Trellix Network Detection and Response Reviews

Our primary use case for Trellix Network Detection and Response is to enhance network visibility and strengthen our threat detection capacity. We use it mainly for monitoring network traffic in real-time, identifying suspicious activity, and detecting advanced threats that may bypass traditional security controls. One of the key benefits for us is the ability to leverage behavior and machine learning for identifying abnormal activity, which helps to detect potential malware attacks and movement, command and control conversations, and other indicators of compromise at an earlier stage.

One specific example was when Trellix Network Detection and Response identified unusually outbound network traffic originating from an employee's workstation. This activity did not trigger our traditional signature-based security tool because it was using legitimate protocols and appeared normal at first glance. However, Trellix Network Detection and Response detected the behavior and flagged the communication as suspicious. Our security team investigation and alert discovered that our endpoint had been compromised through phishing emails, and the attackers were attempting to establish command and control conversations and leverage across the network.

A few features of Trellix Network Detection and Response stand out for their particular value. First is the advanced threat detection capacity, which is very important. This platform uses behavioral analytics, machine learning, and threat detection to identify suspicious activity that traditional signature-based tools might miss. This is particularly useful for detecting zero-day threats, insider trading, and suspicious attacks. Secondly, I really appreciate the deep network visibility it provides.

Deep network visibility has been one of the most valuable aspects of Trellix Network Detection and Response for our team because it allows us to see what is happening across the network in much greater detail than traditional monitoring tools. For example, we had a situation where there was unusual communication between an internal endpoint and an external server IP address. At first, the activity did not appear malicious because there were no adverse malware signatures or policy violations. However, using the network visibility provided by Trellix Network Detection and Response, we were able to communicate with partners, identify the affected device, review the timeline of events, and understand exactly how the traffic was moving through the environment.

We have seen several positive impacts since implementing Trellix Network Detection and Response, particularly in the areas of threat detection, intelligence, response, and operational efficiency. One of the biggest improvements has been our ability to detect threats earlier. Previously, some suspicious activity might go unnoticed until it triggered an alert from other security tools or we discovered it during a manual investigation. With Trellix Network Detection and Response continuously analyzing network behavior, we can identify potential threats sooner and more effectively, which reduces the overall risk to our organization. We have also seen a noticeable improvement in incident response times because Trellix Network Detection and Response provides detailed context around alerts.

Measurable improvements have been observed since implementing Trellix Network Detection and Response. For example, our mean time to detect and investigate security incidents has improved significantly. Before implementing the solution, analysts often had to gather data manually from multiple tools to understand the scope of the impact of an alert. The visibility and context provided by Trellix Network Detection and Response have made that process much faster. Specifically, we have seen investigation times reduced by around thirty to forty percent for many security events.

Overall, we have a positive experience with Trellix Network Detection and Response, but like any enterprise security solution, there are areas where it can continue to improve. One area would be user interface and dashboard customization. While the platform provides a lot of valuable information, new users can sometimes face a learning curve when navigating and investigating and creating customized views. More intuitive dashboards would simplify workflows and help analysts access critical information even faster. Another area for improvement is reporting and analytics. The existing reporting capabilities are useful, but more flexibility and customizable reporting options would make it easier to generate executive-level summaries, compliance reports, and operational metrics for different audiences.

I have been working in my current field for six months.

Overall, I would describe Trellix Network Detection and Response as a stable and reliable platform. In our experience, it has had a positive impact on our production environment and has proven to be a dependable part of our security operations. We have not experienced any major outages that significantly impacted our security monitoring capacity. As with any enterprise platform, there have been occasional maintenance windows, software updates, or minor performance issues, but these have been infrequent and generally resolved quickly without causing major operational disruptions.

Scalability has been one of the strengths of Trellix Network Detection and Response in our experience. As our organization has grown and the environment has become more complex, the platform has scaled effectively without requiring major changes in our security operations. We have added more users, devices, cloud workloads, and network segments, which have naturally increased the volume of network traffic and security events. Trellix Network Detection and Response has handled that growth while continuing to provide consistency, visibility, threat detection, and investigation capabilities. Particularly, scalability has been valuable in our hybrid environment, which has expanded with our cloud footprint and introduction of new applications and services. The platform continues to offer centralized monitoring and security insight across both on-premises and cloud environments, allowing our security teams to maintain a comprehensive view without significantly increasing operational complexity.

Overall, our experience with Trellix customer support has been positive. We have not needed customer support very frequently because the platform has been stable, but when we have reached out, the assessment has been generally good. Most of our integrations have involved resolving implementation guidance, configuration questions, product updates, and troubleshooting specific issues. In those situations, the support team was responsive and knowledgeable, and they were able to help resolve our problems within a reasonable time frame.

Before implementing Trellix Network Detection and Response, we used a combination of traditional network monitoring tools, which were signature-based in alerting and security controls but lacked the capabilities of a dedicated NDR platform.

Our experience with pricing, setup costs, and licensing has been positive. Trellix Network Detection and Response is an enterprise-grade security solution, so it represents a significant investment, but we believe that the value it provides in terms of threat detection, network visibility, and incident response justifies the cost. From a licensing perspective, the model was straightforward and aligned well with our organizational requirements. We were able to scale the deployment based on our environment and security needs, which gave us some flexibility based on the infrastructure involved. The initial setup required planning and coordination between our security and network infrastructure teams, but overall, it has delivered good value as part of our security product stack.

Our experience with pricing, setup costs, and licensing has been positive. Trellix Network Detection and Response is an enterprise-grade security solution, so it represents a significant investment, but we believe that the value it provides in terms of threat detection, network visibility, and incident response justifies the cost. From a licensing perspective, the model was straightforward and aligned well with our organizational requirements.

We have seen a positive return on investment, although it is sometimes easier to measure in terms of operational efficiency and risk reduction rather than direct cost savings. From an efficiency perspective, we have seen investigation and incident response times improve by thirty to forty percent within our operational team.

Our experience with pricing, setup costs, and licensing has been positive. Trellix Network Detection and Response is an enterprise-grade security solution, so it represents a significant investment, but we believe that the value it provides in terms of threat detection, network visibility, and incident response justifies the cost. From a licensing perspective, the model was straightforward and aligned well with our organizational requirements.

We evaluated several network detection and response solutions before selecting Trellix Network Detection and Response as part of our assessment process. We looked at platforms such as Cisco, Secure Network, and others that offered network visibility and threat detection. We wanted to compare their detection capacities, network visibility, investigation workflows, and the overall operational value. While all the solutions had strengths and positive aspects, Trellix Network Detection and Response stood out the most.

Trellix Network Detection and Response has become an integral part of our day-to-day security operations rather than just a tool we are using for major incidents. On a daily basis, our security team relies on it for continuous network monitoring, threat hunting, visibility, and security alerts. It provides valuable visibility into network activity across our environment, helping us identify unusual behavior that may indicate potential security risks. This proactive approach allows us to investigate and address issues before they develop into serious incidents.

Another important aspect is integrating with our border security ecosystem. The alerts generated by Trellix Network Detection and Response complement data from our endpoints, SIEM, and other security platforms, giving us a more complete view of potential threats. This improves investigation efficiency and helps reduce the time required for detecting, responding to, and managing security events.

I would rate Trellix Network Detection and Response as nine out of ten overall.

I choose nine out of ten because it delivers very strong value in areas that matter most to security operation teams, such as threat detection, network visibility, and investigation support. What stands out the most is its ability to detect suspicious threats that might not be identified by traditional security tools alone. Its behavioral analytics and machine learning capabilities, along with its network-level visibility, help uncover suspicious activity earlier, which is critical in today's threat landscape. Another reason for the high rating is the depth of context it provides during investigations when an alert is triggered. It also helps with a quick understanding of what happened in a system involved in suspicious activity across the network, thus reducing investigation time and enabling teams to respond more effectively.

From a governance and security perspective, I think Trellix Network Detection and Response handles AI capabilities quite well. One thing I appreciate is that AI is used to enhance operations rather than replace human decision-making. The platform provides risk scoring and behavioral analytics, enabling abnormal detection and reconciliation while still allowing security teams to validate findings or make decisions. From a security standpoint, the AI helps identify threats that might otherwise be missed by traditional rule-based detection methods by analyzing network behavior and activity. It can uncover suspicious behavior earlier in the attack life cycle, which strengthens overall security posture and improves threat detection capabilities.

Overall, the AI capabilities in Trellix Network Detection and Response have been both secure and reliable. In our experience, the platform consistently identifies suspicious behavior and potential malware attacks that warrant investigation. One of the strengths of the AI is its ability to analyze behavior patterns rather than relying solely on signatures or predefined rules. This helps it identify unusual activity that may indicate a compromise, even when the threat is new or previously unseen. We have found that many high-priority alerts generated by the platform have also been related to actionable items with increased confidence. In terms of reliability, the platform has provided accurate insights during investigations. The AI's detection capabilities generally include context that supports the identification of suspicious activity.

My main use case for Trellix Network Detection and Response is to give us network visibility and detect intrusions, which I use day-to-day.

Trellix Network Detection and Response offers excellent diversity and support for different capabilities because it is built and composed of different services. Trellix Network Detection and Response provides an all-in-one package with services such as Yara detection, Zeek detections, IPS, and IDS capabilities, all presented not as lazily implemented features but as standalone services that could be sold individually. The service that stands out the most for us is detecting and applying Riskwhere capabilities to see how our environment complies with standards, making it the full package for us. It supports compliance, security, and detection capabilities.

Trellix Network Detection and Response allows for configuration of sandboxes, known as MVXes, which are separate standalone services that can be scaled up or down depending on your workload. For example, a smaller environment might only need one sandbox, while a larger one can set up a cluster of instances for sandboxing. It offers flexibility for inbound or outbound traffic by allowing you to set it inside the network to actively block or drop traffic, or simply mirror traffic for detection without prevention. The detection engine and services are powerful because they integrate different resources, enabling me to apply different integrations, such as Zeek integrations, for direct rule application.

Trellix Network Detection and Response positively impacts my organization by providing an all-in-one package rather than requiring us to buy separate products from companies like FireEye or McAfee, which support different features. Multi-tenancy is critical for us as an MSSP, and Trellix Network Detection and Response's central management allows me to manage all appliances through a single UI, which is helpful despite some intricate configurations needing to be done on the appliance itself.

Trellix Network Detection and Response can be improved because it is still maturing, having been built by acquiring other companies and integrating their services. The goal seems to be unifying these services within a central management system, but current issues indicate that it is a work in progress. Its deployment is not straightforward and often requires vendor support to set it up effectively, making it difficult to manage without direct assistance. Trellix Network Detection and Response still needs more work for better unification of service management to clarify each service provided. The network detection component tends to have the most integrated services, featuring MVX, IPS, Malware Guard, and Smart Vision.

I would suggest making central management more organized. Currently, features like IPS are shown as a large separate tab in central management, which seems counterintuitive since it is just a feature of NDR. Encapsulating every service in its appliance while standardizing central management would greatly enhance understanding of Trellix Network Detection and Response architecture for security engineers.

Regarding Trellix Network Detection and Response's AI capabilities, they depend on setup for data safety and privacy. If Trellix Network Detection and Response allows local AI setup, it can provide security and privacy, but reliance on cloud-based AI would raise privacy concerns. I see more machine learning than true AI, as it requires turning on machine learning to understand the environment before it can fire alerts.

The accuracy and reliability of Trellix Network Detection and Response output have drawbacks since it generates many false positives and is not one hundred percent accurate, necessitating further configurations, setup, and training.

The main improvements needed, beyond what we have discussed, involve architectural concerns and API usage for running commands. Using Trellix Network Detection and Response's API for configuration benchmarks has not been smooth and has resulted in errors. Fixing the API to allow for easier automation of configurations would be beneficial.

I have been using Trellix Network Detection and Response for approximately six months.

Trellix Network Detection and Response is stable for me as long as I provide the recommended specs. I encounter no issues with health or reliability when the recommended specifications are met.

Trellix Network Detection and Response demonstrates excellent scalability, allowing both the addition of more interfaces and integration of additional appliances into the central management system. You can scale services within the appliance, such as sandboxing services, as needed.

Trellix Network Detection and Response cannot be operated without customer support, especially during the first year and a half of use. Their support is helpful, providing necessary training and sessions to understand the system better.

My advice to others looking into using Trellix Network Detection and Response is to prepare for an initial time-intensive setup, as it has many features that require time to configure properly. However, once past the setup phase, operations will run smoothly with patience.

I have not seen a return on investment in terms of reducing employees, since Trellix Network Detection and Response actually necessitates more team members to operate it. However, it saves time by consolidating what would have been multiple setups with different providers. The setup was complex and time-consuming, yet once operational, daily use becomes much easier, though overall cost savings remain unclear due to their pricing lack of transparency.

My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response is confusing, given that each part requires separate management of licenses. Understanding the licensing necessitates vendor assistance, as documentation fails to clarify everything. The pricing model is not transparent, as they do not provide pricing ranges upfront, complicating the evaluation of costs across regions.

I still run Corlight in parallel alongside Trellix Network Detection and Response. While Trellix Network Detection and Response limits access and navigation through alerts, making full investigations difficult, Corlight enables such investigations with customizable components including Suricata, Zeek, Yara, and smart Pcap features.

We evaluated Corlight, which, while effective, necessitated extensive manual labor for setup, unlike Trellix Network Detection and Response.

Something unique for our environment regarding how we use Trellix Network Detection and Response is how it is implemented and managed. Because we use two appliances for network detection, one for users for everyday use and another for servers, we ensure they have separate traffic and can control and apply different controls to each appliance.

For the flexibility of sandbox configuration in Trellix Network Detection and Response, it has helped my team day-to-day by matching our exact workload. For example, in the data center environment where we have a lot of traffic needing processing, we can add three or four MVXes for sandboxing capabilities, without having to mirror those configurations for the disaster recovery center, allowing each appliance its own sandboxing configurations. For compliance, the compliance team checks network detection configurations, but there is no automation currently, though Trellix Network Detection and Response has a component called Riskwhere that performs risk assessments and covers configurations to benchmark our environment. However, it is important to note that Riskwhere still generates many false positives, requiring manual tuning to fit our environment.

Regarding specific outcomes since using Trellix Network Detection and Response, the compliance scores have not improved yet since it requires manual configuration tailored to our needs. However, incidents have decreased because both solutions operate on a static basis, whereas Trellix Network Detection and Response utilizes sandboxes for dynamic analysis. It saves us a lot of time thanks to its central management, although some configurations sometimes conflict in application between central management and the appliances themselves. Trellix Network Detection and Response still needs more work for better unification of service management to clarify each service provided. The network detection component tends to have the most integrated services, featuring MVX, IPS, Malware Guard, and Smart Vision. I would rate this solution an eight overall.

My main use case for Trellix Network Detection and Response is utilizing an integrated network IDS and IPS, Network Security Manager, and Network Endpoint Security in infrastructure for enterprise network solutions in enterprise organizations.

A specific example of how I use Trellix Network Detection and Response in my organization is that we have a similar solution to ArcSight HP with an IDS IPS solution and Network Security Manager. We place the sensors in the network's in-out traffic detection path, and all traffic in and out from the sensor is monitored. The sensor responds and produces reports and generates alerts on threats and incidents on Network Security Manager. We categorize alerts into categories such as high, low, critical, and medium. Additionally, Network Security Manager has a built-in firewall, which we use to block attacks and threats.

Regarding how I use Trellix Network Detection and Response, we utilize next-generation firewalls, but the problem was that the firewall could not explore packets or scan the network's anomalies and network traffic, which resulted in a heavy load. Therefore, we placed the sensors on the data center network traffic path, and these sensors perform in-depth inspections, including SSL inspections and network detection response. They possess high-performance CPU capabilities, reducing the load on the firewall by 50 percent while performing detections and scans on traffic, leaving the firewall to handle only packet inspections, packet blocking, and URL blocking policies.

The best features Trellix Network Detection and Response offers are its handling of east-west traffic and east-west attacks inside the internal network and outside the organization. Additionally, there is a built-in firewall, an isolation option, automation alerts via email, sensor health updates, and network traffic segregation. We have different categories and can utilize customized signatures. A standout feature for me is that we can implement policies on different segments and sites independently, ensuring they do not interfere with other policies or sites.

The automation alerts in Trellix Network Detection and Response help us identify vulnerable systems on the network and vulnerable servers that require patches to remove vulnerabilities in our day-to-day operations.

Isolation in Trellix Network Detection and Response works effectively. If an incident occurs, we immediately isolate the system by putting that host in isolation, clean the host, and then perform operations to return the system to normal functionality.

Trellix Network Detection and Response has positively impacted my organization by addressing performance issues, specifically by offloading heavy traffic inspection and SSL inspection through sensors due to the limitations of the firewall. To minimize downtime or outages, we must also use built-in kits for backup ports and failover integrated with the ports.

Minimizing downtime with Trellix Network Detection and Response has resulted in enhanced productivity in our organization because we have deployed these sensors in high availability. In case of one device failure, traffic switches to an alternative path. The sensors provide exceptional performance, capable of performing SSL inspections at high throughput rates with low CPU usage, enabling them to handle significant traffic loads promptly.

I believe Trellix Network Detection and Response can be improved by integrating machine learning into its detection response capabilities. Additionally, incorporating failover kits integrated into the sensors could be beneficial. It would be best if Trellix Network Detection and Response sensors were converted into a next-generation firewall with built-in capabilities for routing, switching, and Layer 7 functionality, as most next-generation firewalls today include these features. While Trellix Network Detection and Response sensors are highly capable, I think it would be advantageous to include features such as Layer 7 profiles, application profile filters, web filters, IDx, IP feature sets, signature detection features, and routing and switching capabilities all in one device.

While the user interface of Trellix Network Detection and Response is very good, I suggest implementing a customizable dashboard. Additionally, there should be report generation for critical attacks and high alert severities, displayed graphically on the dashboard, and providing options to extract files in Excel format for better visibility.

I have used Trellix Network Detection and Response for almost three to four years.

Trellix Network Detection and Response is stable.

Trellix Network Detection and Response is scalable. We can add more sensors and can incorporate VM-based IPS sensors into the environment.

The customer support for Trellix Network Detection and Response is very good. They help and support us promptly, allowing us to resolve issues immediately. I would rate customer support an 8 on a scale of 1 to 10.

We are moving towards next-generation firewalls focusing on performance and features.

I have seen a good return on investment with Trellix Network Detection and Response. It has saved us money and time, and the overall investment has been profitable.

My experience with the pricing, setup cost, and licensing of Trellix Network Detection and Response is that they are very good and affordable for the customer range. However, it would help significantly to have all features packaged together, including firewall, policy implementation, routing and switching, and IDS/IPS functionalities in one device, as customers today prefer having a single device to reduce power consumption, device failure, and outages.

I evaluated other options before choosing Trellix Network Detection and Response, specifically Trend Micro IDS and IPS. That solution did not meet our needs, making Trellix Network Detection and Response the best choice.

My advice for others looking into using Trellix Network Detection and Response is that it provides hardened security in enterprise networks and supports a zero-trust model. They can use Trellix Network Detection and Response sensors separately and address performance issues by handling SSL inspections and packet detections on the sensors while keeping other firewalls focused on policy management.

I would rate Trellix Network Detection and Response a 10 out of 10. It is very good, but I suggest having the sensor equipped with a built-in firewall. I gave this rating because of its performance, operational efficiency, and impressive traffic analysis and detection response capabilities. The standout feature is its handling of east-west attacks within the organization, alongside effective vulnerability patch management.

My primary use case for Trellix Network Detection and Response is network threat monitoring and incident investigation. I use it to identify suspicious network activities, detect potential threats, and gain visibility into traffic patterns across the environment. On a day-to-day basis, I review alerts generated by the platform, investigate unusual communications, analyze indicators of compromise, and validate whether an alert represents a genuine security risk or a false positive.

Trellix Network Detection and Response definitely helps make investigations faster and more efficient. One of the biggest advantages is the visibility it provides into network activity, which allows me to quickly understand what happened and determine whether an alert requires immediate action. Instead of manually collecting data from multiple sources, I can use the platform to view relevant network communications, identify suspicious connections, and trace activity associated with a particular host or user. This significantly reduces the time needed for initial triage and investigations.

Trellix Network Detection and Response has become a regular part of my daily security monitoring workflow, not just a tool I use when there is an incident. Beyond investigating alerts, I use it to maintain visibility into network activity, validate suspicious events identified by other security tools, and proactively look for unusual behavior that could indicate emerging threats. I also appreciate the context it provides during investigations. Having access to detailed network insights helps me make more informed decisions and collaborate more effectively with other teams when an issue needs to be escalated or remediated.

The features I find most valuable in Trellix Network Detection and Response are the network visibility, threat detection capabilities, and the investigation tools that provide context around security events. One of the biggest strengths of Trellix Network Detection and Response is the ability to analyze network traffic and identify suspicious behavior that may not be obvious through traditional security monitoring. The alerting and detection capabilities help surface potential threats early, which allows us to investigate and respond more quickly. I also appreciate the level of detail available during investigations. Being able to view communication patterns, affected systems, and related activity in one place makes it much easier to understand the full scope of an incident. This saves time and reduces the effort required to manually correlate information from multiple sources.

I have had a positive experience with Trellix Network Detection and Response, but there are areas where it could be improved. One area would be further enhancement of alert prioritization and noise reduction. While the platform provides valuable detections, having even more intelligent correlation and risk-based prioritization could help analysts focus on the most critical threats more quickly.

From an integration perspective, broader and more seamless integration with third-party security tools can always add value. Most organizations operate in multi-vendor environments, so simplifying data sharing and workflow automation across different security platforms would help improve operational efficiency. In terms of user experience, the interface is functional, but there is always room to make investigations more intuitive. Enhancements such as more customizable dashboards, streamlined navigation, and easier access to frequently used investigation data could help analysts work more efficiently, especially in fast-paced incident response situations.

I have been using Trellix Network Detection and Response for approximately two years.

I would consider Trellix Network Detection and Response to be a stable and reliable platform. In my day-to-day use, it has consistently provided the visibility and detection capabilities we rely on for security monitoring and investigations. Enterprise security solutions can occasionally have minor issues related to updates, integrations, or environmental factors, but I have not experienced any significant reliability problems that have had a major impact on our security operations. The platform has generally performed as expected and has been available when needed for monitoring and incident investigations.

Based on my experience, Trellix Network Detection and Response has scaled well within our environment. As the organization has grown and network activity has increased, the platform has continued to provide the visibility and detection capabilities needed to support security operations. From a day-to-day perspective, I have not noticed any significant issues related to growth or increased workload.

We previously relied on a different solution for network monitoring and threat detection before Trellix Network Detection and Response. One of the reasons for moving to Trellix Network Detection and Response was the need for improved visibility, stronger investigation capabilities, and better integration with our overall security operations workflow. From my experience, Trellix Network Detection and Response provides valuable context around alerts and helps streamline investigations, which has improved efficiency for the security team.

I do not have official ROI metrics, but from what I have seen, the biggest return has been in time-saving and operational efficiency. Investigations are generally faster because analysts have immediate access to relevant network context instead of manually piecing together information from multiple sources. I also think there is a value in detecting and understanding threats earlier. It is difficult to quantify exactly, but faster detection and response can help reduce the potential impact of incidents. While I cannot point to a specific dollar amount or reduction in staffing, the platform has helped the team work more efficiently and strengthen our overall security operation.

I was not directly involved in the formal evaluation and procurement process, so I cannot say with certainty which products were shortlisted or compared in detail before selecting Trellix Network Detection and Response. By the time I started working with the solution, Trellix Network Detection and Response had already been selected and deployed. From a user perspective, I have found it effective for network visibility, threat detection, and investigation support. While I am aware there are several strong solutions in the NDR market, I was not personally part of the product evaluation process.

A situation where I used Trellix Network Detection and Response is malware detection, where Trellix Network Detection and Response generated alerts for unusual outbound traffic from a user workstation. The investigation showed malware attempting to communicate with a known malicious IP. I isolated the endpoint and coordinated remediation with the endpoint security team. This is one of the major things that I worked on recently.

Another use case would be lateral movement investigation. During a security incident, I used Trellix Network Detection and Response to analyze internal network traffic and identify suspicious RDP connections between multiple servers, which helped determine the scope of lateral movement. This helped me investigate further in detail using Trellix Network Detection and Response for lateral movement investigation.

Based on the scenarios I recently mentioned, one valuable feature is the real-time threat detection of Trellix Network Detection and Response. It detects advanced threats, malware, and lateral movement using AI, ML, and behavior analytics. This is where I used it in two different scenarios that I have mentioned earlier. Another feature would be the network visibility where it provides deep visibility across on-premises, cloud, branch, and hybrid environments. The last feature would be the lateral movement detection, which is particularly useful for identifying attackers moving between internal systems after initial compromise.

Regarding business impact, the real-time threat detection successfully reduced our mean time to detect and response time. Instead of discovering threats during periodic reviews, Trellix Network Detection and Response alerts us immediately when it detects suspicious network behavior such as lateral movement or unusual outbound traffic. This allows the SOC team to investigate and contain incidents faster, reducing potential business impact and minimizing downtime. The key workflow benefits include faster threat detection, reduced manual monitoring, and better alert prioritization, which helps in quicker incident response and lower risk of business disruption. Both I and the organization have benefited from this.

The real-time alerts from Trellix Network Detection and Response reduced our average incident detection time from several hours to under thirty minutes, allowing the team to contain threats much faster. Improved alert prioritization reduced manual triage effort by around thirty to forty percent, allowing analysts to focus on genuine threats. Each detection of lateral movement enabled containment before additional systems were affected, reducing the scope and cost of investigation.

When considering Trellix Network Detection and Response's accuracy and reliability of output, this means how correct, consistent, and trustworthy the results of the system, tools, or analysis are. Accuracy refers to whether the output is correct, and reliability means whether it gives a correct response consistently over time. In the data or analytics context, accuracy ensures the output reflects the true data without errors or bias, while reliability ensures the system produces consistent results even when done multiple times or under different conditions. In simple terms, accuracy and reliability means ensuring the alerts or outputs are both correct and consistent in a secure system. For Trellix Network Detection and Response, high accuracy reduces false positives, and high reliability ensures threats are consistently detected across environments and time.

I have been using Trellix Network Detection and Response for around two years.

Trellix Network Detection and Response has experienced no downtime and is working well.

Trellix Network Detection and Response is scalable and has been able to grow with my organization's needs.

Customer support for Trellix Network Detection and Response works as the first point of contact for users, and the support team handles technical issues and escalation to ensure problems are resolved efficiently.

When I joined this organization, we worked with Trellix Network Detection and Response only. I am not sure what they used before this, but I know why we switched. We switched because the existing system had poor visibility, high false positives, and limited ability to detect advanced or unknown threats, which slowed down detection and response. That is why we switched to Trellix Network Detection and Response.

We purchased and deployed Trellix Network Detection and Response through Azure Marketplace by selecting the product and configuring the subscription and network settings, then deploying it into a resource group. After deployment, we integrated it with our environment for monitoring and security operations. This is the current approach we are following.

If I consider the return on investment concerning Trellix Network Detection and Response, I mostly measure it by our time saving. Faster detection of threats, reduced mean time to detect and response time, and faster investigation using Trellix Network Detection and Response alerts have resulted in time savings. Analysts no longer need to perform extensive manual log analysis, so they can handle more incidents in less time. Regarding security cost, a reduction in security cost occurs because early detection prevents major breaches and avoids data loss, downtime, and recovery costs. Fewer false positives provide better alert accuracy, which reduces analyzing time.

The other options that were used before Trellix Network Detection and Response are not something I am aware of in detail because I have only worked with Trellix Network Detection and Response closely. I understand that tools such as Splunk and firewall logs are different tools that are in the market, but I am not sure which ones they followed previously.

Instead of relying only on signatures, Trellix Network Detection and Response baselines normal network behavior and alerts on deviations such as unusual outbound connections, lateral movement, or command and control traffic. The specific feature impact would be behavior analysis to detect unknown threats and insider activity, and threat intelligence integration to identify communication with known malicious IPs or domains. The threat hunting tools help us find hidden or low and slow attacks missed by traditional tools. I recommend putting in reduction with tuning behavior analysis policies, leveraging threat intelligence feeds, and monitoring east-west traffic. This reduces false positives and helps identify suspicious activities such as lateral movement communications.

My main advice regarding Trellix Network Detection and Response is to properly tune the system during initial deployment. Without tuning, you may get many false positives. It is also important to integrate threat intelligence feeds and align detection with MITRE ATT&CK so alerts are meaningful and easy to investigate. I have rated this product an eight out of ten.

I mainly use Trellix Network Detection and Response to find zero-day threats, malware, or anything malicious on our clients' endpoint devices.

I can give you a specific example of how I used Trellix Network Detection and Response to spot something malicious. Such a scenario is when a user using a client device logs in to a Tor browser and is using the Tor browser to surf something malicious. On the dashboard, we used to get the alert for the same and we used to investigate from there by looking at the IP, the source IP, the destination IP, and how it is landing on the Tor browser and what the user is doing. We could do all of this with that.

Trellix Network Detection and Response offers threat detection and prevention ability, the ability to find zero-day threats and malware, and anything malicious which has affected an organization. It is very easy to detect. Trellix Network Detection and Response has an MVX engine which is the most effective in handling scenarios such as APTs. Trellix Network Detection and Response also provides essential defense by automatically responding to network incidents that the firewall may not catch. There is also real-time visibility into network traffic and it integrates well with other security tools. It offers automated response features that significantly reduce the incident response time.

The MVX engine helped me in my day-to-day work. We recently gotten used to the workflows for the known false positive alerts. It definitely helped us reduce a lot of time with the auto-closing alerts and the detections that we had. It directly helped in reducing the SOC fatigue.

Trellix Network Detection and Response has positively impacted my organization by significantly reducing the time to detect as we also were experimenting with the automation systems. There were zero detection things and then there was better monitoring. The application filtering as well surpasses the firewall. It increased our ROI for the company from a sales perspective.

I can share specific outcomes or metrics regarding Trellix Network Detection and Response. Per day we used to have 70 to 80 alerts and those could be reduced up to 40 to 30 a day. This is almost a 40 to 50% decrease.

There are many ways Trellix Network Detection and Response can be improved. Trellix Network Detection and Response needs to reduce the alert noise because even after a lot of filtering, there is still a lot of noise which needs to be tuned by the industry vertical. Trellix Network Detection and Response needs to deepen the cloud-native support with parity between on-premises and cloud deployments. Trellix Network Detection and Response needs to improve threat intelligence depth as Trellix Network Detection and Response is not known to have the best signatures or the AI-supported intelligence that competitors may have.

Trellix Network Detection and Response also needs revamped documentation because we had a lot of issues trying to find the syntaxes for all the rule-making. We had to search a lot and Trellix Network Detection and Response does not really help with their documentation, as it only covers basic information. The customer service is not that good. Trellix Network Detection and Response needs accelerated customer support to reach out to the top-level heads. Most of the time we are just stuck at the ground level talking to their customer support team, and they are not able to help us because we usually need to connect with the engineering team to help us out with the specifics.

I have been using Trellix Network Detection and Response for around 1.5 years.

Trellix Network Detection and Response is somewhat stable but there is a bit of downtime sometimes during the off-hours which definitely impacts our night shift. Other than that, there is nothing.

Trellix Network Detection and Response has good scalability, but since it is a legacy system, it was a bit difficult to pair with the other systems. The connectors were always out of sync and we have had multiple noise floods from these connectors which were not configured well. This was from the Trellix Network Detection and Response developer side and we could not get them to fix it on time. That is why our analysts were suffering with the noise.

Customer support for Trellix Network Detection and Response is not that good. We were trying to connect to the engineering team of Trellix Network Detection and Response while we were just stuck on a loop with the customer support team who were not basically helping us. They were constantly relaying our message to the engineering team and the engineering team was looping that back to them and then to us. It was a big hodgepodge basically.

We previously used Defender before Trellix Network Detection and Response and we switched because the client actually wanted to switch to something more affordable.

I have seen a return on investment with Trellix Network Detection and Response. There was definitely a good ROI involved with this. Not from the people side because there was still a lot of alert noise from Trellix Network Detection and Response, but definitely the time was reduced because of the automated detections plus the money factor as I believe Trellix Network Detection and Response offered a much cheaper plan compared to others.

My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response was fine. This is above my pay grade as I am just an associate and I deal with the alerts and detections and the fine-tuning of the rules. This is more towards the sales perspective of it which I was not involved with. But I am sure the ROI was definitely fine for this because we were using this tool for three years.

Before choosing Trellix Network Detection and Response, we evaluated Palo Alto and CrowdStrike.

I do not have any advice as such about Trellix Network Detection and Response, just would suggest it to those who are looking for an affordable option because there are a lot of things that other tools do better, but Trellix Network Detection and Response is a bit cost-effective, definitely. My overall rating for this product is seven out of ten.

My main use case for Trellix Network Detection and Response is for threat detection and response across our workstations and servers.

The best features Trellix Network Detection and Response offers are its threat intelligence, which is quite good, along with endpoint isolation; I can simply isolate the endpoint. The incident response part is also good, and I have not faced any issue until now.

The features that stand out to me about Trellix Network Detection and Response also include its easy implementation and integration; I can simply push the agent, and integration is quite straightforward.

Trellix Network Detection and Response has positively impacted my organization by creating a better safeguard and protecting us from threats. Although it can be improved in some areas, for now it is working fine and well. The number of threats detected is also decreasing, and from a cybersecurity engineer's point of view, the threats are becoming much easier to resolve with the help of these EDR tools. I do not have to log in daily as I can simply see the reports in my email and work on them.

To improve Trellix Network Detection and Response, I suggest enhancing reporting customization; the reports can be much better, and I should have the ability to customize them much more freely. Policy management is good, but I find it a bit complex compared to other tools I have worked with. The support response could also be better; support does respond, but it takes some time.

Regarding needed improvements, the dashboard of Trellix Network Detection and Response is quite simple to understand, but the only complex area is policy management. I have to open each policy and divide the number of users, which made the initial implementation lengthy. It took us around two to three months to adopt it, but after installation, I did not have to change many policies. The dashboard could be improved.

I have been using Trellix Network Detection and Response for almost one year.

Trellix Network Detection and Response is quite stable.

The scalability of Trellix Network Detection and Response is easy; I just have to add another license in the same cloud, and I can easily increase the number of endpoints.

Customer support for Trellix Network Detection and Response is good, but it can be improved; response could be much sooner.

Before Trellix Network Detection and Response, I used a different solution called SecureIT because I was getting many active attacks from there, including a ransomware attack, so I looked for a change.

Regarding my day-to-day work with Trellix Network Detection and Response, it is simple; the implementation part has been completed, and now I just monitor the logs and check for any recent alerts or any critical threats that are detected, and I work on them.

I have seen a return on investment with Trellix Network Detection and Response, particularly in terms of time saved; since I manage the solution, I spend significantly less time on it.

My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response was in the middle range of endpoints, well within what I was looking for; I wanted something that was not too price-heavy like SentinelOne but also not much cheaper like Kaspersky, so it needed to suit my budget while providing proper security.

Prior to choosing Trellix Network Detection and Response, I evaluated other options such as SonicWall and Check Point.

A quick specific example of how I use Trellix Network Detection and Response for threat detection and response is that I received a malicious file; some of my teammates downloaded a malicious file that contained a Trojan horse from a malicious website. Trellix endpoint was successfully able to detect it and also remove it, and it is installed in each person's systems across the organization.

When I say the number of threats detected is getting less, I can share that around five to six months back, I was regularly getting a specific type of threat from the same zip file, which was spreading across the organization. The tool helped me find the root cause, which was an infected file stored in the server, and whenever someone accessed it, it used to spread to that system.

I rated Trellix Network Detection and Response eight out of ten because the two areas where it can be improved are reporting, as the reports can be much better and easier to understand, and second, the support could be better. Due to these two areas, I deducted two points from the overall score.

Regarding Trellix Network Detection and Response's AI capabilities, I think its governance and security are quite good; the AI is working fine, and I receive its logs and analysis, which makes me quite happy with this new AI and ML integration. It helps me in governance as well.

The accuracy of Trellix Network Detection and Response is quite good.

My advice for others looking into using Trellix Network Detection and Response is to be aware that the implementation part can be a lengthy process; endpoints are not installed in a day or a week, and it will take some time. Getting used to it takes around one to two months for the cybersecurity engineers managing the solution. I also recommend setting up logs and alerts on your emails so you do not have to open the dashboard daily, which helps save a lot of time.

Trellix Network Detection and Response is a good mid-budget product that provides quite good security, and I have positive reviews about it.

Our main use cases for Trellix Network Detection and Response are centered around network visibility, which allows us to detect suspicious activity. I generally use Trellix Network Detection and Response as a complementary visibility tool instead of standalone dependencies. This is because our team usually combines endpoint SIEM and cloud telemetry with network visibility, making Trellix Network Detection and Response more useful when correlated with other security tools.

The strong feature of Trellix Network Detection and Response, in my opinion, is network visibility, as it provides a deeper understanding of traffic behavior and suspicious communication patterns. Another strong point is that we can detect lateral movement, which is crucial since many advanced attacks move internally inside networks, helping us identify unusual behavior that may otherwise go unnoticed.

In day-to-day operations, Trellix Network Detection and Response helps improve investigation quality because analysts gain another visibility layer apart from endpoint solutions. We rely not only on endpoint detection but also validate suspicious traffic behavior, internal communication, and unusual network activity, which aids our investigations and sometimes reduces our investigation time.

One useful aspect of Trellix Network Detection and Response is its integration value because it works better when data can be correlated across security systems. The network telemetry adds important context to investigations, making responses more informed.

The biggest impact Trellix Network Detection and Response has had on our organization is improved visibility across our environment and better confidence during investigations, as security analysts can understand suspicious behavior more clearly instead of depending solely on isolated alerts. It supports our detection team by strengthening their capabilities to detect internal movement and abnormal traffic behavior.

Improvement-wise, the initial setup, fine-tuning, and learning can take effort. Tuning is important for reducing noise and improving detection capabilities. Trellix Network Detection and Response could improve with UI simplification and a better reporting experience. A better out-of-the-box dashboard, easier reporting, and smoother third-party integration workflows would enhance analyst efficiency. Better simplification, smoother onboarding, and more analyst-friendly workflows would improve usability.

We have been evaluating and using Trellix Network Detection and Response within our SOC and visibility workflow for around three years.

Trellix Network Detection and Response is designed to scale based on our workloads, and it performs well when we scale.

My experience with Trellix Network Detection and Response customer support has been good, as it depends on the complexity of the issue. They respond in a timely manner, and the technical guidance during calls is significant. Working with the Trellix support team has been positive due to their supportive nature and adherence to SLAs.

We have integrated Trellix Network Detection and Response with multiple routers and switches, and for some devices, we have integrated with the protocols in our environment.

We have certain rules in place for handling false positives, and Trellix has built-in rules as well. We occasionally receive false positives, but we have our own point for analyzing alerts to determine if they are false positives or true positives, verifying with the tools and taking action accordingly.

Trellix Network Detection and Response definitely supports our compliance requirements because we have a lot of logs, which helps our compliance efforts. We store logs for up to three years in our environment, with archives as well, which is crucial for compliance and audit purposes.

When we receive a zero-day from third-party sites, Trellix Network Detection and Response utilizes its threat intelligence platform, which continuously monitors network traffic to identify suspicious patterns.

Trellix Network Detection and Response performs faster compared to other detection solutions we have used in the past, as it has its own rules that help us focus on alerts we need to work on. Unlike many other tools that generate numerous incidents, Trellix Network Detection and Response allows us to find anomalies more easily within our enterprise network, improving our visibility and enabling us to investigate threats effectively.

My advice to others looking into using Trellix Network Detection and Response is to first understand the visibility gap in your organization. If your organization already has strong endpoint visibility but lacks internal network monitoring, then Trellix Network Detection and Response becomes more valuable, allowing for better planning, tuning, and onboarding of the solution. I would rate this solution an eight out of ten.

My main use case for Trellix Network Detection and Response is to continuously analyze network traffic and identify suspicious activity that may indicate security threats. It helps us gain deeper visibility into network behavior and improve our overall threat detection capability.

During routine monitoring with Trellix Network Detection and Response, the platform identified unusual communication between internal systems and external destinations. The activity appeared normal at first glance, but Trellix Network Detection and Response highlighted it as anomalous, allowing us to investigate and address the issue before it escalated.

Trellix Network Detection and Response has positively impacted our organization by improving our ability to identify threats earlier in the attack lifecycle and providing better visibility into network activity across the organization.

Since using Trellix Network Detection and Response, we have estimated that security analysts spend approximately 25% less time gathering information during the investigation because the platform provides detailed context and visibility in a single location.

Trellix Network Detection and Response has streamlined threat investigation by reducing the amount of manual correlation required between different security tools and log sources.

The best features I found most valuable in Trellix Network Detection and Response are anomaly detection, network traffic analysis, threat prioritization, and centralized visibility into security events.

The most valuable feature for me in Trellix Network Detection and Response is network traffic analysis because it provides detailed insight into how devices communicate across the environment and helps identify abnormal patterns quickly.

I would like to see additional reporting flexibility and more customization options for the dashboard in Trellix Network Detection and Response. Apart from that, the platform performs very well.

I have been using Trellix Network Detection and Response for more than one year.

Trellix Network Detection and Response has been stable in our environment and has consistently delivered reliable performance.

Trellix Network Detection and Response has scaled effectively as our network footprint and monitoring requirements have increased.

Customer support for Trellix Network Detection and Response has been responsive and technically knowledgeable whenever we require assistance.

Before Trellix Network Detection and Response, we relied mainly on traditional monitoring tools and security logs for network visibility. We switched because we wanted more advanced analytics, better visibility into network behavior, and stronger capability for identifying unknown threats.

The experience with Trellix Network Detection and Response regarding pricing, setup cost, and licensing was that the implementation process was manageable, and the licensing model aligned well with our operational requirements. Overall, the value provided by the solution justifies the investment.

We have seen a positive return on investment with Trellix Network Detection and Response through the improved investigation efficiency, reduced manual effort, and faster threat identification.

Before choosing Trellix Network Detection and Response, we evaluated other options including Darktrace, Vectra AI, and ExtraHop before deciding on Trellix Network Detection and Response for its reliable performance.

Organizations should integrate Trellix Network Detection and Response with their existing security ecosystem and establish a clear investigation workflow to maximize the value of the platform.

Trellix Network Detection and Response applies advanced analytics within a controlled security framework, helping organizations maintain visibility and governance while improving threat detection capability. In our experience with Trellix Network Detection and Response, the analytics and threat detection have been consistent and reliable. The alerts are generally meaningful and help us focus on high-priority security events.

I would rate this product a 9 out of 10.

My main use case for Trellix Network Detection and Response is to detect anomalies within the network to ensure that the NDR functionality is delivering what is expected, so primarily the NDR functionality.

A specific example of how I have used Trellix Network Detection and Response in a project is that it provides visibility for clients, allowing them to see all the traffic within their network infrastructure, detect any security triggers that need to be investigated, and take action to protect the network, ensuring there is no unusual or unwanted behavior or traffic.

The main aspect of Trellix Network Detection and Response regarding visibility is that visibility is very important as it empowers users to understand what is happening; therefore, detection is one of the strongest features of Trellix Network Detection and Response. Based on what we can see or the events we can observe and how the traffic flows, we can take the next action, investigate incidents, have a proper workflow, and assign the right person or agent to take action and prevent threats before jeopardizing the network or data. Visibility is the top feature that needs to be addressed when it comes to detection and response.

The best features that Trellix Network Detection and Response offers are visibility, threat detection, and immediate response, which allows us to take action almost instantly while keeping proof through proper data capture and maintaining logs for future analysis to prevent attacks and ensure that we have the right policies and controls. Having historical data and integrating with other security stack tools also helps; therefore, proper integration with other security tools is also essential.

Trellix Network Detection and Response positively impacts my organization by enhancing our security posture and helping us cover several controls for compliance, as we need to fulfill various security frameworks to maintain our business operations. The presence of Trellix Network Detection and Response assists us in meeting compliance expectations, which is crucial.

Regarding specific outcomes after using Trellix Network Detection and Response, compliance is vital; having Trellix Network Detection and Response implemented is mandatory for several security frameworks, including local and industry-specific ones, making it a crucial component of our cybersecurity strategy.

Regarding needed improvements for Trellix Network Detection and Response, there is always room for enhancement in terms of AI capability to include proactive triggers based on historical data, enabling AI to learn patterns and detect threats before they manifest; this is a significant point to address.

To improve Trellix Network Detection and Response, adapting more AI use cases is essential, such as creating automated incidents for anomalies in traffic that assign themselves to security agents. Automation is vital, and I envision the potential for ready out-of-the-box playbooks for known scenarios to be executed without complex configurations, enhancing automation of known incidents.

I have been managing several projects that include Trellix Network Detection and Response for the last five years, with the most recent project being in the last quarter of 2025.

Trellix Network Detection and Response is stable but occasionally encounters performance issues, which we can fix quickly.

I find Trellix Network Detection and Response to be quite scalable; it depends on the number of users, and we have accounted for that ahead of deployment, which leads me to believe scalability will not be an issue.

Customer support for Trellix Network Detection and Response is excellent, with almost immediate responses to our inquiries.

I have not previously used a different solution, as no system was deployed before.

My experience with pricing, setup costs, and licensing has been satisfactory, although I believe the pricing could be better.

My company does not have any business relationship with this vendor beyond being a customer.

While the return on investment from Trellix Network Detection and Response is not immediately tangible, I feel the benefits concerning an enhanced security posture create a sense of confidence in our security; however, I do not see immediate savings linked to the system.

My experience with pricing, setup costs, and licensing has been satisfactory, although I believe the pricing could be better.

Before choosing Trellix Network Detection and Response, I evaluated other options, specifically exploring Get Watcher.

I would give Trellix Network Detection and Response a rating of ten out of ten.

I give it a ten because it delivers what it promises by providing network detection and response, maintaining logs, offering detailed analytics, and enhancing the system's learning capabilities over time, particularly with the introduction of AI in current and future releases, leading to an ideal NDR deployment expected by customers.

I advise others looking into using Trellix Network Detection and Response to proceed with implementation immediately, as it is one of the best and most trusted brands that deliver on its promises; Trellix Network Detection and Response has been in the market for a long time and is well-known for its customer support and technical capabilities, and those without an NDR should definitely aim for implementation as soon as possible. I would recommend this product with a rating of ten.