Trellix Endpoint Security (ENS) Reviews

FireEye Endpoint Security is positioned as an Endpoint Detection and Response (EDR) product. 

We are a distributor of the FireEye product. We offer a combination FireEye package. We offer the product in many sectors, like banking and government.

We use the latest version.

We offer it in a private cloud model for our customers who want to build a security operations centers in their environment.

The most valuable network security feature is the network sandbox solution. This sandbox feature works on traffic flow. Detects multi stages attacks based on MVX analytics engine which detects zero-day, multi-flow and other evasive attacks with dynamic, signature-less analysis in a safe, virtual environment. It stops infection and compromise phases of the cyber-attack kill chain by identifying never-before-seen exploits and malware.

It has capabilities like machine learning and endpoint protection as an antivirus.

The investigation and forensic analysis have been most helpful.

They could use a Host Intrusion Prevention System (HIPS) and application control module.

If you have another endpoint product running on the same machine, you have to fine tune functions from FireEye to avoid performance and user experience issues.

It is stable. There are zero false positive solutions, not like other solutions.

We plan to increase our usage.

They have a strong technical support.

Before FireEye, we used McAfee Endpoint Protection and Trend Micro.

The setup was straightforward.

Our deployment and implementation strategies have to remain agile. Every customer requirement is different. Some implementations require a direct connection and so it will take, for SMB customers, a day more or less. For larger enterprises according to the distribution and the need for more trenches with lots of internet gateways, it could take up to five days. E.g., the deployment could take two to three days with 500 users.

Our technical team does the implementation.

We require two to three people for deployment and maintenance.

The current pricing is much better than before because they now offer product-related promotions along with some changes in product licensing. The new pricing model is better than before.

It is a yearly subscription-based product, which includes the license and hardware. There is also a subscription for technical support up to five years.

It is inexpensive with a competitive price.

We also looked at Palo Alto Networks Traps and Trend Micro.

It offers protection from the latest threats.

MVISION Endpoint is the management software for McAfee that manages the Windows Defender. It manages the Windows Defender anti-malware, Windows Defender Exploit Guard, and Windows Defender Firewall. These are the three main components that McAfee manages centrally from an ePO, and that ePO can be an on-premises ePO management server, or it can be an MVISION ePO management server on McAfee cloud. So, management can be both on the cloud and on-premises.

It's simple and very easy to use. Before MVISION Endpoint, McAfee had their own Endpoint Security software called ENS, which included their anti-malware engine. Even though ENS was a comprehensive product and a very good product as well, it was confusing for some professionals. 

In the times that we live in now, an IT personnel, even a specialized one, is a generalist. So you have an IT person who is managing the firewall and endpoint security, and also managing the ERP and backups, and the switches as well. Everything in the environment will be handed over to a single person.

A product like McAfee ENS is pretty extensive and allows for advanced configurations, especially for security professionals. However, IT personnel often fail to configure it properly. MVISION Endpoint is so much easier and so much simpler for the lay security personnel to handle. This is what I really like about it.

McAfee has an on-premises ePO server, which you can install on your environment. You can add your infrastructure and push the agents all from the console; so you literally don't have to do anything on your own. From the dashboard, you'll push the agents, install them, configure them, and manage them all from the console.

McAfee has several MVISION products. It will be really amazing if they could be consolidated into one dashboard. As of now, I know that this is on the roadmap and is expected to be released very soon. It'll unify the management of the various MVISION portfolios. It will be a great tool for improvement.

Instead of needing separate management consoles to manage some of the products in the portfolio, a unified console for MVISION Cloud, MVISION EDR, MVISION Endpoint, MVISION DLP, and the remaining MVISION portfolio would be great. I believe that McAfee is addressing this at present.

A drawback with the cloud MVISION ePO is that you can't push agents from the cloud portal. You need to download that agent, and you need to figure out a way to install that agent into the machines.

I'd like to see MVISION Endpoint for other platforms because MVISION Endpoint is only compatible with Windows 10 and Windows 2016 and above. If I were using a Linux operating system, I would not be able to use MVISION Endpoint.

I'd like to see it in the Mac operating system as well. I'd like to see cross-compatibility, which would be great. Even though McAfee has a simpler product for Androids and the iOS, it would be great to see the ease of use of MVISION Endpoint across the portfolio.

I've been using it for two years.

McAfee doesn't provide the security software. It manages the security software which is built in to the Windows 10 and Windows Servers 2016 and above. Unlike McAfee ENS, which uses its own software to do the scanning and its own signature database that could add lots of clutter to the operating system, MVISION Endpoint uses Windows Defender, so there's no added overhead for the machines. As a result, it is pretty stable.

In terms of scalability, you can deploy as many agents to as many machines and protect them from the ePO, whether it's an on-premises ePO or one on the cloud.

Technical support is great. I didn't have to interact with them that much, but they provided good support at the times when I had to reach them. They were responsive; that is, I'd get a response within the same day.

In my experience, the installation has been straightforward.

The only major issue is that if a client is going to have his ePO on the cloud, his management server will be on the cloud. So I will need to push agents to lots of machines. There is no automated deployment from the cloud to on-premises machines. That means that I need to download the McAfee agents and have to take care of the deployment and the automation on my own.

Customers would need to purchase a license. If a customer purchases an MVISION Endpoint license, he may use that license to install ENS. It's a flexible license where you have the option to either use the McAfee security software or the Windows Defender managed by McAfee, which is MVISION Endpoint.

With MVISION Endpoint, even if you don't know about cybersecurity, you can just turn on the protection checkbox. It's that easy. It was really relatable to my experience with Sophos because the configuration there was also that simple, so I really liked it.

For those who can't afford expensive cybersecurity professionals but are responsible for configuring the security of the organization, MVISION Endpoint is a good product to go with. It's flexible, and you can manage it from the cloud or on-premises.

At present, it is often used by small businesses because of its ease of use, configuration, and deployment.

It's been around on the market for a long time, and has undergone many improvements. So, on a scale from one to ten, I would rate McAfee MVISION Endpoint at eight.

We're using MVISION Endpoint for the protection of our endpoint devices.

What I like most about McAfee MVISION Endpoint is that it's very user-friendly. You do need some knowledge on how to navigate the portal, but as soon as you've gained that knowledge, navigation will no longer be an issue.

I have no complaints about McAfee MVISION Endpoint. For me, the product is perfect the way it is. It's great right now, and it's doing good as it is.

So far, McAfee MVISION Endpoint ticks off all of our boxes, but its pricing could always be better.

I started using MVISION Endpoint last year. It was preceded by the MVISION ePO.

McAfee MVISION Endpoint is a stable product.

McAfee MVISION Endpoint has no issues in terms of scalability. You just need money to make scaling up possible.

The support for McAfee MVISION Endpoint is okay. I have no complaints about it.

On a scale of one to five, where one is bad and five is good, I would rate support for the product as four out of five.

The initial setup for McAfee MVISION Endpoint is pretty easy.

We used a consultant for the deployment of McAfee MVISION Endpoint.

I don't have information on ROI from McAfee MVISION Endpoint because a separate unit takes care of those calculations.

Pricing for McAfee MVISION Endpoint is not very good, and I would rate its cost three out of five, though I won't be able to mention how much its actual price is.

There were other solutions in use, but that was before I joined my department, so I don't know which solutions were used before my company went with McAfee MVISION Endpoint.

I have some experience with McAfee MVISION Endpoint, and I'm currently using it. I can't remember the exact version of the solution which I'm using, but it's the latest version.

My company is a customer of McAfee MVISION Endpoint.

My company is a telco, so I don't have the exact user count, but it's surely more than a hundred. All roles within my company use the product, even people at the highest levels.

At the moment, there's no plan to increase usage of McAfee MVISION Endpoint within the company.

My advice for people looking into implementing McAfee MVISION Endpoint is to use the demo, roll it out within your organization, utilize its functionalities, and let it work for you.

In terms of rating, I'm giving McAfee MVISION Endpoint a solid eight because it does what's needed and it works, so no complaints.

We are using this solution for endpoint security against cyber attacks.

FireEye Endpoint Security is easy to use and lightweight compared to others.

Most of these types of solutions including others, such as Carbon Black and FortiEDR, all have the same features. However, Carbon Black is the leader when it comes to being robust and user-friendly and this solution should improve in those areas to stay more competitive.

I have been using FireEye Endpoint Security for a couple of months.

This solution is scalable. However, it could improve to be able to be handle large-scale operations. The OS most systems are running I am not sure it can handle a lot of nodes but many companies are coming out with cloud options that should be able to manage much more nodes.

Technical support can take some time to respond on the first level. They could improve the speed at which they resolve and handle support.

We have an administrator and engineer that does the implementation and maintenance of the solution.

I have evaluated Carbon Black and FortiEDR.

I would not recommend this solution to others. However, if you have a small budget then this solution could be a second option.

I rate FireEye Endpoint Security an eight out of ten.

I used it in my previous company. From an end-user perspective, I was the manager of the Cyber Defense Center that was in charge of the whole deployment and daily operations. I was using it as a Site Media Operations Manager.

The response part of EDR was most valuable. We used that to separate the endpoint from the network. We utilized the solution during the instant response. We were also utilizing advanced malware detection capabilities, but we benefited the most from its help with the response.

In some cases, the detection part was not accurate enough. We opened a few cases for the vendor to help us with some miscategorized findings on the endpoints. There were some false positive detections, and we had to work with the vendor to get them tested. We even had some incidents that were not detected. It was a black box type of solution for us.

I used it for one year. 

I have no complaints. I would rate them a five out of five.

It was a new deployment. We previously didn't have any similar solution in that company.

It was pretty straightforward. Its deployment took half a month. It was quite a big deployment. We had quite a lot of end-user devices. We deployed it for 10,000 devices. We had around 20 security operations staff members at that time.

It was driven by an in-house engineering team, but we leveraged some integrator companies as well. We had three members in the engineering team who took care of the deployment and everyday operations. During the deployment phase, we got help from integrators. So, we had two additional FTEs during the six-month implementation period.

In terms of ROI, if one is the best, I would rate it a two out of five. We had some false positive detections. We even had some incidents that were not detected. We did not get the expected level of visibility through FireEye.

It was an annual fee. There was just one overall fee.

It was a very hard decision to make. We did a comparison with some other competitor products. One of them was Palo Alto Networks Cortex XDR, which was the biggest competitor at that time. We even checked Microsoft ATP and McAfee. So, we compared a couple of products before selecting FireEye.

Organizations trying to or going for the FireEye solution should understand that they won't be able to see under the hood or what is happening within the product. FireEye is quite a black box solution. Understanding why certain findings got a particular verdict is not easy. If you want well-automated operations and you don't have an advanced operations team that wants to check the verdicts and understand how the product is working and making decisions, then it is good for you. If you have proper engineering skills on board and your operations teams want to understand the basic logic within the product that they are using on a daily basis, this might not be the best product for you.

I would rate it an eight out of 10.

We want more protection for our servers. We would like to know if a real incident or something compromising is happening. Therefore, we have deployed this EDR solution.

The exploit guard and malware protection features are very useful. The logon tracker feature is also very useful. 

They have also given new modules such as logout backup, process backup. We ordered these modules from the FireEye market place, and we have installed these modules. We are currently exploring these features. 

The Linux support is very poor. I use base detection. Currently, they are providing malware protection and logon track features in Windows and Mac. These features aren't available in Linux. It will be helpful to extend these capabilities to Linux.

We would also like assets grouping and device lock protection features, which are included in their roadmap.

We have been using FireEye Endpoint Security for the past two years.

The current version is more stable than the previous ones.

It is easily scalable.

My experience was 50/50. Sometimes, it was good. Sometimes, they took some time.

We were using McAfee AV. We switched to FireEye Endpoint Security because we had some performance issues with McAfee AV. We are not facing those issues with FireEye Endpoint Security.

It is easy to deploy. It took us a month to deploy. 

Deployment may take more time based on the architecture and the environment. With some vendors, it took us some time to analyze because there were things that we wanted to monitor, which depended on the production. Therefore, we installed it step by step, not in one step at full force.

If you are deploying on Windows or Mac, there will be minimal issues, and you can go for this solution. With Linux, you need to understand a few features. What you expect from Windows and Mac is not available in Linux. If your main technologies are open source, then probably rethink about FireEye Endpoint Security. You can go for FireEye Endpoint Security after they have the same capabilities in Linux. Most of the features are there in their roadmap.

We mostly faced issues with Linux support. In the past, we also had issues related to communication between an agent and an endpoint where they didn't communicate, the communication got stopped automatically, or the data communication time didn't sync properly. In the later versions, they improved and resolved these issues.

I would rate this solution a seven out of ten. It's gradually growing, and a few features that we require are not there. If these requirements are satisfied, I would rate them nine or ten.

We moved on to FireEye HX as an endpoint solution. Mainly, this is the next-generation endpoint protection where it protects the endpoints not just from the office network but also from roaming. Its capability seeing today's threat actors is the best one.

This gives us a more secure and completely scalable zero-day model security product to the endpoint. We manage not only the software but also the next-gen AV.

All the features of HX give the administrator control over the managed devices:

• Managing is easy
• The different threat actor based signature
• Behavioural analysis
• Malware protection
• Zero-day protection

IOC based detections are really the best ones. However, the enterprise search option is a hunting option given to the admin.

• AV management based on manual scan
• Manual scan feature is not easily done
• A long way of setting hostname set, and
• Scheduling over policy which is time taking and I don't feel comfortable. 

Excellent.

Performance wise, it's good. The agent does not consume much process or CPU.

Great support, a well technology-minded guy with a proactive and ready-to-resolve easy attitude.

The deployment was easy.

In-house, and sometimes getting help from the product vendor.

Though it's expensive, it gives the security required to be trusted with the product.

We just run it in the background and potentially scan any wireless or malicious file. It must be the same setup.

Maybe the performance could be better. I noticed that it slows down a bit when I start it up in the morning.

We have had this solution for over three years now. It's enterprise security. We use the latest version. 

It's stable. It's just that I don't have to use it very often. I can go weeks without having to deal with any issues. If something does pop up, it's usually pretty easy to fix. I just let the people who know what they're doing handle it.

It's scalable enough for our needs. I don't see any problems right now. There are about 55 users in two branches of our company.

We haven't needed to use tech support. We are an IT company, so we usually take care of our own devices.

The setup is not that complex. It takes five to ten minutes to set up. It's mostly this is our old devices.

It's a self-deployable solution, so we don't need any technical staff for deployment.

We do need to pay for a license.

Overall, I would rate the solution a six out of ten.