Trellix Endpoint Security Platform Reviews

The solution is used, especially by those who want an antivirus product. It is also useful for those looking for tools that offer endpoint detection and response features. The product offers multiple features, one of which is endpoint security.

Sometimes, one might face issues with the scalability of the product. The aforementioned area can be considered for improvement.

I have been using Trellix Endpoint Security (ENS) for five years. I operate as a system integrator of the product in my company.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution a seven out of ten.

My company caters to the needs of small, medium, and large-sized businesses.

I rate the technical support a ten out of ten.

The product's initial setup phase was straightforward.

The solution is deployed on the cloud and on an on-premises model.

The time required for the deployment of the product can vary, and it also depends on whether the company has been actively using the product.

The price of the product is similar to the ones in the market that offer the same features.

The product has improved its malware protection features since it provides a couple of features that no other solution does. The tool is helpful for multiple companies.

The tool streamlines the incident response process.

The most effective part of the product for threat prevention is related to the tool's rollback feature.

Trellix Endpoint Security (ENS) is like an antivirus tool, but it doesn't alone provide the rollback feature since it is something that is possible with Trellix Endpoint Detection and Response (EDR).

The tool does provide adaptive threat protection features.

I recommend the product to those who plan to use it.

I rate the tool a seven to eight out of ten.

The solution is used for drive encryption and as a policy orchestrator.

The endpoint security, antivirus and firewall are the most valuable features of Trellix Endpoint Security.

Trellix Endpoint Security is pretty hard to configure and maintain. You need to have a dedicated person for the solution. It is very complex when you want to change the data loss prevention and data leak prevention policies. It's quite hard to give some exceptions on specific computers. It's not very fast onboarding with the orchestrator.

The solution should provide a more easy way to uninstall it on specific stations.

I have been working with Trellix Endpoint Security for two years.

The solution’s stability is quite okay.

I rate Trellix Endpoint Security an eight or nine out of ten for stability.

Trellix Endpoint Security is a scalable solution. Around 200 users are using the solution in our organization.

Currently, the solution's initial setup on a new computer is quite simple. Although some time is needed to configure all the policies, especially for our needs, it is not too difficult.

The deployment takes one week internally and two days of professional help from a local vendor partner.

It is enough to have one administrator for the solution’s maintenance, but we do not have one full-time administrator. A dedicated person is needed for the maintenance and monitoring of the solution to take it to its full potential. The resources or computers needed to use the solution make it quite expensive. Especially if you put the drive encryption and don't have new computers, you will have to delete multiple files, which is quite a pain.

The solution was implemented by a local vendor partner.

We have seen a return on investment with Trellix Endpoint Security in terms of time.

Compared to Bitdefender, Trellix Endpoint Security is more expensive, but considering it comes with DLP, the solution's price is fine. The licensing cost for the solution is 20k a year for 400 users and 10k for 200 users. You don't have to pay additionally for the solution's maintenance.

The solution's effectiveness depends a lot on the stations that you want to install it on. I will not recommend Trellix Endpoint Security for people with a lot of small text files on the computer. The DLP solution is quite okay. It is not so easy to configure in terms of the computers and permission to allow USB devices on specific computers.

Overall, I rate Trellix Endpoint Security a seven out of ten.

The endpoint of Trellix itself should be placed within an enterprise with more than 200 or 300 endpoints. And then, an administration council should be used to administrate these endpoints and get the updates, including any virtual batching needed, and so on. This is the most usual case for this product. However, of course, there are other supportive add-ons, or sensors, to be added to this endpoint - including the EDR, the endpoint detection response, sensor. 

The user behavioral analysis feature is great.

It patches the operating system which is running on it until there is an available patch for the operating system itself.

The user experience of the administration has to be reviewed or refined. It's not friendly, not that easy.

If I could sell my customers the endpoint protection software in addition to the EDR software as a single package, that would be ideal. 

Technical support needs improvement. 

I started using the solution around four years ago.

The stability depends on the version. I'd rate reliability eight out of ten. With some other versions, especially the old ones, you cannot even rate them five out of ten. The newer versions are much more stable?

The scalability is okay. I'd rate it seven or eight out of ten in terms of ease of scaling. 

We can just embed new features to the original package just to include everything so that you do not need to ask the customer to get full coverage by adding an add-on license, and so on.

Typically, enterprises use the solution. It's used, for example, within the financial sector and most of the customers are banks, FinTech companies, or financial organizations. Organizations may have 500 to 5,000 users.

Some of our products have a first and second line owned by us. We are giving support services to the customers instead of the vendor. Some other products are supported directly by the technology vendor, however.

Technical support from the vendor is very bad. 

Usually, when the customer submits a ticket, they put a severity level on the case. Whenever the case is very important, and there is a real malfunction in the product on the customer side, and there is something down that needs someone to have a look immediately, it takes more time than it should to even engage with the customer. 

When someone has to contact the customer and have a remote session within the customer environment, they sometimes lack in terms of communication with the customer. The support centers are located in the East and not all have an acceptable level of English in order to communicate directly with the customer. 

Neutral

We did previously work with Trend Micro. We also worked with Kaspersky and also ended the contract. 

Trend Micro is more attractive than Trellix from a sales perspective since most of the features are already gathered within it as one solution. The interface is much more user-friendly for the customers as well. In addition, the customer does not have to prepare a huge infrastructure requirement, to have the products already deployed. It's much easier to deal with and very stable as well. Some customers do not like Trend Micro since it doesn't have many integration points with other technology.

The solution can be easy or complex. It depends on the environment in which we are going to implement or deploy the product on. 

It becomes complex, especially when it's a virtualized environment.

The time it takes to deploy depends on the number of endpoints running within the organization. The initial setup for the administration part may take two business days.

There should be an updated operating system first, in order to host the administration console of the product. Then certain batches have to be installed, including batches on updates for the product itself. Then we usually install the main orchestrator of this product. After that, we generate the endpoint package to be distributed on other endpoints.

Usually, one to three people are needed to deploy the solution. 

I'd rate the solution seven out of ten. 

We do have a technical arm. It's an independent professional service provider. It's a company itself. However, it's under the umbrella of the main one, which is acting as the technical arm of the main company. It typically handles the initial setup. 

Trellix may cost around $46 to $47 for a single license without an EDR. In contrast, Trend Micro may cost $23 to $25 USD without an EDR sensor. Trend Micro is much cheaper. 

Trellix may have extra costs in terms of managed services. That might be around $200 to $250.

I'd rate the solution six or seven out of ten in terms of affordability.

We're a partner and reseller. 

We're working with the most recent three versions. It is 10.9 right now. Previously, it was 9.5 and then 8.7.

We have the solution deployed on-premises and on the cloud as well. 

I'd advise potential new users to look at all packages before implementing Trellix and to look into configurations right at the outset. 

I'd rate the solution seven out of ten.

It is exclusively for Endpoint security. Besides that, we have subscribed to additional features such as MDX for mobile security and recently added ESL. Previously, we had Trend Micro, and at times we utilized it for malware. Comparing the three tools, I would recommend sticking with Trend Micro or Malwarebytes.

Trellix Security Endpoint can promptly isolate any host machines directly from the console. If alerts are received and isolation is necessary, it can be accomplished through the console. The console itself holds significant value, accessible through a browser and allowing remote actions via cloud login.              

If there's a possibility for remote assistance or investigation support in the future, it would be beneficial. Currently, we use another remote software for such purposes. If this feature could be included in the next version, that would be an improvement. The feature is called Remote Administration.

I have used Trellix Endpoint Security for the last two years.

It is stable and I would rate it 8 out of 10.

Scalability is 8 out of 10. 

The issue with technical support lies in the response time. When submitting a complaint, there is a delay, sometimes taking one or two days for a response. This extended timeframe is considered quite lengthy.

Neutral

The initial deployment of Trellix Endpoint Security involves some time to install agents on host machines. However, once in use, adding new versions and deploying agents to GPO becomes straightforward. It's possible to manually install agents on various devices, and the current process of deploying agents through GPO policies typically takes around ten to fifteen minutes per agent. The duration may vary based on internet connectivity, and it's generally faster when the machine is on the network.

I would rate it 8 out of 10 and it is very straightforward. 

It is reasonably priced. 

I would recommend it. I rate the solution an eight out of ten. 

Previously, before the transition to Trellix, we used McAfee. Following a merger, FireEye now collaborates with McAfee, utilizing its console and threat intelligence.

In terms of endpoint security, I would recommend Trellix Endpoint Security, especially for users prioritizing threat intelligence and seeking an internal solution. Trellix has proven effective in areas such as blocking capabilities, device control, and application control.

Trellix Endpoint Security offers robust access protection, addressing major concerns in prevention. It provides both application control and user access control within its access protection features.

Recently, Trellix has introduced a CDR, which involves more manual response than automatic. I believe they should enhance the system by adding features like automated response and the ability to create custom playbooks. This is crucial for an EDR solution, and currently, Trellix lacks this feature while other products offer it.

I have been using this solution for the past five years.

Previously, I would have rated it around ten, but now it's more like seven. They need to enhance the EDR part and put in more effort.

For on-premise implementation, I would rate it a six as there is a need for more scalable options during the initial setup. On the other hand, for cloud implementation, I would give it a nine because it offers enabled scalability options.

I acknowledge their technical expertise in the product, but the support has not been as satisfactory as it was with McAfee. I believe there is a need for improvement, whether it's the team's capacity or response time. Previously, the response time was excellent, but now it has increased, causing frustration among customers and creating potential issues. Reducing this delay would be beneficial.

Neutral

If someone asks for a bundled solution with strong threat detection, I would recommend Trellix because it stands out as the only bundle solution with a decent amount of threat detection. While there are other bundled solutions in the market, Trellix excels in both access and detection capabilities.

Regarding the initial setup of Trellix Endpoint Security, I am accustomed to executing it accurately. I would rate it around 8.5 or 9.I have successfully implemented Trellix Endpoint Security for up to five thousand endpoints, and the process took approximately four days. For smaller enterprises, it can be completed in about one day.

I would rate the cost as four to five, considering it's normal compared to other products. I find it nominal and worth the money.

The support phase needs improvement, specifically in reducing the time taken to respond to calls. Additionally, the EDR functionality in Intelix requires enhancement. While McAfee fulfilled product functionality even without strong support, the introduction of EDR seems to be partial and lacks automated response capabilities. The overall rating for Trellix Endpoint Security would be an eight.

Our company just started evaluating the solution for endpoint protection. We have tested it in a POC environment but have not deployed it to the production environment. 

The solution includes a good combination of features for both signature and signature-less detection. Based on types of threats, we can opt to use either or a combination of both. 

Good progress has been made with integrations for McAfee and FireEye but more work has to be completed because the feature is still pending. Down the line with these integrations, the solution will be very good product. 

The solution could provide open XDR in addition to EDR.

Adding MDR makes sense instead of just being on the EDR and DXDR fronts. 

I have been using the solution for a couple of weeks. 

The solution is stable. 

The solution is SaaS so should be fully scalable but we have not yet tested scalability. 

Technical support could be improved. Our team worked with the product reps to coordinate requirements and deploy.

The setup is quite easy and only takes a few minutes because it is a SaaS solution. 

We implemented the solution in-house for our POC environment. 

We use several products simultaneously and are using the solution in a test case. It might take two or three months to confirm if we plan to deploy to our production environment. 

The solution meets customer expectations and is a good product. I rate the solution an eight out of ten. 

I'm working on a project for the Hong Kong library system under the Hong Kong government. They provide workstations in the library for citizens to access the Internet. The ENS needs to be installed on all the PCs in the library. Another part involves the CSWA for the server farm. They are upgrading the entire library system, including the rental system, book search, eBooks, multimedia, and other services. The CSWA modules are primarily for the backend servers, including Linux and Windows.

Detection and response functionality meet our requirements, but the support is poor.

HIPS protects server files from being modified or deleted by unauthorized users. It's primarily deployed in the web tier.

It is a bit technical. The user interface has some significant limitations, mainly when using HIPS on the server side, to protect files from being changed or deleted by hackers, users, or administrators. The UI only allows for the inclusion of files using wildcards. 

For example, it can protect an entire directory or a subdirectory, but it doesn't let you select specific files within a directory.

I have been using Trellix Endpoint Security (ENS) as an implementor for two years.

We haven't had any system crashes or problems in most cases. SolidCore is not compatible with some kernels, which is causing problems. Endpoint, HIPS, and anti-theft are working fine so far. 

I rate the solution’s stability as seven out of ten.

We use one ePO server to manage around four thousand endpoints, including servers. This single server effectively handles this load.

It is suitable for medium and large enterprises.

I rate the solution’s scalability as seven out of ten.

Support is poor. A module called Solidcore needs to match with the OS kernel in one area. The support for this module has been slow because it doesn't match the latest OS. As a result, we haven't been able to upgrade our OS because McAfee does not support the latest version. We've also encountered issues where the product can't be upgraded or installed successfully. We're managing over 300 servers and 3,000 workstations. Upgrading has been a nightmare with this setup.

It provides a slow response. Sometimes, getting feedback takes a few days, and that is also not to the point.

Positive

The initial setup is easy and straightforward. Determining specific modules and functions often involves a lot of trial and error. Deployment takes only a couple of days.

Overall, I rate the solution a seven out of ten.

The tool is primarily used for endpoint detection. When an event occurs on an endpoint, alarms are generated. Colleagues from my company then investigate these alarms based on a playbook. Depending on the playbook and the specific customer contract, actions may be taken, such as informing the customer or implementing endpoint containment measures.

The tool has contributed to improving our security posture. While it's just one part of our overall solution, it plays a crucial role. As we continue to evolve, we anticipate it becoming even more important alongside other aspects like network behavior and additional metrics.

The tool's most valuable feature is containment. Last year, a German company faced an external attack. We installed the product on every machine, totaling hundreds of endpoints. The Trellix agent collected information, allowing us to check the entire IT infrastructure. 

The product is consolidating its portfolio into one product. It is difficult at the moment. 

I have been using the product for three years. 

The solution's scalability is easy. If you have Trellix Endpoint Security on-premises, you need to define how many agents you will support and consider future scaling. Different appliances are available for various scenarios. If you plan to have hundreds or thousands of agents in the future, hardware considerations become important. However, if it is deployed in the cloud, scaling up or down is easily manageable.

My experience with the product's tech support is good. 

Positive

Trellix Endpoint Security (ENS)'s deployment is not difficult. There are different options available, such as using an on-prem hardware box or a virtual machine in the cloud. Setting up the virtual machine in the cloud is easy, requiring only a connection to the customer's system. 

If you plan to install the solution on-premises, you bring the box to the customer and connect it to their system. This involves some configuration, such as opening a port on the firewalls. Deploying agents on the endpoints is straightforward and can be done from a central management point. The entire process takes around a day to configure, and then you are up and running.

Microsoft Defender is not cheap and from a cost perspective, Trellix Endpoint Security (ENS) is a better option. 

We integrate the product into our system using API. The information, in the form of messages or alarms, is received in our system. We further process this information and incorporate it into our complete solution. 

I rate the product an eight out of ten.