Trellix Endpoint Detection and Response (EDR) Reviews

It is highly effective and scalable in terms of detection and prevention, and our usage within Trellix Endpoint Detection and Response (EDR) enhances the value. The SOC team is constantly monitoring Trellix Endpoint Detection and Response (EDR) alerts, in addition to SIEM-generated incidents.

Inline mitigation capabilities work particularly well, and different deployment models cater to specific needs, along with frequent updates, low false positive rates, and advanced detection of targeted attacks.

Trellix Endpoint Detection and Response (EDR) is deployed in my organization using a hybrid cloud.

I purchased Trellix Endpoint Detection and Response (EDR) through the AWS Marketplace.

Advanced detection of targeted attacks has reduced the attacks, and I have seen low false positive rates as relevant metrics that show the return on investment.

With the best features Trellix Endpoint Detection and Response (EDR) offers, ease of SOAR integration helps to automate the IOC distribution, and our security team and management trust the product. Advanced detection capabilities ensure that targeted attacks will be detected and blocked before they arrive at our network.

SOAR integration has assisted our security team and management in trusting the product.

I cannot make manual submissions to NX, which I would like to add about the needed improvements to make my experience better.

Performance optimization for busy networks is cumbersome.

I have noticed a decrease in attacks as a specific outcome that shows the positive impact of Trellix Endpoint Detection and Response (EDR).

I am using Trellix Endpoint Detection and Response (EDR) for threat detection and response and incident response. In Mexico, I am looking for robust and scalable protection and deep visibility without overwhelming my security teams. Trellix Endpoint Detection and Response (EDR) is not just a product we sell; it is the solution we trust to protect our own business in Grupo Salinas every single day. Trellix Endpoint Detection and Response (EDR) is deployed in my organization in the public cloud.

The integration capability through Trellix Endpoint Detection and Response (EDR) is seamless because we have installed native solutions that correlate endpoint data with threat intelligence. It effectively eliminates the usual noise and alert fatigue that plagues many SOCs today.

The best features Trellix Endpoint Detection and Response (EDR) offers are the advanced telemetry and behavior-based detection, high-fidelity alerts, and native ecosystems with in-depth forensics and rapid remediation.

The behavior-based detection engine in Trellix Endpoint Detection and Response (EDR) is incredibly precise. It monitors many different telemetry sources across endpoints and actively maps attacker tactics, techniques, and procedures (TTPs) directly to the MITRE ATT&CK framework. This allows us to think in the mindset of an attacker and catch sophisticated living-off-the-land techniques or data exfiltration attempts before they cause real damage.

Another massive advantage of Trellix Endpoint Detection and Response (EDR) is how it correlates endpoint data with threat intelligence to deliver high-fidelity alerts. It filters out the noise because we distribute and use the broader Trellix ecosystem. We see firsthand how smoothly it integrates with network, cloud, and third-party solutions. It gives us an enterprise-wide, unified security posture from a single console.

The in-depth forensics and real-time search capability in Trellix Endpoint Detection and Response (EDR) are outstanding. We can instantly take a non-persistent endpoint snapshot, capturing an up-to-the-moment view of active processes, network connections, services, and autorun entries, even if the machine goes offline. This allows us to confidently isolate threats, find indicators of compromise (IOCs), and rapidly execute a pre-configured response to return the device to a known good state.

For our SOC team, the absolute best feature of Trellix Endpoint Detection and Response (EDR) is AI-guided investigations. Unlike traditional playbooks that just automate simple scripted tasks, Trellix uses AI to automatically ask and answer questions behind the scenes. It tests multiple hypotheses in parallel, gathers and visualizes the evidence, and presents a summarized case to the analyst. It drastically cuts down investigation time and fights analyst burnout.

From an operational standpoint, the first area of improvement would be agent resource optimization, especially for high-load servers, because Trellix Endpoint Detection and Response (EDR) captures an incredible depth of telemetry and real-time forensics. It can sometimes experience high CPU or RAM spikes during intensive scans. Streamlining the agent to have an even lighter footprint on critical infrastructure would be a massive win for performance-sensitive environments.

Another highly technical area that could be improved in Trellix Endpoint Detection and Response (EDR) is expanding the native data retention window for historical threat hunting. While Trellix Endpoint Detection and Response (EDR) provides incredible real-time capabilities and detailed snapshots, digging deeply into historical behavioral telemetry from months ago often requires offloading logs to an external SIEM or their broader XDR data lake. Extending the out-of-the-box long-term historical search directly inside the EDR console would make retrospective threat hunting much faster for compliance and long-tail breach investigations.

Trellix Endpoint Detection and Response (EDR) scores highly because of its sheer depth of endpoint visibility, the precision of its behavior-based detection, and the massive time savings we get from its AI-guided investigations. It does exactly what a top-tier EDR is supposed to do. It stops sophisticated attacks and drastically reduces our mean time to response (MTTR) for our own infrastructure and for our clients in Mexico. It is a highly trusted solution. However, the reason it is a nine and not a perfect 10 comes down to a specific architectural limitation regarding API log streaming and data offloading. In modern enterprise environments, security teams want to stream raw, high-fidelity endpoint telemetry directly to external SIEMs, data lakes, or third-party orchestration tools via APIs in real time. Currently, Trellix Endpoint Detection and Response (EDR) can sometimes hit bottlenecks or throttling limits when handling massive volumes of raw log exports over standard APIs. To achieve seamless, large-scale data forwarding without friction, you often have to rely heavily on their broader, native EDR data lake or specific ePO configuration rather than a completely open, high-throughput streaming API. If Trellix optimized its API infrastructure to allow unrestricted, high-volume log streaming for third-party integrations, it would easily be a perfect 10. But even with this limitation, its core detection and response capabilities are among the absolute best in the industry.

I have been working with this solution for approximately one year.

Trellix Endpoint Detection and Response (EDR) is stable.

When it comes to scalability, Trellix Endpoint Detection and Response (EDR) completely dominates the market. Trellix Endpoint Detection and Response (EDR) is built on top of the ePO (ePolicy Orchestrator) management architecture, which is globally recognized as the most scalable endpoint management platform in cybersecurity history.

Customer support is a critical component of any enterprise EDR deployment, and my experience with Trellix has been highly positive, largely because of how they structured their ecosystem through Trellix Thrive.

We evaluated other options, including CrowdStrike, Microsoft Defender, SentinelOne, and Trend Micro, in addition to Trellix Endpoint Detection and Response (EDR).

My first piece of advice is to go cloud-native with Trellix Endpoint Detection and Response (EDR) ePO SaaS if your compliance allows it. By basing the configuration on cloud infrastructure rather than traditional on-premises infrastructure setup, it removes a massive amount of engineering overhead. It allows your team to focus entirely on threat monitoring and response from day one, rather than patching servers or managing database sizing.

Regarding setup cost, Trellix has a massive advantage because of its unified single-agent architecture. If a client is already running Trellix Endpoint Security for standard next-generation antivirus, adding EDR capabilities does not require deploying a brand new agent or paying for massive professional installation services. It is essentially a cloud policy activation via the management console. This drastically reduces deployment friction and slashes the traditional setup and engineering costs associated with rolling out a new EDR solution.

From a pricing standpoint, Trellix is highly competitive in the enterprise market because they offer aggressive volume-tiered discounting levels, such as levels A through D. The only variable cost to keep in mind during setup is the management infrastructure. While Trellix ePO Cloud SaaS has zero hardware setup costs, some of our highly regulated clients in Mexico, particularly in banking or government sectors, still opt for an on-premises or IaaS deployment. That choice dictates whether they incur internal server infrastructure costs or enjoy the immediate out-of-the-box cloud setup.

When evaluating the AI capabilities in Trellix Endpoint Detection and Response (EDR), specifically Trellix Wise, governance and data security are actually its strongest selling points. Trellix has built its GenAI framework with a strict, responsible AI approach that directly addresses the main concerns of corporate legal and security teams.

When it comes to the accuracy and reliability of Trellix Wise within the EDR platform, I would rate it as exceptionally high, but it is important to understand why it is reliable. In cybersecurity, generic AI often struggles with accuracy because it lacks context. Trellix solves this by anchoring its AI to three specific guardrails that ensure reliable outputs. I rate this solution with a review rating of 9.

We are in the energy market, specifically in energy generation. We got the Trellix EDR installed in most endpoints.

The tool helps us to traverse possible thread incidents thru our mult site  network infrastructure. In case of any forensic case it will be helpful to hunt thru the history or evidence information the EDR collects.

Trellix Endpoint Detection and Response (EDR) is valuable because we have a Wide Area Network with many sites, and the EDR is cross-site since it is configured and managed from the cloud. This is very useful because it does not matter what is happening at one endpoint of the company in one site and the relation of an incident with another computer or endpoint at another site. All the tree of data that we have, which may be a lot of information help us to argue whether it is going to be a threat or not, can be analyzed. Most of the threats are not really threats, but we can see what is happening in the relations, in the networking, and the data that comes back and forth through our company's network infrastructure.

Threat hunting is valuable because it pinpoints what is happening everywhere in our networking infrastructure. We have a company contract working through a NOC- network operating center 24 hours a day. They are sending us reports many times a day if any threat is arising or asking why this operation has come through or if it is valid or not, or whether we have approved it. We have a lot of that type of information, but we need to manage the contract in a much more efficient way because I do not have the time to read the many information that comes through the network operating center, the security operating center, or the tools itself and the notification reports that I have. While I am managing the policies and the standards, I need a lot of people to monitor, detect, and recover if something happens. The tools are not useful for that. We need to have people with enough expertise to manage all of this.

I believe this is a product in evolution. I do not think it is a final tool to conduct forensics or information forensics of the incidents or information incidents that could arise in our network infrastructure. Trellix Endpoint Detection and Response (EDR) is interesting and is a very good entry point that has been evolving through the last years. In the next two months, I have a new contract, and we are pointing out to have an XDR solution with NDR and EDR together.

I do not have enough time to do it because I am the manager. However, my coworkers do not understand it yet. I have a contract with a third-party company that is making reports around that, but also they do not have enough experience or enough utility of this.

It would be interesting if I have a notification system from EDR. For example, if I am the manager, it would be interesting to have a warning, alarm, or something around that which could call me to get into the system and the dashboard to see what is happening. For example, if it is a high-level threat. However, most of them are just advisory or warnings. I do not enter the tool frequently. I guess I access it once every three months.

I have been using Trellix Endpoint Detection and Response (EDR) for about six years.

As mentioned, this is an evolutionable tool. In the past there has been many times when the tool clogged the endpoints and we had to uninstall it. Windows (c) 10 enterprise edition, for instance, has some problems.

I have not scalate the EDR solution yet. We have not had a critical alert to do it. It's supossed that the SOC company should do it just in the case.

Tech support may be tricky if the support comes from Asia experts. Eeryone here speaks spanish and I are not affordable most of time. The tech is interesting when a high support level is called. Once someone from Argentina helped me that has excellent skills. We need more like her.

Neutral

No other EDR solutions.

I guess it was complex. To get the EDR operating useful I had to wait around 2 years.

Bafing from Peru is an integrator and consultant. They had done all of the work, and accompanied us many years.

Of course this is a yes. I had called the US partner during the past years when I need the support directly from the manufacturer and I got all the help to workaround or overcame issues. That had happended when my local partner company was not enough.

I pay for what we get. But the service level from my partner company is not enough to overcome a complex case.

We are a gobernment company, so we ask the system to contract a company that is resourceful with cybersecurity withount mentioning the name or mark. We had been using Trellix since it was Mc Afee. But I had evaluated solutions from Microsoft, Panda, ESNET, as general malware tools.

This year, I am planning to have a training for all the personnel of the company in every department so they can learn the basics of the endpoint tool. They can have more actions for possible threats or everything so they can help my department to make a better and faster action if something real is happening. Something like ethical hacking or a service, but using my own personnel in the company. I know that it is difficult, but I want to try to make that this year.

I have evaluated many products including Fortinet environment and a lot of appliances, and also many other products that we have now. I have evaluated around six or seven other brands or other products. However, I have learned Trellix Endpoint Detection and Response (EDR) tools and before that McAfee, around two decades. It is enough expertise that we have made. I do not want to lose that with maybe another interesting tool. For example, what would be interesting is if an XDR tool that can help us in managing the threats of the cybersecurity environment uses AI as an agent, a trained agent that helps our department, so it has to be trained first by a company like Trellix or another with the expertise or the capacity to help us actually. That is one thing I can recommend.

In February or March, I am signing a new contract with five levels, three more levels of security that we have now. We will have the tool, the SOC, the operating center service, and we need to manage applications firewall, web filtering, and XDR, and maybe next year also PAM and so on. I rated this solution an 8 out of 10.

We use routing and switches, IP phones, routers, switches, and a core switch. We also have Identity Services Engine, but it is end of life or end of support now, so we are working on replacing it.

Our solutions cut across various security products from Sophos and Trellix. We started with McAfee for 15 years and have now transitioned to Trellix, which acquired McAfee.

Basically, we use this to protect our endpoints.

Trellix Endpoint Detection and Response (EDR) does everything. It saves time, it saves money, and of course, it provides peace of mind. Anytime management wants any report, we can generate it automatically and push it. This is quite effective.

First, it is user-friendly. Second, it works with a lot of products and many different versions of Windows. Third, the reporting module is very good. Because if you are using Endpoint Protection with ePO, it has a central console that is quite easy to manage all endpoints at a single dashboard. It has very good threat intelligence.

In addition to the threat intelligence, it is easy to manage and granular. We can easily manage products up to the client level, and we know what is happening, then we do a lot of threat analysis. There are many resources that we can use. They also have very good support.

Trellix Endpoint Detection and Response (EDR) has very good threat hunting capability. We can use the logs to see when a process starts and what it hits, and the other processes or services it has affected. This is quite encouraging.

They can enhance Trellix Endpoint Detection and Response (EDR) using AI now to do more enhanced reporting and more enhanced threat analysis. There are some client task assignments and policies that should be automatically automated with AI with a click of a button. They should introduce AI and do a lot of things.

We have used this for 16 years. All this information, how can we protect it? Are we covered by the GDPR regulation?

Initially, I was using it on servers, but it consumes a lot of resources on servers. So I have to use Sophos XDR on servers because Sophos XDR does not consume resources. That is the difference.

We do a lot of research. Our only problem with Trellix is that it is resource intensive and takes a lot of resources. However, we found out that it works on our systems and on our desktops. But on our servers, we do not want it to touch our resources, so we deployed Sophos XDR on the server.

It is straightforward. The only little challenge is that you have to get all the necessary updates for it to connect to the database.

I am using on-premises with the ePolicy Orchestrator and then we apply the license. After the product is already installed, we do the necessary upgrade, restart the system, and then push the agents to the endpoints. Then we receive updates and manage our clients.

We have partners that provide Trellix Endpoint Detection and Response (EDR), so we work with them to deploy.

It is quite reasonable.

For network troubleshooting, I moved to security now and I am not in network, but I think they are using Cisco product too for that.

My main use case for Trellix Endpoint Detection and Response (EDR) is for blocking malware and catching unusual behavior to process, while also monitoring all processes we have for our company, the clients, the computer, and the servers. Our process behavior is crucial, and Trellix Endpoint Detection and Response (EDR) helps to protect our systems from malware.

The best features Trellix Endpoint Detection and Response (EDR) offers me are the management of all hosts from the EDR, allowing me to disable the network to a computer when necessary. I can check all processes and do what I want from the EDR tools, eliminating the need to physically go to the computer.

I think the reporting part is the best feature of Trellix Endpoint Detection and Response (EDR), as it is very useful for reporting. The Trellix reporting site is easy to manage, with useful menus and a user-friendly interface.

Trellix Endpoint Detection and Response (EDR) has positively impacted my organization by allowing us to protect our servers from malware and attacks, ensuring we can safeguard our clients. We can trust Trellix Endpoint Detection and Response (EDR) and conduct weekly or monthly scans to see what we have on our file servers and what clients save or download, including identifying malware behavior files. This is useful for us, providing a benefit where we can report and then take action.

Trellix Endpoint Detection and Response (EDR) could be improved as I find that, since FireEye and McAfee became Trellix, I still have to exclude elements from each other when using Trellix HX alongside Trellix ATP or Trellix Antivirus; I believe there should be no need for these exclusions.

I also think performance needs improvement, especially for servers, as the Trellix HX module uses high CPU, scans constantly, and negatively impacts the performance for our clients' users or our servers. This could be made more efficient.

I have been using Trellix Endpoint Detection and Response (EDR) for almost seven years.

Trellix Endpoint Detection and Response (EDR) is stable.

Trellix Endpoint Detection and Response (EDR) is scalable.

The customer support is great; I have used it many times, and they genuinely care about us.

Before using Trellix Endpoint Detection and Response (EDR), I used Sophos.

I have seen a return on investment with Trellix Endpoint Detection and Response (EDR), as the money saved is satisfactory. They also assist us with licensing and provide timely reminders for license renewals, which means we require fewer employees to manage these tasks. I find it easy to locate what I need on Trellix Endpoint Detection and Response (EDR), such as articles in the knowledge base and documents on their portal.

I have seen a return on investment with Trellix Endpoint Detection and Response (EDR), as the money saved is satisfactory.

I find licensing to be one of the best aspects of Trellix Endpoint Detection and Response (EDR), but I am unsure about pricing.

While choosing Trellix Endpoint Detection and Response (EDR), I evaluated other options, but I prefer to use Trellix Endpoint Detection and Response (EDR) as it is very good and useful. I manage Trellix Endpoint Detection and Response (EDR) easily, and it effectively protects our clients and servers, achieving high scores from outsourced scanning companies that assess our systems.

I have seen faster response times with Trellix Endpoint Detection and Response (EDR); for example, when I receive alerts for malware detection, I can immediately take action directly from Trellix Endpoint Detection and Response (EDR), starting by disabling the network to the affected machine and then investigating further.

My advice for others considering Trellix Endpoint Detection and Response (EDR) is to use it, or any other Trellix products, as I believe they are excellent. It is easy to set up, share the models, follow necessary steps, and its effectiveness in protecting against malware, ransomware, and other threats is remarkable for all clients and servers, which I find manageable.

I appreciate Trellix Endpoint Detection and Response (EDR). I have managed Trellix modules for almost seven years, not just EDR, but also DLP, ATP, TAI, and others. We find it useful, and the best part is that I can easily find the answers I need from Trellix Endpoint Detection and Response (EDR) document systems, which is very beneficial. I have given this review a rating of 8 out of 10.

My main use case for Trellix Endpoint Detection and Response (EDR) is the automatic detection of threats and automatic threat detections and response, as there are many use cases that we are currently working with for this Trellix Endpoint Detection and Response (EDR) solution.

For a quick specific example of how I use Trellix Endpoint Detection and Response (EDR) for threat detection and response in my day-to-day work, Trellix Endpoint Detection and Response (EDR) solution is integrated with our organization's endpoint, monitoring all endpoint activity and detecting advanced threats such as ransomware, fileless malware, exploits, and living-off-the-land attacks. It uses behavior-based analysis as well as machine learning advanced threat intelligence to identify suspicious activity across the traditional antivirus solutions, making it a really great solution for threat protections and detections.

The best features Trellix Endpoint Detection and Response (EDR) offers primarily include advanced threat detection, which utilizes AI-driven analytics and capabilities to identify and respond to threats. It continuously collects data from different sources to perform a comprehensive analysis to identify endpoints. Another key feature is its forensic capability, which captures critical data, files, memory, and processes running on the host, allowing it to quickly take action in terms of containment, investigations, and automated responses, including integration with MITRE ATT&CK framework.

Out of the features I mentioned, I find myself relying on advanced threat detection the most because it quickly identifies emerging threats across the business and takes action in terms of detection as well as the response, also identifying the containment of devices, isolating devices, and taking IOCs blocking to the global organization level, which is enhanced by great forensic capabilities as well.

Trellix Endpoint Detection and Response (EDR) has positively impacted our organization by improving overall efficiency, overall detection and response capabilities, and the capability to improve threat detections as well as the overall efficiency, time utilized, resource management, and analytic use cases review, significantly enhancing the business functionality.

Regarding improvements needed for Trellix Endpoint Detection and Response (EDR), there are many ways the EDR solution can improve, but I do not see any specific area where improvement is necessary.

I think Trellix Endpoint Detection and Response (EDR) is a really good solution with no major improvements needed, though if Trellix support can be improved, that would make it even better, especially given its good integration with the cloud for updates and feature deployment.

I have been using Trellix Endpoint Detection and Response (EDR) for more than four years.

Trellix Endpoint Detection and Response (EDR) is very stable.

Trellix Endpoint Detection and Response (EDR) is really scalable, allowing easy deployment with its agent across all devices and servers within the organization.

The customer support for Trellix Endpoint Detection and Response (EDR) is excellent.

We previously used Cisco AMP EDR solution, but we prefer Trellix Endpoint Detection and Response (EDR) as it is more effective in detecting emerging threats.

We purchased Trellix Endpoint Detection and Response (EDR) through the AWS Marketplace.

I have seen a return on investment with Trellix Endpoint Detection and Response (EDR); a lot of time is saved as it minimizes the efforts of manual work, requiring very few analysts to process all those alerts, thus improving operational efficiency and overall.

Regarding pricing, setup cost, and licensing, our leadership or management generally discusses these aspects, and the vendor is very supportive in terms of deployment and setup costs. For the license requirement, we worked with the vendor to secure the minimum price for Trellix endpoint solutions, with no additional costs charged by the vendor.

Before choosing Trellix Endpoint Detection and Response (EDR), we evaluated other options including Cisco Antimalware protections and Symantec Endpoint Protection, but Trellix Endpoint Detection and Response (EDR) turned out to be a much better solution.

This EDR solution stands out through its automated threat response, forensic investigation capabilities, and integration with the MITRE ATT&CK framework. Compared to other solutions, such as Cisco Antimalware protections and Symantec Endpoint protections, Trellix Endpoint Detection and Response (EDR) is not just behavior-based analysis but also supports signature-based analysis.

My advice for others looking into using Trellix Endpoint Detection and Response (EDR) is that they should work with the vendor on deployment and integrations with the EDR agent, ensuring complete discussions with the vendor for better results.

I think Trellix Endpoint Detection and Response (EDR) is a really good solution, with no performance glitches, performance behavior gaps, or discontinuities. I would rate this solution a 10 on a scale of one to ten because it not only serves as an EDR solution but also excels in detecting and responding to behaviors based on data, quickly identifying processes running on the host and correlating the data, taking action very quickly, making it a very good solution without any gaps that I see.

I use César for our endpoints, our users, and the services from email and web services, back and forth, and also at the edge of our network. We have contracted firewalls and everything else for networking.

The product and the services we have are quite good. However, I cannot stay at this level forever. I have to improve continuously and dynamically. 

Everything is working, and the company is training its personnel. I have had in a few months in the past some attacks on personnel—so phishing, for example. I have spent efforts on training our managers and others - what can software do if the knowledge base is low?

This year, I am going to improve some tools to be installed or maybe acquire some services to better manage our web services and work with my coworkers. 

Application fiber also needs attention. Nowadays I am making applications that are publicly seen on the Internet. I need some protection, possibly multi-factor authentication improvements. I am seeing, for workflows, some sort of ethical hacking to test our environment.

Knowledge of everything, not only the product - maybe some kind of alerts - needs to emerge. I see the current ones as very low-tier, and they must improve.

I have used Trellix for some years.

I haven't had any issues. The pricing is very fine and according to the service. Trellix has done a good job reducing threats.

I have spent a lot of time with this product. I have contracted support and also have an operating control so I can get various types of support.

I have used Trellix for some years. In the past, the EDR was McAfee. I have worked with it for around 20 years.

The initial setup is a hard issue.

I have two contractors that help me support the infrastructure here. One is at the edge of networking, and the other is in the endpoints of our company.

I don't have any return on this investment. This is just a security policy for everything.

I haven't had any really great problems with pricing in the past two or three years.

Maybe another level of product and support from manufacturers would be better.

I have seen companies without any EDR services, and we were lacking information. I started with IDR around four years ago, and the support services were very light. I remember doing many tickets for Trellix support, and my EDR was not properly functioning. I didn't feel the detection or the real protection. My company is one among 17 others that are part of a corporation. I am a member of the IT Security Council.  

Overall product rating is five out of ten.

I've used Trellix EDR to improve endpoints and servers' security and feed into MDR solutions.

The most useful features are behavior monitoring, DLP, and access control. The automation has gotten much better in the last two years than when it was McAfee. It works better now and integrates more smoothly.

I'd like the tool to become more like an XDR, with one management system and endpoint activation.

I have been using the solution for seven years. 

Sometimes, stability issues come from incorrect partner deployments, not Trellix EDR itself.

I rate the tool a seven out of ten. To improve it, I'd like a cloud-based management system where I only need to put a correlator at the client's site, as CyberArk does. The best setup would be cloud management, a manager in a VM, and super agents on endpoints.

My opinion about technical support might be biased because I have direct access to top-level senior staff. I know some people struggle with support if they go through normal channels.

Positive

Setting up the solution is easy for me because I've been in cybersecurity for almost 30 years, but new users might find it hard. Depending on the client's needs, it can be set up on-premises, in a private or hybrid cloud, or fully in the cloud. Setting it up can take a few days for small environments or months for big companies with thousands of endpoints.

Pricing is a problem in South Africa. It could be cheaper here. The rand-to-dollar exchange rate makes it expensive for us. A 25 dollar endpoint cost becomes quite significant when converted to rand.

Our clients are usually medium-sized and enterprise businesses. Overall, I would recommend Trellix EDR to others. I'd rate it eight and a half out of ten. No EDR or XDR solution gets a nine from me right now because they all have room for improvement. 

It relies on external systems for detection and then asks the endpoint to handle blocking. However, the most crucial feature is its investigative capabilities. With real-time search and other functionalities, it enables comprehensive detection and response. This capability resembles a layered approach, integrating and correlating all relevant data for thorough investigation.

Trellix needs to focus on gaining traction with partners and building trust among users. Many users may have moved on due to the name change, but concerns about resource intensity are more related to endpoint security than EDR itself. Improving its position in Gartner's quadrant and enhancing the product's image are crucial.

I have been using Trellix Endpoint Detection and Response (EDR) for three to four years.

It's pretty stable.

Trellix EDR is designed to scale seamlessly, leveraging cloud infrastructure that eliminates traditional hardware limitations. This allows scalability up to fifteen thousand nodes or even two hundred thousand nodes, depending on the licensing. The cloud-based architecture enables centralized management from anywhere globally, facilitating comprehensive coverage across different geographical locations. In essence, it offers robust scalability and management capabilities.

For SMBs and enterprises, Trellix EDR typically recommends environments with more than fifty computers. The rationale is that the more computers there are, the greater the likelihood of being targeted by malicious actors. With an EDR solution, there's a better chance of detecting and mitigating malicious activities on your systems. 

Support for Trellix EDR is not great. There have been instances where we encountered issues that required support intervention. In some cases, we were unable to resolve the problem ourselves, and escalated it to support. Unfortunately, there were delays in getting responses from support, which sometimes led to frustration and caused us to consider alternative solutions. 

Neutral

Administering Trellix EDR involves specific procedures. For instance, real-time searching requires using predefined keywords, which aren't readily visible unless you consult with Trellix support or a SE. A comprehensive manual simplifying these administrative tasks would greatly enhance usability. Despite this, setting up the product is straightforward and quick, since it operates in the cloud. Connecting to either cloud-based or on-premises APIs is seamless. However, the challenge lies in product administration, which some users might find complex, leading them to opt for alternative solutions over Trellix EDR.

Trellix EDR provides capabilities similar to AI, significantly aiding your software or IT support team in conducting investigations rapidly. Tasks that might have taken months can now be resolved quickly using the platform. This ability to swiftly identify and address the root causes of attacks is a major advantage. Moreover, by preventing breaches, Trellix EDR helps safeguard data and avoids the need for compliance measures with regulatory bodies. This security is crucial because, in regions like Africa or Nigeria, where certain breaches may go unnoticed, Trellix ensures compliance and transparency, such as mandatory breach reporting in other jurisdictions. Maintaining trust with customers is paramount, as damage to brand reputation can be difficult to repair. Therefore, investing in a solution like Trellix EDR not only protects your organization but also enhances its credibility and operational resilience.

Trellix Endpoint Detection and Response (EDR) is not expensive. When compared to competitors, the main difference lies in their flexibility. 

I rate the product’s pricing a five out of ten, where one is cheap and ten is expensive.

Technical personnel often recommend Trellix Endpoint Detection and Response (EDR) for environments that are not necessarily small, but rather SMBs, those with around 50 computers. EDR solutions are increasingly aligned with the evolving threat landscape.

Trellix EDR provides advantages beyond just detection and response; it facilitates thorough investigation. It operates more like a layered approach, enabling detailed investigation through Trellix Investigator. This allows you to drill down into threats. With real-time search capabilities, you can monitor threats as they occur. Historical search features let you trace when a threat entered the environment and its progression. This granularity extends to file searches and other detailed inquiries, simplifying and enhancing threat management tasks.

In terms of integration, there is still room for growth. Currently, apart from basic anonymized data sharing, there isn't much integration visible. The ability to leverage EDR with other security solutions seems limited, except perhaps through programming. 

Trellix EDR has the potential to be among the top EDR solutions with a few adjustments. It could become the best out there. When considering factors like support, pricing, and ease of use, Trellix EDR has the opportunity to excel. However, currently, there are areas where it can enhance user experience, particularly in simplifying tasks that end users might find challenging on the EDR platform. While it promises to enhance security posture and threat detection speed, these improvements may not be immediately apparent to users, impacting their confidence in the product.

Overall, I rate the solution a seven out of ten.

Trellix Endpoint Detection and Response (EDR) is a very advanced solution, and it can work very well since it helps a user get very deep and very detailed information. With Trellix Endpoint Detection and Response (EDR), I can collect everything from the client without any problem. Trellix EDR API rate is very high, and they cover a very large number of attacks and IOCs because it stands as a highly corrected product with the help of a very high-level research and development team.

The most valuable features of the solution stem from the fact that the response and coverage that the tool provides are very high. The functionality of the product in terms of recovery and IOCs is very nice. The details included in the IOCs are something you can refer to with the help of the product's knowledge base, meaning you can get a reference about attacks and IOCs from certain databases of the tool, and it also covers the new attacks.

In my opinion, Trellix Endpoint Detection and Response (EDR) is one of the best tools that I have worked with till now.

One of the issues about the product stems from the failure to work on its administrative scalability. The aforementioned area can be considered for improvement.

The interface should be easier to use, and Trellix needs to provide training to explain how to use the solution, as these are areas where the solution lacks and needs to improve.

I have been using Trellix Endpoint Detection and Response (EDR) for two years. I operate as an implementer of the solution in my company.

Stability-wise, I rate the solution a nine out of ten.

Only skillful people can work with the solution, as only an old or experienced person will have all the capabilities and the power to improve and search for processes. In general, a person needs to know how to use the solution.

Scalability is something that has emerged as a new requirement, and it may be very hard to use the features that can make the solution more scalable.

My company doesn't have many customers currently using the product.

The product is mostly for enterprise-sized businesses. The product works nicely for enterprise businesses.

I have worked with many EDR products in the past, but I feel that Trellix is a very remarkable product because of its capabilities.

The product's initial setup phase was very straightforward since you just need to install it, and it works.

The product's deployment phase had very few steps because it was made available as a preconfigured device without the configurations, and with the network configuration, everything works fine.

The solution is deployed on an on-premises model.

The solution can be deployed in an hour.

The maintenance and deployment of the solution require the same number of people as for Kaspersky.

Some benefits are available for the users from the use of the solution as it provides nice visibility of the whole environment and the endpoints in an environment, but there is a need to have someone with the technical background to manage it.

The licensing costs attached to the solution are very easy to manage. There is a need to make yearly payments towards the licensing costs.

Trellix Endpoint Detection and Response (EDR) is a product that is meant for enterprise-sized businesses, and it would not be good for small and medium-sized businesses.

I rate the overall tool a nine out of ten.