Trellix Endpoint Security Reviews

We currently have around 50 servers. We aren't really a big company but we have 50 servers which we manage. We use McAfee for the web filtering portion of it. For example, if a user is doing a search on Google, there's a risk-rating web content filter built into McAfee. This alerts us if there are any threats present. 

We have licensed McAfee ENS on a per-server basis. As of now, from memory, I think we have 56 endpoints running McAfee — 56 servers in total.

From the McAfee side, I really like the ePolicy Orchestrator software that allows us to manage all of our endpoints. You can create the deployment policies and whenever there is a new update — a new version of the ENS Agent, or threat protection — we could test it out in the evaluation branch, and even test it on some of our servers.

It's quite easy to manage. Quite intuitive. I would say the dashboard of ePolicy Orchestrator software is quite intuitive and quite easy to understand and manage. 

I have been using this solution for 15 to 20 years.

We have had some issues from the performance side of things, especially when we were deploying new types of software. Sometimes the consumption of resources from McAfee was a bit high. Afterward, these problems were resolved gradually in future versions of McAfee. From what I've read from the release notes, in regard to the handling of memory, McAfee has been doing a better job, which wasn't really the case in the early years. 

It's easily scalable. If I need to deploy the Agent over 800 endpoints, I just have to script it and run a group policy to deploy it to all of our computers on the network — it's quite easy. 

For day-to-day management and ongoing queries, if ever I didn't have the solution to queries, I would just raise the case to the case management section of the McAfee website. Then the McAfee support team would help me out.

I was definitely satisfied with the support team. I really can't complain. They always sent me the correct knowledge-based article and they provided really insightful information to help me find a resolution to the issue. 

At the previous company that I worked for, we used Symantec Endpoint Protection. Now, we are working with CylancePROTECT and OPTICS.

The main reason that we moved from McAfee to Cylance is that McAfee is still a signature-based product. We moved to Cylance, a signatureless-based product, where everything is updated. What I was doing, from an ENS product point stance, I had set reminders to myself and my team to update the Agent and look into the software repository to see if there were any updates every month.

Indeed, every month we had software updates and fixing restrictions. It wasn't good but I now have less of a hard time looking into this from a Cylance perspective as the Cylance library doesn't push one-minute software updates per year. I would say at most, two or three software updates a year, which is very, very small from a software update perspective in comparison to McAfee.

They're both good products. I'm not saying McAfee is a bad product. It's a very, very good product. It's mainly for these reasons that we moved to Cylance.

The ePolicy Orchestrator console is good, but from my side, I would say Cylance has a better artificial intelligence module — the OPTICS module which I would say is the way to go. I haven't really seen the trend in terms of what other companies other than McAfee or Symantec are doing, but Cylance is doing a really good job with this artificial intelligence module. It's great when it comes to notifying the team when it detects something malicious.

With McAfee, if there is a zero-day vulnerability, you have to download the patch for it from the McAfee website, then apply it to your endpoint. With Cylance, it's not like that. Each agent does it by itself — it's like a self-healing application. This is something that signature-based antivirus solutions like McAfee and Symantec didn't have until now, unfortunately. That's why we moved towards Cylance.

It's quite easy to install agents. Deployment and product updates are quite easy, as well. It goes without saying that it comes with some, I would say, low-level training and upscaling but these are easily retrievable from the knowledge base of McAfee.

We manually downloaded their AMCore versions to keep all our endpoints up to date. This way, whenever we troubleshoot the root cause of an issue, we still keep our endpoints as updated as possible and keep our environment safe.

When we installed the Agent — let's say I am building a new VM and new server. When you run the frame package, it's really intense. I would say it takes roughly two minutes to install, then afterward, to install the ENS modules, like the threat protection and web filtering packages, you've got to go through the ePolicy Orchestrator management console. I would say, all in all, it takes roughly 10 minutes.

To get it up to date, to download everything, all the packages, the software updates, and all of the AMCore DAT files as well as the virus definitions, it's quite easy. It doesn't take much time at all.  

For deployment, I worked with one external consultant.

Initially, when I came to the company, I didn't really have a background or any experience managing McAfee. I came from more of a Symantec background but I gained some knowledge from one of our external consultants who really had a deep understanding of McAfee products and their deployment. We had some training sessions and then I could manage the McAfee forum on my own. After a week's worth of training, I could manage McAfee on my own.

We had McAfee on a year renewal. We purchased it initially and then we renewed it on a yearly basis. I think the only reason we are renewing the license is for support reasons. 

I would definitely recommend this solution to others. McAfee is a good product. I worked with Symantec, but personally, I think McAfee is better.

However, in my opinion, now having worked with CylancePROTECT and OPTICS, I think  CylancePROTECT and OPTICS are on another level. Still, we have been working with McAfee for nearly 10 years and I feel it's a very good product. 

Overall, on a scale from one to ten, I would give McAfee a rating of eight.

It serves as a comprehensive endpoint security solution that goes beyond traditional antivirus by incorporating features such as document scanning for sensitive information, approval workflows for document sharing, patch management, and advanced threat detection using AI and machine learning. It actively monitors various endpoints, including web interactions and email communications, to detect and prevent a wide range of attacks, even those that are not signature-based.

One of the standout features of this solution is its encryption capabilities and DLP functionality. It provides a robust defense against cybersecurity threats while offering user-friendly features like notifications and approval prompts. The encryption feature provides peace of mind in the event of a lost or stolen device, safeguarding sensitive conversations and data from unauthorized access. This level of protection significantly reduces the risk of extortion attempts or data breaches, making it a valuable asset for any organization. So far, I haven't experienced any security breaches or attacks.

I've encountered minor challenges related to encryption.

I have been using it for a year.

We have a user base of over one hundred individuals who use the software.

The decision to implement endpoint security software like Trellix is made at a company-wide level, involving discussions and agreements between various entities, including our parent company and potentially other subsidiaries like the one in Sweden. This decision isn't made independently by individual branches like Kenya; rather, it's coordinated and negotiated at a higher level.

I operate within a managed environment where the IT team handles the installation and setup of endpoint security software. Once installed, they provide me with the necessary details, such as login credentials and instructions for changing passwords. My role primarily involves using the machines provided to me, without needing to delve into the setup process.

Compared to the solutions, it helped us to save at least ten to twenty percent, if not more. 

I would emphasize its affordability rather than merely focusing on cheapness. It provides good value by striking a balance between cost-effectiveness and feature richness.

I would recommend conducting a proof of concept to explore the features firsthand. It's essential to understand what you currently have in place, as that will help determine whether the solution is the right fit for your needs. After that, ensure that the POC is conducted efficiently so that you can make an informed decision about whether to proceed with the solution or consider other options. Overall, , I would rate it an eight out of ten. It's a good solution that meets my needs satisfactorily.

We use the product for EDR purposes.

The product has robust integration with ePO (ePolicy Orchestrator), offering centralized management capabilities. It also allows multifunctionality within a single platform. They offer endpoint and NLP protection as well.

The platform needs improvement in terms of handling heavy databases. We encounter database unavailability for a prolonged period. Its integration capabilities with security platforms like FireEye could be enhanced.

We have been using Trellix Endpoint Security for over a decade.

It is a stable product.

We manage around 20,000 endpoints for our enterprise customers. It is a scalable product.

The technical support works fast and is knowledgeable and customer-friendly.

We have to follow a step-by-step process to implement Trellix Endpoint Security. It can be deployed in the cloud and on-premises.

I recommend product deployment assistance from a consultant, distributor, or reseller.

Trellix Endpoint Security is an inexpensive platform.

I recommend Trellix Endpoint Security to people looking for endpoint protection. I rate it a nine out of ten.

We use Trellix to secure our customers' endpoint devices and the cloud. It was a McAfee solution before the Trellix acquisition. Trellix has a full portfolio for local and cloud protection. McAfee MVISION products are managed on the cloud, but some customers need an on-premise local management console.

The central management console is powerful. You can manage endpoints, DLP, encryption, and all the other features from a single console. 

Trellix lacked email protection when it was a McAfee product. They added this feature during the merger with FireEye, but it hasn't been fully integrated. The core features will be integrated into the next release. FireEye has several solutions for EDR and sandboxing. 

I have used Endpoint Security for more than 10 years.

I rate Trellix nine out of 10 for stability. 

I rate Trellix 10 out of 10 for scalability. 

I rate Trellix support nine out of 10. 

Positive

I have always used McAfee, but I know a little about Symantec. I used it more than a year ago. 

I rate Trellix seven out of 10 for ease of setup. It is a complex tool, but you can use many of the new features while you're installing it. The deployment time varies depending on the number of endpoint accounts and how the client is distributed. It typically takes less than a day for a large enterprise. If nothing goes wrong, you can finish in a few hours. One person is enough to deploy and maintain it. 

I rate Trellix five out of 10 for affordability. It isn't cheap, but not expensive.

I rate Trellix Endpoint Security nine out of 10. 

McAfee is a security-based company. All of their products are related to the security of networking. We have approximately 15 to 20 customers working with McAfee Endpoint Security.

McAfee Endpoint Security does not hang the machines. They are also not very heavy on the end-users.

Along with improving scalability, I would like DLP features to be added in to the endpoint security. 

I have been using McAfee Endpoint Security for almost 12 years.

The solution is quite stable.

I would give McAfee a 7 out of 10 for scalability, there is room to improve.

The initial installation is not complex. It does depend on how big your network is, but normally it's one day's work.

I believe their prices are very good. Our customers pay an annual license fee.

All of the endpoint security solutions have more or less the same kind of features. There is nothing exceptional about one product versus the other. McAfee is not as strong as other solutions like Kaspersky, Trend Micro, or Carbon Black.

I would not discourage anyone from using McAfee Endpoint Security as it is quite a strong solution. I would rate the solution a 7 out of 10.

We are using McAfee Endpoint Security for network security.

There is a new feature where you can set thresholds for all the CPU consumption allowing for no consumption on the servers when the scans happen. It is a separate plugin or addon, and if we have it on all the virtual machines it automatically checks the resources, and based on that, it will schedule the scans. That is something that I have not seen in other antivirus solutions, such as Symantec.

The user interface could be improved by making it more user-friendly. There are multiple solutions and there is no clear line differentiating all of them. There is a centralized console where we manage everything but most of the administrators feel a little confused when it comes to managing multiple products from a single place.

In a future release, McAfee could improve by having a fewer resource-consuming agents. When you bundle up all the solutions with an agent, it becomes heavy for the endpoint to handle. This is one drawback that they should improve because some of their competitors, such as Trend Micro and Symantec both have low-consumption agents available.

McAfee has multiple solutions that can be combined together into a single product. There is no need to have this many solutions.

I have been using McAfee Endpoint Security for approximately 10 years.

McAfee Endpoint Security is stable. However, the way we implement it can impact stability sometimes. The stability can fluctuate because of the configuration that we have, or the different types of policy that we have on the endpoints. The configurations can be tweaked and tuned to make it becomes stable again.

The solution is scalable. We have approximately 80,000 endpoints on a single console. If we wanted to increase the number of endpoints it can scale higher.

The support from McAfee is far better than other vendors, such as Trend Micro and Symantec.

I have previously used Symantec and Trend Micro.

The initial setup for an experienced administrator should be easy. The setup can also be easy if you follow the very detailed guide which they call the KB guide that they provide. You can receive good support from the professional services team from McAfee. That is how many organizations usually do the initial setup.

I would advise others that are wanting to implement McAfee Endpoint Security to initially use help from the professional service team at McAfee, it will help a lot by making sure they do all the scalability and enviroment requirements. Additionally, they can ask questions based on their expectation and receive suggestions and answers. As an alternative, if you have an experienced person who is well-versed with implementations then I would use them, if not, I would always recommend using the professional service team at McAfee.

I rate McAfee Endpoint Security a seven out of ten.

Our use case is pretty straightforward. We have the central ePO that's running, and clients connect to it. All the clients connect to the ePO for updates and the ePO is able to go out and get updates, so it's pretty much like a star topology where you have the ePO sitting at the middle and handling all the requests from the clients and the servers.

We really like the dashboard from Trellix and we've found that it's pretty informative. Also, the reporting is pretty much immediate, so if there's any activity on the network, you're able to get notifications immediately. That's something that we really like about this product.

The solution consumes a lot of end user memory and CPU, so you need to have a computer that has a lot of resources for you to properly run Trellix. The agent ends up using a lot of resources, either RAM or CPU, and at times that bogs down users. I don't know if it's possible to have a lighter version of the agent, but if the agent was lighter it wouldn't consume so many resources, which would be good.

It's a bit complex. It's very granular and you need to really, really know the ins and outs of configuration. If you are specifically configuring an XML against ransomware, some very special setup, it can end up being a bit technical. You wouldn't want to make any mistakes while doing your configuration. A single configuration can make you lose whatever you wanted to do.

The other thing is if the engine would also focus more on malware, sort of an anti-malware. Trellix doesn't really focus so much on the anti-malware side, but there are other better performing antivirus or endpoint products that have better engines or they have a higher detection rate compared to what Trellix is currently providing.

I have been working with this solution for about three years.

If you've given the solution the resources that it needs, it's pretty much stable and it's able to continuously run uninterrupted. I've never seen any down times, so I'd say it's pretty much stable and it's built well.

As far as scalability, I think the solution is able to handle quite a bit. We have around three admins who interact with the product. Then we have the rest of the organization who interface with it, which is around 300 to 500 employees.

The tech support was pretty responsive and I believe all my questions were answered within the stated timeline. I can't remember what my questions were about, but I spoke with the technical team and got the help that I deserved. I would rate the support as a five out of five.

Positive

From a technical side, it's not so complicated. Of course, you need to set up your server correctly, and then deploying it to the agent is pretty simple. The setup on the server is the one that is a bit technical. You can't have a default deployment, so once you do your deployment you need to set up rules that work within your environment to be able to safeguard it against suspect files or potentially unwanted programs. You need to know exactly what to do, and that's the point that may not be very friendly to admin, because they might not know all of the threats that are out there. You can't really foresee a threat that you don't know about, or rather you don't know if you'd block it or not. The initial setup is pretty much straightforward if you're an IT person, but the configuration side has a learning curve. It takes quite some bit of time to really know exactly what you're doing.

We handled implementation in-house because when we got the licensing, we also got training modules from Trellix. Trellix has KB articles, which are pretty much straightforward and really helped quite a bit. I'd say it took about four hours to deploy from the time we started with a clean machine to the time that we started pulling updates and deploying to client machines.

On a scale of one to five, I'd give the setup a four, because the product pretty much does what it says it does, but it's not perfect. If you're an IT person, you'll be able to deploy it, and sending the Agent file to clients is pretty much a no-brainer.

The maintenance bit is okay as well. There's not a high amount of maintenance because you can automate many activities. You just need to make sure that your server is able to pick up the updates that are necessary, and make sure the databases are running okay. It's nothing new if you're in the IT environment, just making sure everything is running properly. I've never landed on an update that broke the application.

I believe for organizations that are looking for what Trellix is offering right now, there is a definite return on investment.

I think Trellix is more on the higher side of the market, just on a general scale, but I also think it depends on what particular package you choose. Different packages have different rates. I would give the pricing a three out of five. It depends on your usage because if the product works for you, then you might say the price is right. At one point it worked for us, but we have shifted our goals.

We currently considering switching from Trellix to Bitdefender mainly because Trellix isn't really focused on malware, and right now most threats are coming from within the organization as malware. Malware is something that can stop business continuity, so that's one of our main areas of focus, and Trellix is not doing really well within that perspective.

I would recommend Trellix to someone as long as they know exactly what they're looking for within the organization. For instance, Trellix is very granular, so if you have a dedicated security department that can customize policies and XML documents at a very fine level and specifically work on this product, then I would say, go for it. The solution is going to serve them well, because what it does, it does really well. You're able to experience possibly what's among the best products in the market. I would recommend it as long as the people know exactly what they're getting into and they're ready to handle the challenge.

On a scale of one to ten, I would give Trellix an eight.

It covers the AV and malware security piece.

It's mainly for compliance. In terms of products in the market, it's probably not the best, but it's the one that is already paid for under the corporate buy. It basically checks the box that we're doing malware threat prevention and antivirus protection.

It can be deployed quickly, and it's scalable. Those are the two advantages of it.

Trying to move away from the signature model for antivirus and malware blocking is something that would be nice. Instead of having to update every day, which is signature-based, moving to more of a kernel or architecture-based model would probably be beneficial.

It has probably been about a year since we rolled it out.

There are no issues. They continue to put out updates weekly or daily. The platform seems to be fairly mature.

It's definitely scalable.

Their tech support is average.

It's pretty straightforward. It can be automated from the central ePolicy orchestrator server. So, the installation is fairly easy because you can automate it with the deployment of your virtual machines and things like that.

I would rate it a three out of five in terms of cost.

I would rate it a seven out of ten. That's mainly because it seems like there are additional security features that could be built into it, or from the signature-based model, it could move to a different model.