Trellix Endpoint Security (ENS) Reviews

It can be used for ransomware detection and data exfiltration. It is also able to detect Remote Access Trojan (RAT).

It is easy to use, flexible, and stable. Because it is a cloud-based solution and it integrates all endpoints of the cloud, we can do an IOC-based search. It can search the entire enterprise and tell us the endpoints that are possibly compromised.

It has a feature called Isolation. If a device is compromised, we can connect it to our SOC, and no one would be able to access it. This way we can limit the damage to the network while we are investigating.

Malware detection can be better. It doesn't have support and detection for the recent malware, but it has a compensatory control where it can do the behavior-based assessment and alert you when there is something malicious or unexpected. For example, when a certain user is executing the privilege command, which is not normal. These dynamic detections are good, and they compensate for malware detection.

It has very good integrations. However, its integration with Palo Alto was not good, and they seem to be working on it at the backend. It is not very resource-hungry, but it can be even better in terms of resource utilization. It could be improved in terms of efficiency, memory sizing, and disk consumption by agents.

They have something called Managed Detection and Response. They get intel from their customers, and that intel is shared with the rest of FireEye's customers. I want to subscribe to their intel, but that is not available to us.

I have been using this solution for two years.

It is stable. The FireEye team monitors it, and in case it goes down, we get an alert saying that the device is down. We either get their help or troubleshoot it ourselves to get it up and running.

It is quite scalable. We have scaled it according to their sizing recommendations. They have devices for different bandwidths, models, and offices.

We have about 4,000 people who are using this product. In terms of our plans to increase its usage, we are currently studying two options. One of them will basically scale up to about 40,000 instances.

Their technical support is good. For each region, they seem to have got local support that takes care of all problems. They have support teams in Singapore, India, and North America.

Its initial setup was straightforward. I have done one installation that took about 90 minutes. Virtual installations are straightforward. Physical installations have got some networking interfaces, and one needs to go through the documentation to do it. If you have got the right configuration, it is straightforward.

We have about five people within SOC. We manage the engineering and deployment aspects of it. It is not very resource-hungry.

For its deployment, we just needed about four people. We deployed about 14 appliances and one cloud-based instance. We have automated the deployment. We deployed it via Puppet, so the installation was fast.

We also use CrowdStrike Falcon, which is also endpoint security. At that time, we chose the best option based on our study. Both Falcon and FireEye were doing good in the market, so we basically went ahead with what was the best at that time. We buy the licenses for both of these and then do the deployment.

We also use Sophos, but it is signature-based. We have licenses for the normal management control software of Sophos and the agents. We have not used Sophos Intercept X. My understanding is that it is an EDR, and we look forward to doing a study on it.

Based on my two years of experience with this solution, I would comfortably recommend this solution.

I would rate FireEye Endpoint Security an eight out of ten.

We use Trellix Endpoint Security for endpoint protection, including virus protection for desktops, laptops, and servers. The solution includes special dedicated modules, such as those for Microsoft SharePoint security.

Trellix Endpoint Security helps us support and secure a large number of endpoints efficiently. We have a lot of installations, supporting up to twenty thousand endpoints. With the central management system EPO, it has significantly improved our ability to manage security across these devices.

The EPO, the ePolicy Orchestrator, is the best endpoint protection central management system. 

Trellix Endpoint Security has a lot of special small modules that I like very much, such as access protection, adaptive threat prevention, exclusion capabilities, and logging capabilities. Together with disk encryption or file encryption, it provides a comprehensive solution.

The detection and response capabilities need to be improved. The product is not sharp enough in catching viruses, and we often have to use additional components alongside the pure endpoint security. Symantec, for example, might be better in this area.

We have been working with Trellix Endpoint Security for about 20 years.

The stability of the solution is very high, I'd rate it around eight or nine out of ten.

Scalability is high; I'd rate it 20 out of ten if possible.

Technical support is correct and absolutely helpful. We had some issues during the migration from McAfee to Trellix, particularly with account migrations, but generally, support has been good.

Positive

I have used Fortinet Endpoint Management, Symantec, Kaspersky, Check Point, and others. Among these, I find that the EPO system of Trellix is the best.

I like the initial setup very much because Trellix Endpoint Security has a lot of special small modules and configurations. It's flexible and allows for detailed customizations.

The pricing of the solution is correct and justified for the value it provides.

I'd rate the solution eight out of ten.

We use the product to provide system security for shared data on the network.

The platform’s most valuable features are ease of use, integration, and deployment.

The product could be flexible and offer better pricing. They should make it free, open-source software.

We have been using McAfee Endpoint Security for ten years.

The platform is stable.

The platform is scalable. A minimum of five licenses are required for ten executives.

Our IT team requires deployment assistance from the product’s technical support team.

The initial setup process is easy if you have the required technical skills. It takes 30 minutes to complete. A team of around 20 technicians is involved in the deployment.

We implement the product with the help of our technical staff.

We pay for the product’s license. They should reduce the cost or make it free, open-source software.

We evaluated three vendors. We decided to go to McAfee Endpoint Security for better availability, ease of use, and deployment.

I recommend McAfee Endpoint Security to others and rate it a seven out of ten.

We used it for a compromise assessment. That would be for our client. We deployed the agents. It was for endpoint security.

We had been using the solution previously for one of the clients. We were using it for six months, and we did a compromise assessment based on the FireEye Endpoints that were deployed across the group. At that point in time, there were a lot of ransomware attacks in the environment, and it was impossible to identify the source of the attack and where it came from. The tools didn't point to that visibility. We had to deploy these agents across the environment and also monitor the environment using the network security appliances provided by FireEye just to monitor.

We did monitor it for six months, so it was an assessment. In those six months, we did not have another ransomware attack. It was proven the environmental assessment was clean. That was the whole objective of the compromise assessment - to find out if there are any indicators or anything that has gained a foothold in the environment, trying to fend advanced persistent threats from that standpoint.

It is a great solution. The way it exchanges the information between the entire ecosystem, all the endpoints, as well as the network ATP, can trigger the blocking even if it is seen by some other device. If the network has seen something, we can use that to put a block to all the endpoints.

It works in an ecosystem. Centrally, from just one console, you can block malicious attacks across your environment. It provides you with the ability to respond to threats better.

The solution can be expensive.

If it could provide a little more in terms of automating things, for example, in response and automatic playbooks wherein you define whatever it is if you see this kind of a threat. You define the actions that need to be followed. If a playbook could be automated and run without even requiring manual involvement, that is the future we want, and they should look into how to make that happen. That is the kind of capability we want them to build.

In terms of reporting, also, if they could provide a little bit more information from where it started, how it progressed; a complete workflow, how that had progressed from where it was picked up; what was the target stage, what was the next stage, and what was the final stage, that would be very helpful. If they could pick up in a simple pictorial way of representing analysis just like the Cisco ASA Packet Analyzer used to do, that would be really helpful.

We used the solution for six months.

The stability has been very good. There are no bugs or glitches and it doesn’t crash or freeze. It’s reliable.

The product can scale. It’s not an issue at all. 20,000 users were using the solution with no problems.

We have contacted tech support. Tech support was brilliant. They were very knowledgeable, very skillful, and very responsive, and they knew the subject matter. They knew what we were asking for.

The agent installation was okay. It was just a package that was installed. It also provides options to customize and fine-tune based on the system's performance. It's not too heavy on the systems or the servers.

On the network side of things, I think there were challenges to getting that working. We had to do a couple of alterations in terms of making it work, mainly since the appliance's model was provided using a special-purpose SFP, and the compatible SFP was not available in the client environment at that one point. We had to procure it specifically for that assessment.

It’s very costly.

I’d recommend the solution to others.

I would rate the solution eight out of ten.

Trellix Endpoint Security is a cloud-based solution in which all the servers are installed with a McAfee Trellix agent, and that agent manages the server for any potential damage or threat.

It's crucial to always keep the antivirus and anti-malware software updated, which is implemented automatically by the agent of Trellix Endpoint Security. The agent, as part of the solution, continuously monitors the system and transmits data to the central server, where the latest antivirus definitions and remedy features are implemented across the systems. 

I have been using Trellix Endpoint Security for a year. 

The solution is stable enough and implements monitoring requirements effectively. In some applications, it has been found that the solution can make a system lag in pace and thus impact the performance. If the aforementioned scenario occurs, then an administrator needs to run a benefits vs. risks analysis to decide whether to continue with the antivirus or not. 

I would rate the scalability a ten out of ten. The product can be installed in almost any environment, you just need to purchase a license and install the product. The licenses should be procured as per the user needs. 

For a paid version of Trellix Endpoint Security, satisfying customer support can be experienced. 

The setup of Trellix Endpoint Security is extremely easy. The deployment process involves installing an agent on the system. The moment the antivirus agent's service commences, it immediately connects to the central server and becomes completely operational. 

The website of Trellix Endpoint Security conveys a deployer about which agent should be used as per the operating system; if it's Windows, then the Windows agent needs to be installed. 

There is an international virus database and all products like Trellix Endpoint Security have to sync the virus definition data with the international database. As part of the vulnerability assessment, the antivirus software developing companies have to keep their data synced with the centralized database.

Whenever any vulnerability or an attack is identified, immediately a vulnerability report is generated and uploaded. Following the aforementioned incident, all the antivirus companies immediately update their virus eradicating tools so that new or unknown attacks can be easily mitigated. New viruses, Trojans, or attacks are being invented and circulated all the time, so companies have to consistently keep updating their system. 

The antivirus agent keeps running and analyzing the system it's installed in, but there is no effective data regarding the analysis or detection. For instance, suppose a virus intervened in your system at 12:00 AM and immediately it was detected, then you can claim the antivirus solution to be the most effective.

I would definitely recommend that others use Trellix Endpoint Security; in an enterprise environment, they must have an antivirus, including the local and remote systems, if used. I would overall rate Trellix Endpoint Security as nine out of ten. The solution doesn't need to be integrated with other tools to function effectively. 

McAfee MVISION Endpoint is used for endpoint protection. Protects the files and network against viruses and malware.

The price of McAfee MVISION Endpoint could improve.

I have been using McAfee MVISION Endpoint for approximately one year.

McAfee MVISION Endpoint is stable.

I have previously used Check Point and Microsoft Defender. I would recommend Microsoft Defender over the other solutions I have used.

The installation of the McAfee MVISION Endpoint was simple. We are able to do it remotely from a central location.

I have had a return on investment by using McAfee MVISION Endpoint.

We are on an annual subscription for McAfee MVISION Endpoint. The cost for the license could be less expensive.

I rate McAfee MVISION Endpoint a six out of ten.

We've only got two or three machines. The solution is simply used as an antivirus, however,  we've rolled it out to all of our customers and we use it as a managed service.

The solution has reduced false positives for our clients and ourselves.

It's got quite good ransomware detection.

The product can be deployed across mobile devices.

It has a managed service push deployment where we can push cloud tasks into policies. 

It's a really good product. It's stable and scalable. It offers good flexibility, has a small footprint, offers a minimal effect on performance, and is from a trusted brand.

We have found the deployment to be very fast.

Technical support is excellent.

We're still looking for weaknesses. The product is still quite new for us. That said, so far, every time I have thought, "I wonder if it can do this or it can do that." I've been able to do it.

McAfee has also asked us for feedback, and we noticed when we gave them suggestions, they worked to implement them. For example, we asked for the ability to leverage Windows Defender instead of creating an endpoint. They've just put that in so you can choose now what you want to do. You can change that deployment and push it out without any intervention by the client as well.

The initial setup can be a bit complicated for those unfamiliar with the product.

We have been using the solution for about four or five months at this point. 

The stability is good. There are no bugs or glitches and it doesn't crash or freeze.

The companies we work with range in size from small to large. 

The solution is very easy to scale.

I would rate technical support at a ten out of ten. They have been great. We have found them to be helpful and responsive. My personal interaction with them was absolutely brilliant.

The initial setup can be difficult the first time. You have the flexibility to give all sorts of setup options. You need to know, for example, do you want this, do you want that, do you want these exclusions? Do you want these exploit preventions? et cetera. There are a lot of components. It's going to be complicated initially, however, once you've done that and set it up for a customer, then it's very simple just to deploy it and roll it out.

We rolled out another customer on Friday, and that's 35 sites we've done so far - and I was able to do the whole lot remotely. It's quick to deploy. For clients, in terms of the deployment, I just simply send them a link to their emails and they just go click on it and it goes.

Once the product is deployed, there isn't any maintenance necessary. It's all controlled from a SaaS portal.

The pricing is okay. It's in the middle and there are actually surveys out and they all say that as well.

There's a couple of license options. You can choose a single license or you can choose what we call a MV2 license. Every single license gives you the ability to install a product on five other devices - including mobile. You get a Windows license and that enables you to install it on a tablet, iPhone, or Android device (up to five) as well.

We're a McAfee partner.

We are using the SaaS version. It's my understanding that we are on the latest version of the solution. 

We would recommend the solution to other companies. We actually sell it and provide it to all our clients.

I'd rate the solution at a ten out of ten.

We use the solution for security purposes.

The solution is valuable for security aspects.

The solution should respond faster. Whenever Trelix runs, the system slows down.

I have been using Trellix for two years. We are using the latest version of the solution.

The product’s stability is good.

I rate the solution’s stability a seven out of ten.

The solution is scalable. Around 3,000 users are using this solution.

I rate the solution’s scalability an eight out of ten.

Technical support is good. They respond faster.

The initial setup is simple.

Ten people are required for maintenance.

You should monitor how efficiently the solution functions, how it will impact your system, and how many files will be processed. The more files your system has, the more security time is needed to scan them daily. Due to this, your system may become slower. Trelix ensures the system does not slow down even when Trelix runs in the background.

Overall, I rate the solution a seven out of ten.