Trellix Endpoint Detection and Response (EDR) Reviews

We use the tool for threat hunting. It detects a lot of threats daily.

We do not need to monitor the network all the time because the solution is completely automated. The administrators’ time can be dedicated to improving other projects.

The antivirus and DLP features are valuable. Now, we have a campaign to encrypt all the drives of the company. We have a solution for network access control from Fortinet. When Trellix detects some threats, the device is isolated in a quarantine zone for examination. We integrate Trellix Endpoint Detection and Response with other solutions to perform such isolations. We also use products for log monitoring and correlation and create use cases for automatic response.

The technical support must be improved. We had a problem with the Web Control plug-in with Edge and Chrome. The plug-in was disabled, and the resolution took a lot of time.

I have been using the solution for two years.

The stability is good. I rate the tool’s stability an eight out of ten.

The scalability is good. I rate the tool’s scalability an eight out of ten.

I rate the ease of setup an eight out of ten.

Our clients were using McAfee before. We switched to Trellix because of its price and technical specifications.

We also have a DLP problem with Outlook. Sometimes, people cannot send emails because of an error. We detect the threat, and our clients manage the response. We send a communication, and the clients manage the response for the threat detected. We only administer the tool. Overall, I rate the product an eight out of ten.

In my company, we use Trellix Endpoint Detection and Response (EDR) since it is a very helpful product. In my company, we install Trellix Endpoint Detection and Response (EDR) for all our machines and endpoints, along with Trellix Cloud Security. Trellix EDR can be integrated with Trellix SIEM. Trellix and McAfee Endpoint Security are used in our company as they offer endpoint protection.

Trellix Endpoint Detection and Response (EDR) offers endpoint protection and helps collect information while also allowing users to investigate malicious files in an IT environment.

Trellix purchased McAfee two years ago. At this moment, it may seem a bit difficult if I explain Trellix and McAfee separately. Trellix Endpoint Detection and Response (EDR) and McAfee MVISION Endpoint provide endpoint protection. In the future, if Trellix can compile both the products, Trellix Endpoint Detection and Response (EDR) and McAfee MVISION Endpoint, into one solution, our company need not install multiple agents, which can reduce the workload for IT and make the tool easy to manage.

The solution's downside stems from the fact that Trellix Endpoint Detection and Response (EDR) and McAfee MVISION Endpoint are not combined into a single solution, so from an improvement perspective, they need to be combined into a single solution. If both tools are combined into a single solution, it will become easier for a user to manage and deploy such a product.

I have been using Trellix Endpoint Detection and Response (EDR) for two years.

It is a stable solution.

It is a scalable solution.

Around 600 users use the solution.

My company plans to increase the use of the solution by 20 percent.

I have experience with the solution's technical support.

Speaking about the product's setup phase, in our company, we deploy it with the endpoint management setup system. When in our company, we have any new applications, the endpoint management setup system automatically deploys for all the agents.

The solution can be deployed in twenty minutes to complete all the components of the installation phase.

For deployment, my company uses a deployment application since we have to deal with endpoints in my organization, and other than that, if there is a requirement for deployments, then we use it to take care of such a setup phase. The deployment can be done automatically for the endpoint.

The solution is mostly deployed on the cloud, but at times, it may be deployed on a hybrid cloud.

Speaking about the price, you must use the product to find the product's cost for you.

I recommend the solution to others in the future.

I rate the overall tool an eight out of ten.

I use the solution in my company for malware detection. My customers are mostly banking and government organizations.

The most valuable feature of the solution is its area for threat detection.

When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required.

The tool's support needs to improve in the areas of response it provides to users.

I have been using Trellix Endpoint Detection and Response (EDR) for two and a half years.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution an eight out of ten.

I rate the technical support a seven and a half out of ten.

Neutral

The solution is SaaS-based, and we have deployed it using the hybrid cloud model.

The tool's deployment phase is a lengthy process. For one endpoint, it takes 15 to 20 minutes.

The tool is cost-effective. Many agents need to be installed, and on-premises integration is required.

I haven't worked on the tool to see how it works for security workflow.

My customers have not seen any challenges while working with Trellix Endpoint Detection and Response (EDR) in terms of integrations.

The tool does not support any AI and security initiatives.

The tool is suitable for enterprise companies.

If businesses are completely on the cloud, then the tool is not required. If a company has a hybrid cloud model with an on-premises model, then it will be a good tool to use.

I rate the tool an eight out of ten.

We use the solution to detect and identify critical management activities. Within the network level, you can understand what is happening in the environment. Organizations using complex systems for various purposes can easily identify shared activity within the environment. There is a detection base that allows us to identify and manage threat events. The solution also includes licenses for forensic investigations of any attack that occurs. Details can be found within the platform's release at the end of the month or whenever needed. Any Trellix malware activity will be displayed on the dashboard, and the moderating services will be integrated into everything we have built.

The dashboard makes it easier and more effective to analyze data. It also allows us to access the AWS analytics and system features in one place. If we need to find specific details about an endpoint, we can determine what is happening and how any organization is affected by the data provided.

The better approach is to apply the necessary improvements to make the dashboard more effective and user-friendly. If simplified, users can investigate issues in more detail by clicking on the relevant sections. Making it simpler would enhance understanding and improve the investigation process. Customers currently using the system can view everything on a single dashboard, which is very effective for understanding all scenarios and activities.

Customers rely on a single platform When they notice an incident, response, or attack. In SOC analysis teams, especially in banks or traditional organizations, the entire team needs access to the scenario on one platform. This allows them to understand the dashboard and detect any ongoing activity easily. Once they identify an issue, they can proceed with further analysis. Customers need a clear and visible platform that helps them understand when and how their site is being compromised.

The dashboard is split across different platforms. For example, if you want information on Incident Detection, you have to access one dashboard, and for DLP reporting, there's a separate platform. This fragmentation means you can't access everything from a single dashboard. Instead, you must navigate various options to find the right dashboard. This setup results in a separate view for each function. Ideally, we'd like to consolidate this into a unified platform, making it easier to identify site behaviors from one centralized dashboard.

I have been using Trellix Endpoint Detection and Response (EDR) as a reseller.

We initially used McAfee's VSP and Varia System Enterprise products. After transitioning to Endpoint Security, particularly in version 10 or 7, we encountered performance issues on systems running Windows 7. The high resource utilization caused significant slowdowns, leading to numerous complaints, especially from Sakasho. The EDR was consuming too many system resources, which impacted overall performance. However, with the newer versions, like those in the InVision EPO, these issues seem to have been resolved, and the system now operates more efficiently. The current product is expected to be much lighter and more stable.

I rate the solution’s stability an eight out of ten.

I highly appreciate service architecture. They are developing day by day.

We are an enterprise that provides solutions through Trellix EDR that various external customers use. Our solutions are deployed in a large and diverse environment, including companies, telecoms, and major banks. These organizations rely on our products for their protection needs.

There are multiple ways to get support. You can create a case through your partner or support portal by calling. If necessary, you can raise a call and follow up immediately.

Positive

We operate within our environment and country. One of our clients, is interested in using our on-premises solution. They are hesitant to adopt a cloud-based solution due to concerns about data security. They worry that storing data in the cloud could expose it to unauthorized access. They are confused about how the cloud handles sensitive data like CPU data and prefer to keep their information on-premises. However, other banks have embraced cloud solutions and understand their value. Over time, as more companies study and become comfortable with cloud technology, we believe others will also follow and move to the cloud. We hope to maintain their interest in our services.

Its machine learning capability is strong, and the AI configurations and system integration enhance its effectiveness. The API solutions added to this system allow us to detect and respond to incidents quickly. The quick response is also due to Edge Solutions and specific-type solutions, enabling us to conduct thorough investigations and generate reports on the platform. 

I recommend Trellix Endpoint Detection and Response (EDR) because it offers strong capabilities. It’s worth noting that XDR solutions are also available and might be more effective. These XDR solutions are advanced technologies with enhanced features, including improved API integration.

Overall, I rate the solution an eight out of ten.

As a user, I didn't have any concerns about technical aspects where I was working previously. Working together. So, we sell licenses of McAfee. We had a promotional activity in which when you buy a cell phone, you get a McAfee subscription for mobile, and we used to offer a license of McAfee with an internet connection.

Blocking browser navigation is a feature of the solution with which we have experienced success.

The fact that it is easy to manage by consumers, families, small businesses, or parents while blocking traffic is a valuable feature of the solution.

For Spanish users, it is necessary to have a knowledge base specifically designed for them, which is currently not available.

Blocking other browsers should be a feature introduced in the solution. At this time, you can control Safari and Microsoft Edge. But I don't know about the other browsers.

I have been using McAfee MVISION Endpoint Detection and Response for five years. We use the solution on mobile and in the cloud. Also, my company is a reseller.

There are issues with the solution on the other browsers. So, I don't know if any feature is enabled in the solution to resolve the issues.

We have been providing a lot of licenses, and we never had a problem. So, it is a scalable product. For personal use in my family, I may have plans to use it.

I rate the technical support a ten out of ten.

Positive

The solution's initial setup process was simple.

There has been a return on investment since it is a good business. Hence, we embedded the solution in our services. So, I know that this is a good investment.

My company does provide the solution at a good price for our customers. The solution needs to support their Spanish customers. Overall, I rate the solution a nine out of ten.

We use McAfee MVISION Endpoint Detection and Response for our endpoints, and we are currently trying out the solid core. The tool scans even memory sticks and shows you what's going on with your network.

What we're using the most and what we found valuable in McAfee MVISION Endpoint Detection and Response are Web Control, Advanced Threat Protection, and Threat Prevention features.

The alert feature of McAfee MVISION Endpoint Detection and Response needs improvement because for you to get the alerts, you have to log on to the portal. What my company needs is a tool that sends you alerts. For example, if it detects a threat on your machine, it should send you an alert. My company gets the alerts instead from the antivirus software rather than the EDR. If you want to see the alerts on McAfee MVISION Endpoint Detection and Response, you have to connect to the system manually.

Another area for improvement in the tool is the reporting. My company needs weekly and monthly reports about the alerts, but you can't extract reports from McAfee MVISION Endpoint Detection and Response, so a decision was made to move to another EDR solution, particularly Microsoft Defender for Endpoint, next month. My company tested Microsoft Defender for Endpoint via a POC for one to three months.

The resource usage of McAfee MVISION Endpoint Detection and Response is also an area for improvement because it consumes a lot of memory. For example, during the on-demand scan, you can't work because of the high CPU usage. You need to schedule the scans.

McAfee MVISION Endpoint Detection and Response has a lot of modules, but my company doesn't use all modules.

I've been using McAfee MVISION Endpoint Detection and Response since 2020.

I've contacted the technical support for McAfee MVISION Endpoint Detection and Response many times. It takes time for the team to respond to the cases, but at the end of the day, you do get a response.

The initial setup for McAfee MVISION Endpoint Detection and Response was easy. It wasn't complex. What took long in terms of setup was linking the tool to the on-premises ePO and configuring the DXL which was a challenge. McAfee was involved, but it still took time to configure.

I've seen ROI from McAfee MVISION Endpoint Detection and Response.

McAfee MVISION Endpoint Detection and Response is reasonable in terms of cost. It's a tool my company has been using for a few years now. It costs $25,000 to $30,000 for six hundred users.

We evaluated CrowdStrike aside from McAfee MVISION Endpoint Detection and Response. Though it's a good product, we couldn't afford CrowdStrike.

I'm a user of McAfee MVISION Endpoint Detection and Response. I work for a bank.

McAfee MVISION Endpoint Detection and Response is deployed both on-premises and on the cloud in my company.

My company has six hundred endpoints on McAfee MVISION Endpoint Detection and Response. The tool is installed on six hundred machines or devices. Two administrators take care of maintaining the tool.

My advice to people who want to implement McAfee MVISION Endpoint Detection and Response is that it's a good product, but it has its limitations.

My rating for McAfee MVISION Endpoint Detection and Response is seven out of ten.

It has been helpful in terms of identifying unknown threats. The file is available on the endpoint, and the information is retrieved to identify any unknown or malicious file and then converted to a known file.

The endpoints and utilization are too high, which impacts the production activity. 

There are no additional features I would add. The McAfee MVISION Endpoint Detection and Response already has multiple features required for an IT solution.

We have been using this solution for two years, and it is deployed on-premises.

From a solution point of view, it is a stable solution.

It is a scalable solution and very easy to use in terms of hardware or sizing.

In terms of the number of users, because we are a banking environment, the IT department, bankers and people on the business side use this solution. Therefore, a minimum of five people is required to manage the environment. We currently use it to its full extent but plan to replace it.

The technical support is very good, and we have never had problems with them.

Neutral

We used a different solution for more than 15 years before we migrated to McAfee MVISION Endpoint Detection and Response.

The initial setup was very straightforward. I rate the initial setup experience an eight out of ten. We used a third-party tool, and the deployment took a couple of months. 

Regarding ROI, I do not have precise numbers, but I rate it a four out of ten. 

We have a perpetual license that is renewed annually. I do not know the specific price in terms of costs, but I rate the cost a six out of ten. We also get the whole package for this solution in a bundle.

Before we chose McAfee MVISION Endpoint Detection and Response, there were other options available like Carbon Black, Cisco and Trend Micro.

If I were to advise on this solution, it would be that irrespective of the endpoint a company uses, it should have a good endpoint configuration. I would rate this solution a nine out of ten.

The product provides a one-click recovery of encrypted files. Threat hunting is marvelous.

The product must improve the ability to work with different operating systems like Windows and macOS. The CPU utilization of the product is quite high compared to its competitors. The agent file size is higher. The number of services that run on a system is quite high. Other EDR solutions have only a single service running on it.

I have been working with the product from the day of inception. I am using the latest version of the solution.

The stability is good. I rate the stability a nine and a half out of ten.

I rate the tool’s scalability a ten out of ten. The solution is suitable for small, medium, and large enterprises.

The support is great.

Positive

The initial setup is simple. It can be done in a couple of days. The solution is cloud-based.

The product’s aggressiveness in competing with the competitor's pricing is almost nil. The pricing is always high. I rate the pricing a three and a half out of ten.

We can compare the tool with SentinelOne and CrowdStrike. Kaspersky and Trend Micro cannot compete against the solution.

People must always evaluate the product first. They must see the difference in manageability and flexibility of the licenses. They must also consider the manageability and flexibility of the software before making a decision. Overall, I rate the solution a nine out of ten.