Trellix Network Detection and Response and NetWitness NDR compete in the cybersecurity detection and response category. Trellix seems to have the upper hand due to its deep analysis and real-time response capabilities, while NetWitness is recognized for its broader visibility and ease of integration.
Features: Trellix Network Detection and Response offers comprehensive detection capabilities, zero-day vulnerability protection, and advanced sandboxing, integrating seamlessly with various security solutions for a unified approach. NetWitness NDR provides strong interoperability and visualization features, enabling easy network-to-endpoint pivoting and seamless platform integration.
Room for Improvement: Trellix could enhance cloud integration and VM customization alongside better network visibility and coordination with third-party solutions. NetWitness NDR needs improvement in threat detection, scalability, dashboard updates, and fraud detection features, along with better ServiceNow integration and licensing management.
Ease of Deployment and Customer Service: Trellix offers multiple deployment options, including on-premises and hybrid cloud, coupled with responsive customer service and solid technical support. NetWitness supports predominantly on-premises environments with good technical support but requires service responsiveness improvements.
Pricing and ROI: Trellix Network Detection and Response is viewed as a premium solution with high initial costs, but its threat prevention effectiveness and ROI justify the price. NetWitness NDR offers flexible pricing and licensing options suitable for various organization sizes, providing good value despite being seen as costly.
Investigations are generally faster because analysts have immediate access to relevant network context instead of manually piecing together information from multiple sources.
The time was reduced because of the automated detections.
If a threat can enter any endpoint that is exposed to the internal network, there is a potential gateway for hackers, leading to a loss of production or significant financial impact to the network.
The support team was responsive and knowledgeable.
Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents.
They were constantly relaying our message to the engineering team and the engineering team was looping that back to them and then to us.
The scalability of Trellix Network Detection and Response is easy; I just have to add another license in the same cloud, and I can easily increase the number of endpoints.
Trellix Network Detection and Response has handled that growth while continuing to provide consistency, visibility, threat detection, and investigation capabilities.
The connectors were always out of sync and we have had multiple noise floods from these connectors which were not configured well.
In my day-to-day use, it has consistently provided the visibility and detection capabilities we rely on for security monitoring and investigations.
In our experience, it has had a positive impact on our production environment and has proven to be a dependable part of our security operations.
I encounter no issues with health or reliability when the recommended specifications are met.
There should be improvements in AI intelligence, faster decision-making, and a more responsive technical support team.
It would be best if Trellix Network Detection and Response sensors were converted into a next-generation firewall with built-in capabilities for routing, switching, and Layer 7 functionality, as most next-generation firewalls today include these features.
Regarding needed improvements for Trellix Network Detection and Response, there is always room for enhancement in terms of AI capability to include proactive triggers based on historical data, enabling AI to learn patterns and detect threats before they manifest.
Trellix Network Detection and Response is an enterprise-grade security solution, so it represents a significant investment, but we believe that the value it provides in terms of threat detection, network visibility, and incident response justifies the cost.
The pricing model is not transparent, as they do not provide pricing ranges upfront, complicating the evaluation of costs across regions.
My experience with the pricing, setup cost, and licensing of Trellix Network Detection and Response is that they are very good and affordable for the customer range.
Per day we used to have 70 to 80 alerts and those could be reduced up to 40 to 30 a day. This is almost a 40 to 50% decrease.
Trellix Network Detection and Response has positively impacted my organization by addressing performance issues, specifically by offloading heavy traffic inspection and SSL inspection through sensors due to the limitations of the firewall.
Visibility is very important as it empowers users to understand what is happening; therefore, detection is one of the strongest features of Trellix Network Detection and Response.
| Product | Mindshare (%) |
|---|---|
| Trellix Network Detection and Response | 3.0% |
| NetWitness NDR | 3.4% |
| Other | 93.6% |
| Company Size | Count |
|---|---|
| Small Business | 10 |
| Midsize Enterprise | 2 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 35 |
| Midsize Enterprise | 11 |
| Large Enterprise | 23 |
NetWitness NDR provides robust network security features, offering full visibility and effective incident response. Its seamless integration and user-friendly interface support malware detection and real-time threat tracking.
NetWitness NDR stands out for its comprehensive traffic details and compatibility across operating systems. It features a unified dashboard and lightweight installation, making it user-friendly without IT support. The system supports orchestration features and user behavior analytics. While deployment is somewhat modular and complex, it serves well for network security, malware analysis, and digital forensics. NetWitness integrates smoothly with third-party apps using its intuitive API, though improvements could be made in areas like SOAR integration, hunting features, and scalability, alongside addressing pricing and licensing complexities.
What are NetWitness NDR's Key Features?Banks and telecom companies utilize NetWitness NDR for detecting indicators of compromise, analyzing intrusion history, and providing risk scores. It functions as both a SIEM tool and a network forensic instrument, proving essential for sectors focused on network security and threat prevention.
Trellix Network Detection and Response provides robust threat protection with advanced detection of zero-day attacks and APTs. Its user-friendly dashboard and real-time response capabilities enhance security and visibility across networks.
Trellix Network Detection and Response stands out with its MVX engine, leveraging virtual machines for comprehensive behavioral analysis. The solution supports detection of advanced cyber threats through features like sandboxing and application filtering, offering real-time response and packet capture for detailed contextual insights. Companies benefit from seamless integration with other platforms, enhancing usability and overall protection. User-friendly interfaces improve network visibility, while stability and ease of configuration safeguard against both signature-based and signature-less threats.
What key features does Trellix offer?Companies in sectors like finance, healthcare, and enterprise security utilize Trellix Network Detection and Response for tasks such as network intrusion detection, endpoint protection, and securing data transmission paths. It aids in threat investigations, pre-sales demos, and network forensics, reducing risks by protecting against cyber threats like phishing.
We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
