Trellix Endpoint Security (ENS) Reviews

FireEye replaces our traditional antivirus solutions like Symantec and McAfee and covers multiple business use cases, including EDR. 

We have a cloud-based instance, so we can deploy all our configurations through the cloud. That's the beauty of FireEye.

Upgrading to new versions isn't easy and it can take a long time. Also, other solutions' tamper protection features are better than FireEye's. Clients should have access to our local information, but they shouldn't change settings on the system itself. 

I I have used FireEye for 10 months.

I rate Endpoint Security seven out of 10. There is room for improvement and development. 

FireEye is a cloud-based application, so it's easy to extend by purchasing more licenses. 

FireEye responds promptly, and their support has been excellent so far.

Deploying Endpoint Security is hassle-free. We uninstalled our legacy antivirus system and deployed FireEye. We created a package and deployed it across the servers manually. 

I rate FireEye Endpoint Security eight out of 10. Explore the solution and see what benefits it can offer your organization. I recommend FireEye depending on the customer's needs and use cases. 

We primarily use the solution for managed defense. It is a next-generation EDR, similar to Cylance and CrowdStrike. It's used for endpoint enforcement. 

It offers more plugins for endpoints in order to extend endpoint protection. There are a variety of plugin options.

The extendability is great. 

It is pretty stable.

The product is very scalable.

We find the pricing to be in line with the current market.

The solution needs to work on memory consumption. It is too high. EDRs are notorious for this. 

Technical support could be improved a bit. They are doing a lot with the acquisition and rebranding, and things may take a while to settle. 

We've used the solution for 18 months. 

The solution is stable and reliable. It's just as stable as anything else on the market. This is a stable build. All of it does depend on the interaction with the Microsoft patches. Most of the time, the performance is quite good. 

The solution scales well and has a lot of device plugins. I'd rate it a ten out of ten. You can do all kinds of things with it that you can't do with other endpoint protection options. 

Technical support isn't ideal. It's not that it is awful; it's just not fantastic. 

I'm also familiar with Cylance and CrowdStrike, which I've used at a different company.

I wasn't involved with the initial setup. However, we have a top-notch implementation engineer. 

We had the vendor's assistance, and we've always had an excellent experience using them. 

I am not sure about the exact costs. However, my understanding is it is comparable to Crowdstrike. Like other solutions, the more endpoints you have, the less the cost. 

We're customers. We're an international conglomerate. They are our vendor, and they are partners with us on our security journey. 

I'd advise people to use Managed Defense. It pays for itself. 

I'd rate the solution a solid eight out of ten overall.

We use the solution for security purposes.

The solution is valuable for security aspects.

The solution should respond faster. Whenever Trelix runs, the system slows down.

I have been using Trellix for two years. We are using the latest version of the solution.

The product’s stability is good.

I rate the solution’s stability a seven out of ten.

The solution is scalable. Around 3,000 users are using this solution.

I rate the solution’s scalability an eight out of ten.

Technical support is good. They respond faster.

The initial setup is simple.

Ten people are required for maintenance.

You should monitor how efficiently the solution functions, how it will impact your system, and how many files will be processed. The more files your system has, the more security time is needed to scan them daily. Due to this, your system may become slower. Trelix ensures the system does not slow down even when Trelix runs in the background.

Overall, I rate the solution a seven out of ten.

We are using all Trellix solutions, and we are also using all McAfee products. Our customers are using virus scan for the old platforms, Endpoint Security, MVISION, File and Folder Encryption, File and Folder Protection, and Device Control, but at the moment, I am really interested in the integration between the new Trellix solution like MVISION and FireEye.

It is a really strong solution for endpoint security.

There should be better integration between the ePolicy Orchestrator and FireEye console. The integration of both consoles should be better.

I have been using this solution for about six years.

Its stability is perfect.

Its scalability is perfect. In our company, we have between 2,000 and 3,000 users, but our installation has about 50,000 endpoints for all customers.

They're very good. I am in contact with their support about five times a day, and they respond quickly.

Positive

It was easy. I have been using Trellix since the carbon age. I have been using Trellix since the day it was released.

Its deployment doesn't take long. 

I customize every installation.

It is not so cheap in comparison to Sophos and other solutions.

Make a really detailed survey of all the systems before implementing any solution on the endpoint. Do not buy the license and try deployment after that.

I would rate it a 10 out of 10.

We use Trellix Endpoint Security for endpoint protection, including virus protection for desktops, laptops, and servers. The solution includes special dedicated modules, such as those for Microsoft SharePoint security.

Trellix Endpoint Security helps us support and secure a large number of endpoints efficiently. We have a lot of installations, supporting up to twenty thousand endpoints. With the central management system EPO, it has significantly improved our ability to manage security across these devices.

The EPO, the ePolicy Orchestrator, is the best endpoint protection central management system. 

Trellix Endpoint Security has a lot of special small modules that I like very much, such as access protection, adaptive threat prevention, exclusion capabilities, and logging capabilities. Together with disk encryption or file encryption, it provides a comprehensive solution.

The detection and response capabilities need to be improved. The product is not sharp enough in catching viruses, and we often have to use additional components alongside the pure endpoint security. Symantec, for example, might be better in this area.

We have been working with Trellix Endpoint Security for about 20 years.

The stability of the solution is very high, I'd rate it around eight or nine out of ten.

Scalability is high; I'd rate it 20 out of ten if possible.

Technical support is correct and absolutely helpful. We had some issues during the migration from McAfee to Trellix, particularly with account migrations, but generally, support has been good.

Positive

I have used Fortinet Endpoint Management, Symantec, Kaspersky, Check Point, and others. Among these, I find that the EPO system of Trellix is the best.

I like the initial setup very much because Trellix Endpoint Security has a lot of special small modules and configurations. It's flexible and allows for detailed customizations.

The pricing of the solution is correct and justified for the value it provides.

I'd rate the solution eight out of ten.

The solution enables me to monitor all my endpoints and ensure that our agents are reporting to the FireEye management server. That is key for allowing us to see any suspicious traffic coming in. I'm the delivery manager and we are customers of FireEye. 

I like the console and the GUI is user-friendly. One of the most important and critical features is containment. Suppose something gets infected and there's the possibility of it spreading laterally and causing a problem or compromising a network. FireEye has a feature that enables it to disconnect from a system network so that the infection doesn't spread. 

Even if an incident occurs at night when support teams are not available, the feature can contain the infection so that when the support teams get to work, they can carry out the remediation part and bring the system back to production.

I'd like to see the searches enhanced because when I hand over the product to someone without experience, it should be user-friendly to them as well. If the feature was enhanced, and the amount of data that comes in reduced, it would simplify the process for anyone. 

I've been using this solution for two years. 

The solution is stable.

I haven't had any issues with scalability. 

The support is pretty good, we haven't had any problems. 

Neutral

We had a separate team implementing FireEye and there didn't seem to be any issues so I think deployment was relatively straightforward. 

I prefer FireEye to solutions like CrowdStrike, Carbon Black, and Trend Micro which are not as user-friendly. FireEye is also easier to integrate with the SIEM, so all the logs get pushed and there are no issues getting the device integrated with SIEM. 

I rate this solution nine out of 10. 

I'm working on a project for the Hong Kong library system under the Hong Kong government. They provide workstations in the library for citizens to access the Internet. The ENS needs to be installed on all the PCs in the library. Another part involves the CSWA for the server farm. They are upgrading the entire library system, including the rental system, book search, eBooks, multimedia, and other services. The CSWA modules are primarily for the backend servers, including Linux and Windows.

Detection and response functionality meet our requirements, but the support is poor.

HIPS protects server files from being modified or deleted by unauthorized users. It's primarily deployed in the web tier.

It is a bit technical. The user interface has some significant limitations, mainly when using HIPS on the server side, to protect files from being changed or deleted by hackers, users, or administrators. The UI only allows for the inclusion of files using wildcards. 

For example, it can protect an entire directory or a subdirectory, but it doesn't let you select specific files within a directory.

I have been using Trellix Endpoint Security (ENS) as an implementor for two years.

We haven't had any system crashes or problems in most cases. SolidCore is not compatible with some kernels, which is causing problems. Endpoint, HIPS, and anti-theft are working fine so far. 

I rate the solution’s stability as seven out of ten.

We use one ePO server to manage around four thousand endpoints, including servers. This single server effectively handles this load.

It is suitable for medium and large enterprises.

I rate the solution’s scalability as seven out of ten.

Support is poor. A module called Solidcore needs to match with the OS kernel in one area. The support for this module has been slow because it doesn't match the latest OS. As a result, we haven't been able to upgrade our OS because McAfee does not support the latest version. We've also encountered issues where the product can't be upgraded or installed successfully. We're managing over 300 servers and 3,000 workstations. Upgrading has been a nightmare with this setup.

It provides a slow response. Sometimes, getting feedback takes a few days, and that is also not to the point.

Positive

The initial setup is easy and straightforward. Determining specific modules and functions often involves a lot of trial and error. Deployment takes only a couple of days.

Overall, I rate the solution a seven out of ten.

We used it for a compromise assessment. That would be for our client. We deployed the agents. It was for endpoint security.

We had been using the solution previously for one of the clients. We were using it for six months, and we did a compromise assessment based on the FireEye Endpoints that were deployed across the group. At that point in time, there were a lot of ransomware attacks in the environment, and it was impossible to identify the source of the attack and where it came from. The tools didn't point to that visibility. We had to deploy these agents across the environment and also monitor the environment using the network security appliances provided by FireEye just to monitor.

We did monitor it for six months, so it was an assessment. In those six months, we did not have another ransomware attack. It was proven the environmental assessment was clean. That was the whole objective of the compromise assessment - to find out if there are any indicators or anything that has gained a foothold in the environment, trying to fend advanced persistent threats from that standpoint.

It is a great solution. The way it exchanges the information between the entire ecosystem, all the endpoints, as well as the network ATP, can trigger the blocking even if it is seen by some other device. If the network has seen something, we can use that to put a block to all the endpoints.

It works in an ecosystem. Centrally, from just one console, you can block malicious attacks across your environment. It provides you with the ability to respond to threats better.

The solution can be expensive.

If it could provide a little more in terms of automating things, for example, in response and automatic playbooks wherein you define whatever it is if you see this kind of a threat. You define the actions that need to be followed. If a playbook could be automated and run without even requiring manual involvement, that is the future we want, and they should look into how to make that happen. That is the kind of capability we want them to build.

In terms of reporting, also, if they could provide a little bit more information from where it started, how it progressed; a complete workflow, how that had progressed from where it was picked up; what was the target stage, what was the next stage, and what was the final stage, that would be very helpful. If they could pick up in a simple pictorial way of representing analysis just like the Cisco ASA Packet Analyzer used to do, that would be really helpful.

We used the solution for six months.

The stability has been very good. There are no bugs or glitches and it doesn’t crash or freeze. It’s reliable.

The product can scale. It’s not an issue at all. 20,000 users were using the solution with no problems.

We have contacted tech support. Tech support was brilliant. They were very knowledgeable, very skillful, and very responsive, and they knew the subject matter. They knew what we were asking for.

The agent installation was okay. It was just a package that was installed. It also provides options to customize and fine-tune based on the system's performance. It's not too heavy on the systems or the servers.

On the network side of things, I think there were challenges to getting that working. We had to do a couple of alterations in terms of making it work, mainly since the appliance's model was provided using a special-purpose SFP, and the compatible SFP was not available in the client environment at that one point. We had to procure it specifically for that assessment.

It’s very costly.

I’d recommend the solution to others.

I would rate the solution eight out of ten.