Trellix Endpoint Security (ENS) Reviews

Trellix Endpoint Security (ENS) is useful as an endpoint security software.

The most valuable feature of the solution is its dashboard.

The dashboard provided by the solution needs to be improved. The customization capabilities of the solution are an area where it lacks, so it would be great if our company could customize the solution to meet the demands of our customers.

In the future, I would like technical support for the solution and its UI to be more efficient.

I have been using Trellix Endpoint Security (ENS) for two years. I usually deal with a product's latest version. My company has a partnership with Trellix.

Stability-wise, I rate the solution an eight out of ten. The solution is mostly stable, but sometimes, there is a need to do some troubleshooting.

Scalability-wise, I rate the solution a seven out of ten.

I rate the technical support an eight out of ten.

Positive

Currently, I work with CrowdStrike since my company has a partnership with it. CrowdStrike is better than Trellix Endpoint Security (ENS). CrowdStrike offers functionalities like machine learning and DLP.

I have used the solution on the cloud and on-premises. Currently, the solution is deployed on the cloud services offered by Trellix, which I feel is a public cloud.

I don't think there are any extra expenses besides its licensing costs.

Maintenance of the solution is required, including some troubleshooting parts managed by five to six engineers in our company.

I recommend the solution to those planning to use it.

Not all solutions in the market are good, though I found Trellix Endpoint Security (ENS) to be a good product.

I rate the overall solution a seven out of ten.

It can be used for ransomware detection and data exfiltration. It is also able to detect Remote Access Trojan (RAT).

It is easy to use, flexible, and stable. Because it is a cloud-based solution and it integrates all endpoints of the cloud, we can do an IOC-based search. It can search the entire enterprise and tell us the endpoints that are possibly compromised.

It has a feature called Isolation. If a device is compromised, we can connect it to our SOC, and no one would be able to access it. This way we can limit the damage to the network while we are investigating.

Malware detection can be better. It doesn't have support and detection for the recent malware, but it has a compensatory control where it can do the behavior-based assessment and alert you when there is something malicious or unexpected. For example, when a certain user is executing the privilege command, which is not normal. These dynamic detections are good, and they compensate for malware detection.

It has very good integrations. However, its integration with Palo Alto was not good, and they seem to be working on it at the backend. It is not very resource-hungry, but it can be even better in terms of resource utilization. It could be improved in terms of efficiency, memory sizing, and disk consumption by agents.

They have something called Managed Detection and Response. They get intel from their customers, and that intel is shared with the rest of FireEye's customers. I want to subscribe to their intel, but that is not available to us.

I have been using this solution for two years.

It is stable. The FireEye team monitors it, and in case it goes down, we get an alert saying that the device is down. We either get their help or troubleshoot it ourselves to get it up and running.

It is quite scalable. We have scaled it according to their sizing recommendations. They have devices for different bandwidths, models, and offices.

We have about 4,000 people who are using this product. In terms of our plans to increase its usage, we are currently studying two options. One of them will basically scale up to about 40,000 instances.

Their technical support is good. For each region, they seem to have got local support that takes care of all problems. They have support teams in Singapore, India, and North America.

Its initial setup was straightforward. I have done one installation that took about 90 minutes. Virtual installations are straightforward. Physical installations have got some networking interfaces, and one needs to go through the documentation to do it. If you have got the right configuration, it is straightforward.

We have about five people within SOC. We manage the engineering and deployment aspects of it. It is not very resource-hungry.

For its deployment, we just needed about four people. We deployed about 14 appliances and one cloud-based instance. We have automated the deployment. We deployed it via Puppet, so the installation was fast.

We also use CrowdStrike Falcon, which is also endpoint security. At that time, we chose the best option based on our study. Both Falcon and FireEye were doing good in the market, so we basically went ahead with what was the best at that time. We buy the licenses for both of these and then do the deployment.

We also use Sophos, but it is signature-based. We have licenses for the normal management control software of Sophos and the agents. We have not used Sophos Intercept X. My understanding is that it is an EDR, and we look forward to doing a study on it.

Based on my two years of experience with this solution, I would comfortably recommend this solution.

I would rate FireEye Endpoint Security an eight out of ten.

We use the platform for managing and securing endpoints in our organization.

The solution's technical support services have a quick response time. It has been beneficial for our organization. 

The platform's most valuable features are AI capabilities and its quick updates. 

They could provide better integration capabilities for the product with other services.

We have been using Trellix Endpoint Security (ENS) for two to three years. We are using the latest version and regularly update it.

I rate the product's stability a seven out of ten. 

Our corporation has approximately 13,000 Trellix Endpoint Security (ENS) users. It is a scalable product.

The solution helps manage users easier and reduces the workload for the IT team.

The product pricing is high. 

We are evaluating Trellix Endpoint Security (ENS) features compared to others. 

I advise others to consider the specific requirements of users, such as personal devices that may not be supported before making a purchase decision.

I rate it an eight out of ten. 

We just run it in the background and potentially scan any wireless or malicious file. It must be the same setup.

Maybe the performance could be better. I noticed that it slows down a bit when I start it up in the morning.

We have had this solution for over three years now. It's enterprise security. We use the latest version. 

It's stable. It's just that I don't have to use it very often. I can go weeks without having to deal with any issues. If something does pop up, it's usually pretty easy to fix. I just let the people who know what they're doing handle it.

It's scalable enough for our needs. I don't see any problems right now. There are about 55 users in two branches of our company.

We haven't needed to use tech support. We are an IT company, so we usually take care of our own devices.

The setup is not that complex. It takes five to ten minutes to set up. It's mostly this is our old devices.

It's a self-deployable solution, so we don't need any technical staff for deployment.

We do need to pay for a license.

Overall, I would rate the solution a six out of ten. 

We deploy the solution on-premises but we have the roadmap to migrate it on cloud. Initially, everything was on-premises, but we are moving to the cloud, which will be our first cloud migration.

The seamless deployment is very valuable.

The quality of the dashboard could be improved, and the central monitoring dashboard needs improvement. At first, we thought we were getting multiple views. One was a wholly summarized view, and the other was a more detailed view of an endpoint device. Digging into one device's detail is sometimes difficult. Additionally, the granularity of reporting can be improved. The next release could also include an extended mobile connection for the solution.

We have been using this solution for approximately four months.

The solution is stable.

The solution is scalable. Maybe in another six to eight months, we will scale to around 5,500 because we are recruiting more people, so the number may increase.

I have not had any experience with customer service and support.

We previously used Trend Micro. When we were deploying Trend Micro, we faced a lot of difficulties. When we acquired Trend Micro, we had no endpoint security so we had to remove an endpoint and deploy Trend Micro. As a result, deploying Trend Micro was very painful. There were frequent failures in the automatic script that Trend Micro had provided, and it took us about three and a half months to completely cover around 4,000 devices. At the same time, McAfee's deployment was seamless. There might have been an issue, but those issues never escalated. With Trend Micro, the issues escalated frequently.

We switched because of the distinction in scalability, Bluetooth and support. Additionally, one of the reasons we replaced Trend Micro was that we were raising a support ticket every month, which was embarrassing for us. We were losing five to seven tags. PSEs and the response to those PSEs were not satisfied every time.

I rate pricing and licensing a seven out of ten.

I rate this solution an eight out of ten. The solution is good, but the dashboard quality and granularity of reporting can be improved.

We moved on to FireEye HX as an endpoint solution. Mainly, this is the next-generation endpoint protection where it protects the endpoints not just from the office network but also from roaming. Its capability seeing today's threat actors is the best one.

This gives us a more secure and completely scalable zero-day model security product to the endpoint. We manage not only the software but also the next-gen AV.

All the features of HX give the administrator control over the managed devices:

• Managing is easy
• The different threat actor based signature
• Behavioural analysis
• Malware protection
• Zero-day protection

IOC based detections are really the best ones. However, the enterprise search option is a hunting option given to the admin.

• AV management based on manual scan
• Manual scan feature is not easily done
• A long way of setting hostname set, and
• Scheduling over policy which is time taking and I don't feel comfortable. 

Excellent.

Performance wise, it's good. The agent does not consume much process or CPU.

Great support, a well technology-minded guy with a proactive and ready-to-resolve easy attitude.

The deployment was easy.

In-house, and sometimes getting help from the product vendor.

Though it's expensive, it gives the security required to be trusted with the product.

Trellix Endpoint Security (ENS) is an easy-to-manage platform.

The product’s on-premise version is costly in terms of extra charges for SQL database and Windows server licenses. It would be easier to deploy if included in the package as a virtual appliance.

We have been using Trellix Endpoint Security (ENS) for two and a half years.

It is a stable platform.

The technical support services are good. However, its response time could be better.

Neutral

The initial setup is straightforward. The deployment time depends on the number of devices. It ranges from a few days to a couple of weeks. It is suitable for small as well as enterprise businesses.

Trellix Endpoint Security (ENS) has a reasonable price.

We evaluated vSphere and CrowdStrike. In comparison, Trellix is an inexpensive product. 

Trellix Endpoint Security (ENS)’s cloud version is superior to the on-premise version. It should support other operating systems like Linux. I rate it a nine out of ten.

We use this solution to enhance our internal defense system, protecting us against malware and advanced persistent threats.

We use the on-premises deployment model.

This solution has helped to protect our organization against security threats.

The most valuable feature of this solution is its simplicity. The triage process is quite effective, and it is compatible with many different systems.

We had a very large problem that has, unfortunately, not been solved. Simply put, when we start the computer the program will not start. We have encouraged FireEye to solve this problem because we have to manually start this product each and every time, and it affects almost thirty percent of our environment. From a security perspective, this is not stable.

After using various components in this solution, I get the feeling that not every part of the whole FireEye suite works perfectly with the other parts. Sometimes you have this functionality where the product has the ability to take data from one part of the solution and use it in different parts. Sometimes, however, you don't have this luxury. The solution needs more suitable dashboards that handle things from different perspectives. For example, a CEO and a technician from operations are completely different. The integration and display of the dashboards have to be done better.

We have had trouble with stability because the program fails to start when the computer does. 

This solution is very flexible and scalable.

This solution needs stronger support in Eastern Europe because of the time difference between, for example, Poland and the United States. It makes it difficult to contact technical support. In order to receive good support, we have to wait until 5:00 pm before we call. Essentially, the vender needs a better presence in more time zones, and 24/7 support would help to fix this.

Technical support has another problem, where the support from the US is better than the support elsewhere. The training and knowledge should be the same, no matter which tech support group you contact. This might be accomplished using a better internal knowledge sharing system.

We did use another solution prior to this, but because we have the entire FireEye suite, we decided to create a more monolithic approach to security using different products. These include FireEye EX and FireEye AX, which are used for malware protection, network protection, and sandboxing. We decided that if these were good enough then we would push more for the endpoints, which is why we adopted this solution.

The installation of this solution is straightforward from my perspective.

I like FireEye products, and they have a huge portfolio for this solution. However, this is not a magic bullet where you can install it and your problems will disappear. The problem is with the people, rather than the tool. From my perspective, you can install every tool, but you need to have a security operations team involved in the process of analyzing, sorting, and eliminating threats.

When we started our project, we had very few people and we have realized that this had to change. The system without human intervention is useless. We needed to build more complex security operation centers to handle false positives, the triage process, and eliminating threats.

The biggest lesson that I have learned from this solution is that people need to be ready and the business needs to be ready to use it. This is not a toy. It is a very mature solution to protect the internals of the organization and it should be treated in this way.

This is not the worse product that I have seen. I've seen many, many bad products. At the same time, this is not the best product that I have seen.

I would rate this solution an eight out of ten.