Trellix XDR Reviews

Trellix XDR serves as our main platform for threat detection, investigation, and incident response.

On a daily basis, we use it to monitor security alerts, identify suspicious activity across endpoints and networks, investigate potential threats, and respond to security incidents. It helps us gain better visibility into our security environment and reduce the time needed to detect threats.

One example of how we have used Trellix XDR in a real-world scenario was when it detected unusually powerful activity on an employee's endpoint. Trellix XDR's secure alerts from multiple sources flagged the behavior as potentially malicious. Using the investigation dashboard, we quickly analyzed the activity, isolated the affected device, and confirmed it was caused by a suspicious file downloaded through email.

This helped us contain the threat before it could spread to other systems, significantly reducing our response time.

The best features Trellix XDR offers include advanced threat detection, alert correlation, and centralized visibility across the security environment.

What stands out the most is its ability to combine data from multiple sources and provide a clear view of potential threats, which helps reduce the alert noise in the system.

The investigation and incident response tools are very useful, allowing security teams to quickly analyze any suspicious activity, identify the root cause, and take action accordingly. Additionally, the dashboard and the system's automated workflow help improve efficiency and effectively speed up response times.

Since implementing Trellix XDR, we have seen improvement in our threat detection and incident response capability. This platform has helped us identify potential security issues faster and reduce the time required to investigate and remediate incidents.

The centralized visibility across our environment and improved overall security monitoring occur automatically, while automated alert correlation has reduced noise and helped the team focus on genuine threats. As a result, our security operations have become more effective and we have greater confidence in our ability to assess and respond to cyber threats in a timely manner.

While Trellix XDR is a strong platform overall, there are a few areas where it could be improved. The initial setup and configuration can be complex, especially for organizations with diverse environments. Some additional advanced features also have a learning curve and may require extra training for security teams to fully utilize them. Moreover, reporting and dashboard customization could be more flexible, allowing users to create highly customized views and reports more easily.

There are also areas that could optimize detection surveys. Addressing these areas would further enhance the overall experience and operational effectiveness.

One additional improvement would be deeper integration with a wider range of third-party security tools and cloud platforms. While Trellix XDR integrates with many solutions, simplifying the integration management would help organizations with complex security ecosystems. I would like to see more out-of-the-box reports and executive-level dashboards that make it easier to communicate security metrics to leadership.

Finally, continuous enhancement to automation and AI-driven threat prioritization would further reduce analysts' workflow and improve response effectiveness. Overall, these are areas that need refinement rather than being major concerns, as the platform still delivers strong security and operational value.

I have been working in my current field for six months.

Trellix XDR is stable.

Trellix XDR scales well for organizations of different sizes, from mid-sized businesses to large enterprises. In our experience, it has been able to handle a growing volume of security data, endpoints, and alerts without significant performance issues.

When our environment expands, the platform continues to provide centralized visibility and effective threat detection across multiple systems. This scalability is one of its strengths, operating without needing to reconfigure the security monitoring approach. Overall, I rate its scalability highly because it adapts to increased security demands while maintaining strong performance.

Our experience with Trellix customer support has been generally positive. The support team is knowledgeable and responsive, especially when handling technical issues and providing reliable answers for critical incidents. Response times are good, and support engineers have provided clear guidance and practical solutions.

We have also found that the documentation has been very helpful in resolving common issues.

I rate customer support nine out of ten. The support team is generally very positive and knowledgeable, effectively resolving issues for both routine questions and more complex technical problems. The reason I do not give a perfect ten is that some advanced and highly specific cases can take longer to resolve due to the need for escalation.

Overall, however, the quality of support has been strong and positively contributed to our experience with this platform.

Before implementing Trellix XDR, we utilized a combination of traditional endpoint security and a SIEM tool for threat monitoring and investigation. While those solutions provided useful visibility, they required more manual efforts and collaboration for alert and investigation across different systems. We switched to Trellix XDR to gain a more unified view of our security environment, improve threat detection and response capabilities, and reduce the time spent on manual investigations. The ability to cross data from multiple sources and streamline incident response was a key factor in our decision to move to Trellix XDR.

The initial setup and configuration can be complex, especially for organizations with diverse environments.

We have seen a positive return on investment with Trellix XDR. While I cannot share exact financial figures, we have observed measurable operational benefits.

For example, our incident investigation and response time improved by roughly thirty to forty percent, and automated alerts reduced the time and amount of analyst effort spent reviewing false positives. This allowed our security team to handle a higher volume of alerts without needing additional personnel.

Before implementing Trellix XDR, we evaluated a combination of traditional endpoint security and a SIEM tool for threat monitoring and investigation.

Trellix XDR plays a central role in our security operations. Beyond threat detection and incident response, we use it to improve visibility across endpoints, prioritize alerts, and streamline investigations. The centralized dashboard helps our team secure events from different sources and reduce manual effort, allowing us to focus on higher-priority security issues.

Day-to-day, it helps maintain a proactive security posture and respond to potential threats more efficiently.

One additional feature is our detailed investigation capacity. Trellix XDR provides useful context around alerts, making it easier to understand how the incident started and what systems may be affected, which we also appreciate in terms of the solution's scalability.

It can handle a large volume of security data without significant impact on performance. Overall, the combination of visibility, automation, and effective investigation tools makes Trellix XDR a valuable part of our security operations.

Trellix XDR's AI capability has generally been positive from both governance and security perspectives. The platform uses AI analysis to help prioritize alerts, identify suspicious behavior, and reduce noise, which supports more effective decision-making in security teams from the governance standpoint.

It provides audit trails, role-based access control, and centralized visibility to help organizations maintain oversight of security operations. From a security perspective, the AI-driven insight has also assisted in improving response times. However, there is room for greater transparency regarding how AI models make centralized recommendations. Overall, the governance and security controls are strong and align with enterprise security requirements.

Overall, I find the solution's AI capability to be accurate and reliable in supporting threat detection and investigation.

The AI-driven analysis helps prioritize alerts, identify suspicious patterns, and provide useful context for security incidents. In most cases, the recommendations and insights are reliable for analysts, enabling faster decision-making.

As with any AI-based security solution, it is not perfect and still requires validation for decisions, but it does a good job reducing noise and identifying threats. Overall, I would describe the accuracy and reliability of the outcomes as strong for day-to-day security operations.

The key improvement areas have already been covered, but one additional investment would be workflow efficiency to allow new users to administer it effectively.

While the platform is powerful and very positive, simplifying configuration and reducing the learning curve for our team to adopt advanced features would be beneficial. This improvement would make deployment and day-to-day management more effective. I rate this review nine out of ten overall.

I use Trellix XDR mainly for security purposes. I have multiple sources like endpoint, network, email, cloud, and identity that I can view in a single platform for detection. I can investigate those alerts and respond to specific alerts across multiple teams.

When I receive an alert, I prioritize it based on business risk. For example, if I detect a malware incident that is critical and a true positive, I will isolate it and mitigate the incident based on my use cases.

I have integrated Trellix XDR with multiple security sources like email gateway, network, and SIEM so I can consolidate them. In real-time, I have integrated with multiple security sources, which is helpful for me to view in a single platform.

One of the best features that Trellix XDR offers is that it is a centralized platform where I have multiple visibilities across multiple security tools. It helps me reduce alerts by correlating alerts from multiple sources. I can investigate and respond to incidents faster. When providing this to an enterprise, the tool is mature enough that they can implement it across multiple teams.

When Trellix XDR helps me correlate alerts and respond faster, it saves me time. For example, if I detect malware on an endpoint that is communicating with a malicious IP, the IP will be detected in the firewall. It is easy to correlate, contain the system, and block the IP.

Since implementing Trellix XDR, I have noticed positive impacts on my organization. Previously, before implementing Trellix XDR, my analysts had to view all the security dashboards including the firewall, endpoint, SIEM, and email gateway. They had to use each tool, take action, and respond to specific incidents in each tool separately.

The main area regarding Trellix XDR improvement is that setup and tuning can be complex because it requires a skilled analyst based on utilization. Another concern is cost. If an organization has multiple security products, the cost will be higher.

Integration with third-party tools is easy, but when a new or fresh analyst works on Trellix XDR, it might be more complex and they require support from a senior analyst. In some cases, when compared to CrowdStrike or Microsoft Defender, it is less preferred.

I have around three-plus years of experience working with Trellix XDR. Previously, I was working in a security-based, service-based company where we provided POCs and implemented Trellix XDR with end customers, and we also implemented it in our own environment.

In my experience, Trellix XDR is stable. There is no downtime, or if there is, prior notification is sent to us so we can prepare accordingly. The support is also strong.

Trellix XDR has good scalability because it can handle multiple security sources and multiple logs. Since we use the cloud, we have multiple storage options to store the logs. Scalability is strong.

The customer support for Trellix XDR is excellent. I can directly chat with a support agent, and if I require remote support, they will send a link to join a session and help me resolve any issues I have faced.

Before Trellix XDR, I was using a SOAR platform, specifically FortiSOAR. Previously, I had multiple Fortinet products. My organization planned to switch to Trellix, McAfee, and FireEye because we could easily integrate with multiple platforms. Based on the salesperson and senior management recommendations, my organization made the decision and adapted accordingly. It was easy to use.

I have seen improvements in efficiency since using Trellix XDR. Previously, I was receiving around 200-plus incidents. Currently, I am receiving around 40 to 50 incidents. The 40 to 50 incidents are fewer because I resolve some as false positives. The workload has been reduced and the ROI has improved by around 20 percent. It reduced my work as well as the pressure for my analysts.

Before choosing Trellix XDR, I evaluated CrowdStrike XDR and FortiXDR. I evaluated multiple products during my selection process.

My advice to others looking into using Trellix XDR is that the main consideration is whether they have multiple products and truly require XDR. For example, if they have multiple security products, limited time, and a high volume of alerts, they should consider Trellix XDR. They can implement and integrate multiple security tools, remove false positives, and focus on real incidents. I would rate this product an 8 out of 10.

My main use case for Trellix XDR is as a security analyst; I typically use it for security operations, threat detections, and incident investigations for cyber security threats.

One of the real-world scenarios where I've used Trellix XDR involves the investigation for suspicious endpoint activity, which is a kind of EDR activity. Initially, we identified that the suspicious activity came to us as a low priority alert. However, after implementing Trellix XDR, when we used the tool to check on the same, it gathered all the events from multiple sources and provided additional context about the overall activity, which helped the SOC team identify the higher risk threat scenario much faster than the traditional method.

I have observed two of the best features of Trellix XDR. The first one is Centralized Investigation, which provides a centralized investigation for all security-related activities and helps improve our priority metrics, risk-based analysis, and risk score. The second feature is its ability for cross-platform threat correlation, meaning the platform helps to correlate all events across endpoints, network activity, security controls, and threat intelligence sources, providing us with a more in-depth view in terms of threat detection and threat research.

The Centralized Investigation feature has significantly improved my workflow by providing a single interface for investigations, which reduced context switching between multiple tools and improved analyst efficiency. This is a great help for the SOC team, reducing time and effort by almost twenty to twenty-five percent on a monthly basis.

Trellix XDR has positively impacted my organization in a couple of major ways. The efficiency of the SOC team has increased, and incident investigation speed has improved significantly. Previously, it took a lot of time to acknowledge and close incidents, but now the investigation speed has increased, reducing the closure metrics by at least ten to fifteen percent. Additionally, it has enhanced threat hunting effectiveness as it is a centralized solution providing all the intelligence and analytics from log data.

The improvement in incident investigation speed is measured through mean time to closure, and we have gathered this information on a weekly basis. The time has reduced for P2 and P3 tickets by nearly twenty percent, and for P1 tickets, it has decreased by almost five to ten percent. Previously, we took a lot of time to close incidents, but after implementing Trellix XDR, the tool has decreased the time and effort, increasing overall effectiveness as per the risk matrices.

I believe Trellix XDR could improve better visualization of attack paths and threat relationships. Having used Microsoft Defender for Endpoint and Microsoft XDR, I found better mapping in visualization there. Thus, I think this area could be improved in Trellix XDR to help detect threats more actively.

I have been using Trellix XDR for about one and a half years.

Trellix XDR is stable in my experience, and there are no issues with reliability.

Trellix XDR's scalability has been good; in our environment, we have fed a lot of data logs into the tool, and it has been reliable and scalable with no issues.

I have previously used Microsoft solutions for XDR and Defender, but I haven't switched; I used that for another client. I'm using Trellix XDR for another client because I work in a consulting company and need to use all the tools my clients require.

Only the client chooses these solutions, and we are just the implementers and operators.

I have noted that Trellix XDR helps decrease the overall incident response time, which is almost twenty to twenty-five percent, so that is the metric I can provide regarding return on investment; it is time saved.

I don't have any experience with pricing, setup costs, or licensing because our customer purchased the tool.

If you want a centralized solution and aim to reduce incident response time in SOC operations, I advise implementing Trellix XDR. It will help significantly in SOC operations and threat hunting.

Regarding Trellix XDR's AI capabilities, I think the governance should be maintained, and compliance must also be not overlooked. While it provides AI-generated responses, user intervention and approval must be in place whenever we're gathering information from its AI generative responses.

We have not utilized the AI-generated responses yet because we are currently handling tasks manually. However, I feel that with AI-generated responses, we cannot fully rely on them, as only sixty to seventy percent of the data will be accurate, and the rest may result in false positives. We need to manually check and validate all that data.

My review rating for Trellix XDR is six out of ten.

My main use case for Trellix XDR is protecting our customers from threats outside the company and definitely inside the company.

A quick specific example of how I use Trellix XDR to protect my customers from threats is that Trellix XDR is a complex solution that includes different apps, I would say, modules. For example, one of them is DLP, Data Loss Prevention. We set up different policies, for example, if it's a bank, to protect from leaking data because data is quite critical there. Another one is antivirus, so sometimes we just install it on endpoints. And sometimes if it's a Trellix XDR solution, it usually combines with antivirus, firewalls, and SIEM systems.

Trellix XDR has impacted my organization positively as it's a security solution that protects us from threats. This is definitely positive because our information is critical, our service is critical, and our users and their endpoints are critical, and Trellix XDR helps us protect them. I can share specific outcomes or metrics that show how Trellix XDR has helped protect my organization, for example, with DLP solutions. We have real metrics because we could not only block some threats but also monitor some user activity on sensitive data. We can see that some people can access sensitive data that they shouldn't, and we can make movements to limit these users from using this sensitive data. Trellix XDR with DLP models helps us.

I would say the best feature Trellix XDR offers is scalability. It's quite simple to scale your needs for your business. For example, you can start as a small company and when you own Trellix XDR, as your company grows, you can grow your Trellix XDR subscription from on-premise, for example, to the cloud.

The scalability feature has helped my organization specifically by allowing us to usually grow the number of licensing. For example, some customers are just trying for POC for one department, for example, ten user licensing. After they decide to buy fully, sometimes we sell one hundred, one thousand licenses.

I would say Trellix XDR can be improved if they develop, for example, DLP and ePO policy orchestration on a Linux system. For example, ePO also uses Microsoft SQL Server, which has a free version, but when your organization grows, you need a bigger database to maintain all this data. So I would suggest that Trellix should develop, for example, installations on Windows and free databases such as Postgres, maybe some MariaDB, or any other databases.

I chose eight out of ten because they have some downsides. As I mentioned, regarding how Trellix can improve, this step that I told you about developing the ePolicy Orchestration on Linux and another database not based on Microsoft SQL Server is important. Another reason is that their support sometimes is poor. For example, I had experience when my ticket was opened for a few months, and I pinged them every week, and they haven't responded to me. It's sometimes inconsistent; sometimes they're fast, but sometimes they have not-so-good support.

I have been using Trellix XDR for three to four years.

I would say Trellix XDR is stable. It's a company with solid security experience.

The scalability of Trellix XDR is great. It's not a problem with that, as you can scale from ten licenses to several thousand. It doesn't matter if you have on-premise or in cloud or hybrid, and you can switch from cloud to on-premise if data is critical for you or vice versa.

I would rate the customer support at Trellix XDR a six out of ten because I had some bad experiences when they haven't answered my requests for weeks. That's very bad.

I haven't switched from a different solution; I'm using it in parallel in other companies. For example, I use a solution from Fortinet and also from Microsoft.

My experience with pricing, setup cost, and licensing is quite simple if you have your channel manager on Trellix. So it's not a problem to buy a license for them on different projects. Furthermore, if you have a potential customer, you can order even a POC for several months. Not all vendors could give this experience. For example, ePolicy Orchestration gives you a free trial for ninety days, three months. That's a lot of time, and they have trial versions for almost all their products.

I can't share precise numbers regarding return on investment because it's quite closed information, but I would say that we fired some employees that Trellix XDR detected had potential risks. We checked on these individuals, and they actually did something not good for our company. Trellix helped us save our information, which is the most critical, and also save money.

Before choosing Trellix XDR, I evaluated other options, specifically Fortinet.

Regarding Trellix XDR's AI capabilities, I think it's quite hard to answer because there are two things. First, some AI capabilities are something new in Trellix and they have been seen on EDR and DLP as well. But also, it's a security company; they must protect us and their own products from some threats and vulnerabilities. So I think they just started this path.

Regarding Trellix XDR's AI capabilities, I think the accuracy and reliability of output need more time for testing. These AI capabilities appeared a few years ago. But if security companies implement, I mean Trellix XDR, I think it's quite good because we will face threats that come from AI, and a company providing security solutions must implement this solution as well.

My advice for others looking into using Trellix XDR is that it's not a simple solution. I would recommend making some certification, maybe exams if you need, or just looking in the guides deeply. I know there are many people, for example, on Udemy, who provide support and courses on Trellix. You could also buy some support from a company, from Trellix.

I gave this review a rating of eight out of ten.

My main use case for Trellix XDR is to ingest, correlate, and contextualize multiple streams of telemetry and TTPs from threat vectors, making the complex things easier for us. It removes the hard task of manual detection and investigation cycles and offers a more business-efficient, centric response style. A scenario could be that we might be seeing some unusual lateral movement, and then through a very common dashboard, we could just see the attachment and what's happening with it with the timeline, correlate the logs from one single dashboard and console without having to switch between consoles and losing context. It's just a one end-to-end solution.

Trellix XDR offers several valuable features. The best include automated incident response, which automates the whole handling from case assigning to case handling. It automatically integrates to the smaller platform as well, where the higher analyst can take it up and mitigate the issues.

The platform has signature-based and behavioral analytics as well, which identifies threats proactively. It also has a built-in MITRE ATT&CK framework integration, which categorizes cyber attacks and patterns within those frameworks and trends.

Trellix XDR has over 650 third-party integrations and you can use the connectors to integrate them within the same workflow. The scalability across business sizes is also one of the main important factors because whether it is a small business or a large enterprise, the platform can adapt to the organization's needs.

At the time of the sale of this product for our company, it was told that it is one of the few solutions which offer on-premises deployment, which is really beneficial for high security standards and for government-based dealings and government-based security.

Trellix XDR has impacted my organization positively because time was definitely saved because of the automated response. The positive impact was definitely there in terms of both time saved and people being cut down from the team to have a more efficient and cost-saving team.

Trellix XDR can be improved because it has a complex initial setup. We personally had trouble in the initial configuration of Trellix XDR and it was very time-consuming for us. It requires careful planning and expertise as well because the syntaxes are not that user-friendly and the UI/UX is not that user-friendly either. For the first-time user, the designing part will be a bit tricky and it will be a bit annoying as well because there's no readily available documentation for this.

There is the false positive problem which Trellix XDR is known for, which can lead to alert fatigue and increased workload for the security analyst. The product also has poor SKU guidance from the sales team, and the support team is also not that well-versed in what they are doing. Trellix support team is not highly regarded because they follow a whole hierarchical process to escalate the complaints and the feedback requests, and the resolution can take very long, from two to three weeks to a month, which is not really viable in a cyber security landscape which is moving this fast.

I have been using Trellix XDR for about 1.5 years.

Trellix XDR is quite stable, but sometimes they rolled out some updates and patches without letting us know, which is a common problem for the whole Trellix ecosystem. The system would go down for half an hour, an hour, or two hours in the off-hours which would then impact the business, impact the alerts, and the flow of alert. We would have to manually figure out the missing events and the missing logs. This is a bit of an annoyance that we had to deal with every two or three months.

The customer support is not that great. I would not rate it more than a three or a four out of ten because it follows a hierarchical process. The most basic thing that you need from the vendor is support, and by the time they resolve it, you probably would have figured it out by yourself because the resolution came after weeks or months.

I previously used Defender and then there were some constraints from the client's side for their budget, that's why I switched to Trellix XDR.

Trellix XDR has a complex initial setup. We personally had trouble in the initial configuration and it was very time-consuming for us. It requires careful planning and expertise as well because the syntaxes are not that user-friendly and the UI/UX is not that user-friendly either. For the first-time user, the designing part will be a bit tricky and annoying because there's no readily available documentation for this.

I have seen a return on investment because, in terms of employees, 15 were cut down to eight, and it was also saving us time from the whole dashboard automation. All of the alerts were centralized to one platform and we did not have to waste time juggling around with different systems.

The pricing is a bit tricky because at the time we got it, the pricing was cheap, but later on they bumped up the prices. Currently, I would say the pricing is only good for the large enterprises and not for small businesses anymore because the large enterprises can afford it and Trellix has been focusing on large enterprises only.

My experience with pricing, setup cost, and licensing was that back at the time when we bought the license for Trellix XDR, the price was quite competitive for the given set of affairs. But currently, they have bumped up the prices and that is why we have now moved to a different solution totally. We have left Trellix XDR. The pricing was the main factor because the features were not there and they were charging more from us. The pricing is good for large enterprises which can afford it, but not for small businesses anymore.

Before choosing Trellix XDR, I evaluated other options such as CrowdStrike and Palo Alto.

My advice to others looking into using Trellix XDR is that if you are a small business or a small enterprise, do not look into any Trellix products at all. You are better off with other products. If you are a large enterprise, take this with a grain of salt that you will have issues with Trellix XDR, you will have issues with the customer support, but it's still good if it's worth the buck. If you are getting competitive pricing, then that's good. I gave this review a rating of six out of ten.

I use Trellix XDR when I need to perform threat hunting on both network and endpoint levels. I go to Trellix XDR in these situations for various purposes.

Trellix XDR provides a comprehensive suite of solutions, including EDR, NDR, DLP, and endpoint security. I use it frequently when dealing with a customer who is starting their cybersecurity journey because they offer a wide range of cybersecurity solutions at a good price point. The products are bundled together. Although they have an expensive licensing model, if you bundle some products or more than one product, the pricing becomes reasonable. It is very simple for the customer to work with a single vendor and a single dashboard, managing DLP, endpoint, network, Trellix XDR, email gateway, web gateway, and more.

The AI-assisted troubleshooting and threat hunting capabilities, along with the machine learning functionality, are the biggest advantages of Trellix XDR that stand out for me.

The automated threat detection part is used for security, and it is part of the offering. The core functionality includes EDR and NDR, and Trellix XDR gets threat detection on both the network and endpoint levels. Trellix XDR adds the excellent threat hunting capabilities as well, and it includes forensics.

Regarding contextual data enrichment, it helps me prioritize threats with Trellix XDR. The data enrichment is intent-based, where I can describe what I want to see, and it will retrieve that information for me. It provides logs and feedback in very understandable English commands when it comes to context. This is accomplished through their use of AI.

Trellix XDR should get involved in AI security itself. They use AI, but they do not secure AI. They need to move in the direction that Trend Micro, F5, and Palo Alto have taken. Trellix XDR is not involved in this field, and their licensing prices are fairly expensive as well.

It is not the biggest difference, and they are a good player, but they should get involved in this field. The trend these days is moving toward AI security, and Trellix XDR should align with this direction.

I have been using Trellix XDR for two years.

Most people, when they have issues with Trellix XDR, encounter problems with features or functionality rather than stability concerns. Support and stability are good.

They are continuously improving. They were good, and they are getting better. Now they have a team in Egypt, which they did not have previously. This team is not just support, but they have a technical team in Egypt for pre-sales and implementation, which is part of the support function as well. Having a local team here is a huge advantage.

Trellix XDR is scalable enough for our needs.

I would rate technical support at 8.5 points.

We are distributing all of these solutions, including Trellix XDR, Nozomi, Kaspersky, F5, and Palo Alto.

The installation is normal and not complex. It is average for installation.

I do not remember the controller name because I did not perform the configuration myself. As I mentioned, I am a solution architect. I do not do configuration; we focus on design itself.

I believe it is fairly straightforward to use, accessed via GUI from the AI. I did not use any metrics to evaluate the effectiveness of Trellix XDR. My overall review rating for this product is 9.

We are selling Trellix XDR products including DLP and EPP solutions. We sell Trellix XDR for endpoint protection. We are selling endpoint security with Trellix XDR by correlating the telemetries with the EPP solution for a more enhanced security solution to analyze multiple types of threats such as lateral movement and malware threats. We analyze the severity and create playbooks accordingly.

The biggest advantage of selling Trellix XDR is that we are able to integrate multiple security solutions with Trellix XDR, including network, firewall, Microsoft Entra, and cloud solutions.

We are able to automate threat detection with Trellix XDR by creating playbooks. We are able to do group-wise security creations of threat investigation and threat prevention, and we are able to do one-by-one endpoint policy creation, on-demand scans, and multiple types of security controls such as device control, USB blocking, web control, and Advanced Threat Prevention.

There is threat intelligence in Trellix XDR, but we are not drilling down into the threat intelligence in the solution. Getting the telemetry data from the endpoint with Trellix XDR helps us detect the severity based on malware types, techniques, and tactics with MITRE mapping. It shows us with a single click if multiple endpoints are affected by the same threat vectors. We are able to see correlations of the threat vectors and determine which threat vector occurred first through the Root Cause Analysis provided by Trellix XDR.

We are able to automate threat detection with Trellix XDR by creating playbooks. This is the biggest advantage of selling Trellix XDR. We are able to integrate multiple security solutions with Trellix XDR, including network, firewall, Microsoft Entra, and cloud solutions.

Getting the telemetry data from the endpoint with Trellix XDR helps us detect the severity based on malware types, techniques, and tactics with MITRE mapping. It shows us with a single click if multiple endpoints are affected by the same threat vectors. We are able to see correlations of the threat vectors and determine which threat vector occurred first through the Root Cause Analysis provided by Trellix XDR.

The CPU utilization is very high with Trellix XDR. We are getting multiple types of CPU utilization from the EPP solution, with the EPP agent reaching as high as 80 percent CPU utilization. This creates big challenges for us.

The support experience is also concerning. When we require support from Trellix immediately with high priority, we receive multiple emails requesting logs of various types. After that, we have to escalate to Trellix higher management, and then their agent will come in for a remote session to resolve any issues.

I would give them eight out of ten points because of the high CPU utilization and the delayed support we experience.

We have been selling and deploying Trellix XDR solutions for over five years.

Trellix XDR is ninety percent stable.

It is easily scalable with Trellix XDR.

Customer service rating: four out of ten.

Positive

I am able to observe some return on investment with Trellix XDR. We are getting approximately twenty percent return on investment with Trellix XDR.

We do not currently use specific metrics to evaluate the effectiveness of Trellix XDR in detecting genuine threats.

Trellix implementation is very easy, and there are no challenges with the implementation process. However, we are getting some challenges from Trellix regarding high CPU utilization.

Because Trellix gives us multiple types of modules, we are using a single ePO console for multiple solutions including application control, DLP, and XDR. This centralized management console allows us to manage any type of product we are purchasing from Trellix with a single console.

I give this review an overall rating of nine out of ten.

I am working with EDR and XDR, focusing on migrating on-premises solutions to cloud-based solutions. We are utilizing XDR for cyber threat detection and response.

The analytics assessment and flexibility of the platform are valuable. Trellix XDR integrates with other systems like SIEM, improving forensic analysis and visualization of cyber activities. It features embedded machine learning and cyber intelligence capabilities.

The EdgeGear solution is an area that requires attention, specifically regarding AI solutions and intelligence features. We are still investigating how XDR performs and will identify areas for improvement as we deploy it further.

I have been working with Trellix solutions for eight and a half years.

Trellix XDR is highly stable, and I would rate it a ten out of ten for stability.

I would rate the scalability of Trellix XDR as eight out of ten.

Technical support is crucial, especially when facing critical issues. It's rated six out of ten. Improvements are needed in the support sector, with a focus on providing expert assistance during production periods.

Neutral

The initial setup is not complex. Every solution needs an initial analysis to understand the features, simplifying the eventual deployment.

Since I'm a technical engineer, I don't deal with pricing or licensing. Our sales team handles those aspects.

Trellix XDR is an excellent solution that is continually improving. Given the evolving nature of cyber threats, it is essential to update the solution regularly. 

I rate the solution overall an eight out of ten.

We utilize the platform for airborne protection and redirection to enhance the environment's environment and that of our clients. Our primary focus is on this solution, and I am looking for more coverage for our security framework, particularly for our CGP program. Currently, HSA only covers host information, leaving us with limited visibility of system and network activity. Therefore, we need another SIEM solution to understand our system and network activities comprehensively.

The product's threat intelligence integration is extremely important. It enhances our ability to anticipate and respond to threats effectively, improving our security posture.

The solution's detection capabilities are very efficient. It contributes to our system's robust event detection and analysis, enabling us to respond effectively to incidents.

The platform should enhance compatibility with all other SIEM solutions. Customers should not feel constrained to using only Trellix products due to integration challenges, as this limits their options.

Future updates should prioritize enhanced integration features with third-party SIEMs and broader threat intelligence capabilities to improve the platform's adaptability in diverse environments.

I have been using Trellix XDR for at least two years.

The technical support team is responsive and helpful, particularly when addressing technical issues during deployment or usage.

Positive

The deployment is straightforward, and the interface is user-friendly, making it easy for security analysts and engineers to adapt to the platform. However, the functionality is not significantly different from other vendors' offerings.

From my perspective, Trellix XDR is competitively priced, given its detection capabilities, but the added cost for compatibility with other platforms can be a consideration for budget-conscious organizations.

We are exploring additional SIEM solutions to complement this platform, especially to gain insights into system and network activities.

Trellix provided initial training sessions and documentation. However, more comprehensive training resources could further enhance the team's proficiency in utilizing the platform effectively.

Its automated response is effective but has some limitations regarding integrating other platforms. Our agents are not fully compatible with other solutions, which restricts our ability to respond to threats across different systems.

I recommend this solution, particularly its robust detection capabilities and user-friendly interface. However, organizations should evaluate their specific integration needs to ensure compatibility with existing solutions.

Overall, I rate the product an eight out of ten.