and things may take a while to settle. 

We've used the solution for 18 months. 

The solution is stable and reliable. It's just as stable as anything else on the market. This is a stable build. All of it does depend on the interaction with the Microsoft patches. Most of the time, the performance is quite good. 

The solution scales well and has a lot of device plugins. I'd rate it a ten out of ten. You can do all kinds of things with it that you can't do with other endpoint protection options. 

Technical support isn't ideal. It's not that it is awful; it's just not fantastic. 

I'm also familiar with Cylance and CrowdStrike, which I've used at a different company.

I wasn't involved with the initial setup. However, we have a top-notch implementation engineer. 

We had the vendor's assistance, and we've always had an excellent experience using them. 

I am not sure about the exact costs. However, my understanding is it is comparable to Crowdstrike. Like other solutions, the more endpoints you have, the less the cost. 

We're customers. We're an international conglomerate. They are our vendor, and they are partners with us on our security journey. 

I'd advise people to use Managed Defense. It pays for itself. 

I'd rate the solution a solid eight out of ten overall.

We used it for a compromise assessment. That would be for our client. We deployed the agents. It was for endpoint security.

We had been using the solution previously for one of the clients. We were using it for six months, and we did a compromise assessment based on the FireEye Endpoints that were deployed across the group. At that point in time, there were a lot of ransomware attacks in the environment, and it was impossible to identify the source of the attack and where it came from. The tools didn't point to that visibility. We had to deploy these agents across the environment and also monitor the environment using the network security appliances provided by FireEye just to monitor.

We did monitor it for six months, so it was an assessment. In those six months, we did not have another ransomware attack. It was proven the environmental assessment was clean. That was the whole objective of the compromise assessment - to find out if there are any indicators or anything that has gained a foothold in the environment, trying to fend advanced persistent threats from that standpoint.

It is a great solution. The way it exchanges the information between the entire ecosystem, all the endpoints, as well as the network ATP, can trigger the blocking even if it is seen by some other device. If the network has seen something, we can use that to put a block to all the endpoints.

It works in an ecosystem. Centrally, from just one console, you can block malicious attacks across your environment. It provides you with the ability to respond to threats better.

The solution can be expensive.

If it could provide a little more in terms of automating things, for example, in response and automatic playbooks wherein you define whatever it is if you see this kind of a threat. You define the actions that need to be followed. If a playbook could be automated and run without even requiring manual involvement, that is the future we want, and they should look into how to make that happen. That is the kind of capability we want them to build.

In terms of reporting, also, if they could provide a little bit more information from where it started, how it progressed; a complete workflow, how that had progressed from where it was picked up; what was the target stage, what was the next stage, and what was the final stage, that would be very helpful. If they could pick up in a simple pictorial way of representing analysis just like the Cisco ASA Packet Analyzer used to do, that would be really helpful.

We used the solution for six months.

The stability has been very good. There are no bugs or glitches and it doesn’t crash or freeze. It’s reliable.

The product can scale. It’s not an issue at all. 20,000 users were using the solution with no problems.

We have contacted tech support. Tech support was brilliant. They were very knowledgeable, very skillful, and very responsive, and they knew the subject matter. They knew what we were asking for.

The agent installation was okay. It was just a package that was installed. It also provides options to customize and fine-tune based on the system's performance. It's not too heavy on the systems or the servers.

On the network side of things, I think there were challenges to getting that working. We had to do a couple of alterations in terms of making it work, mainly since the appliance's model was provided using a special-purpose SFP, and the compatible SFP was not available in the client environment at that one point. We had to procure it specifically for that assessment.

It’s very costly.

I’d recommend the solution to others.

I would rate the solution eight out of ten.

McAfee MVISION Endpoint is used for endpoint protection. Protects the files and network against viruses and malware.

The price of McAfee MVISION Endpoint could improve.

I have been using McAfee MVISION Endpoint for approximately one year.

McAfee MVISION Endpoint is stable.

I have previously used Check Point and Microsoft Defender. I would recommend Microsoft Defender over the other solutions I have used.

The installation of the McAfee MVISION Endpoint was simple. We are able to do it remotely from a central location.

I have had a return on investment by using McAfee MVISION Endpoint.

We are on an annual subscription for McAfee MVISION Endpoint. The cost for the license could be less expensive.

I rate McAfee MVISION Endpoint a six out of ten.

We've only got two or three machines. The solution is simply used as an antivirus, however,  we've rolled it out to all of our customers and we use it as a managed service.

The solution has reduced false positives for our clients and ourselves.

It's got quite good ransomware detection.

The product can be deployed across mobile devices.

It has a managed service push deployment where we can push cloud tasks into policies. 

It's a really good product. It's stable and scalable. It offers good flexibility, has a small footprint, offers a minimal effect on performance, and is from a trusted brand.

We have found the deployment to be very fast.

Technical support is excellent.

We're still looking for weaknesses. The product is still quite new for us. That said, so far, every time I have thought, "I wonder if it can do this or it can do that." I've been able to do it.

McAfee has also asked us for feedback, and we noticed when we gave them suggestions, they worked to implement them. For example, we asked for the ability to leverage Windows Defender instead of creating an endpoint. They've just put that in so you can choose now what you want to do. You can change that deployment and push it out without any intervention by the client as well.

The initial setup can be a bit complicated for those unfamiliar with the product.

We have been using the solution for about four or five months at this point. 

The stability is good. There are no bugs or glitches and it doesn't crash or freeze.

The companies we work with range in size from small to large. 

The solution is very easy to scale.

I would rate technical support at a ten out of ten. They have been great. We have found them to be helpful and responsive. My personal interaction with them was absolutely brilliant.

The initial setup can be difficult the first time. You have the flexibility to give all sorts of setup options. You need to know, for example, do you want this, do you want that, do you want these exclusions? Do you want these exploit preventions? et cetera. There are a lot of components. It's going to be complicated initially, however, once you've done that and set it up for a customer, then it's very simple just to deploy it and roll it out.

We rolled out another customer on Friday, and that's 35 sites we've done so far - and I was able to do the whole lot remotely. It's quick to deploy. For clients, in terms of the deployment, I just simply send them a link to their emails and they just go click on it and it goes.

Once the product is deployed, there isn't any maintenance necessary. It's all controlled from a SaaS portal.

The pricing is okay. It's in the middle and there are actually surveys out and they all say that as well.

There's a couple of license options. You can choose a single license or you can choose what we call a MV2 license. Every single license gives you the ability to install a product on five other devices - including mobile. You get a Windows license and that enables you to install it on a tablet, iPhone, or Android device (up to five) as well.

We're a McAfee partner.

We are using the SaaS version. It's my understanding that we are on the latest version of the solution. 

We would recommend the solution to other companies. We actually sell it and provide it to all our clients.

I'd rate the solution at a ten out of ten.