Trellix Network Detection and Response Reviews

My primary use case for Trellix Network Detection and Response is real-time threat detection, network traffic monitoring, and rapid incident response. I use it to identify malicious activity, prevent unauthorized access, and improve overall network security visibility across the organization.

A practical example of how I have used Trellix Network Detection and Response in my daily work was detecting unusual outbound traffic from a user endpoint. The solution quickly identified the suspicious behavior, generated an alert, and helped us isolate the affected device before any data loss occurred. This significantly reduced investigation time and minimized the security risk.

Trellix Network Detection and Response offers several best features including real-time threat detection, behavioral analytics, network visibility, automated incident response, and threat hunting and investigation.

I find myself relying the most on real-time detection from Trellix Network Detection and Response, which has made the biggest impact for me. It provides immediate visibility into suspicious activity, allowing the security team to investigate and respond quickly before an issue escalates. This significantly reduced detection time and improved our overall security posture.

Trellix Network Detection and Response has positively impacted our organization by improving our security visibility and threat detection capabilities. It has helped us identify suspicious network behavior faster, reduce the time required for investigations, and respond to incidents more effectively. As a result, we strengthened our overall security posture while reducing the manual effort needed for threat monitoring and analysis.

After deploying Trellix Network Detection and Response, we saw a noticeable improvement in our security operations. Threat detection and incident times were reduced by 40 to 50 percent, and the security team spent significantly less time manually analyzing network traffic. We were also able to identify suspicious activity that previously went unnoticed, leading to faster containment of potential incidents. It improved overall response efficiency.

I think the UI of Trellix Network Detection and Response can be improved for a first-time user.

I do not think there is anything else that could be improved with Trellix Network Detection and Response; I am currently happy with the solution.

I have been using Trellix Network Detection and Response for more than one year.

Trellix Network Detection and Response is very stable.

The scalability of Trellix Network Detection and Response is very high.

Customer support for Trellix Network Detection and Response is good, providing me with accurate results or accurate troubleshooting.

I would rate the customer support of Trellix Network Detection and Response an eight out of ten.

From a business point of view, while deploying Trellix Network Detection and Response, we can improve our security posture, which indirectly leads to time saved as well as money saved. If a threat can enter any endpoint that is exposed to the internal network, there is a potential gateway for hackers, leading to a loss of production or significant financial impact to the network.

Currently, I am happy with Trellix Network Detection and Response, so if I see any modifications or needed improvements in the future, I will definitely update my review.

Currently, Trellix Network Detection and Response is not using AI, so I have no comments on its governance and security.

Since Trellix Network Detection and Response is not using AI, I do not have any experience with its accuracy and reliability of output, and I mostly rely on other features.

I would rate this review an eight out of ten.

Public Cloud

Microsoft Azure

Our main use case for Trellix Network Detection and Response is to maintain oversight of our network traffic and catch any threats or unusual activity as early as possible.

Trellix Network Detection and Response runs in the background monitoring all network traffic, and whenever something unusual comes up, it sends us an alert and we look into it straight away without any delay.

The best features Trellix Network Detection and Response offers are real-time threat detection, traffic analysis, and the way it breaks down alerts in a clear and simple way.

The feature we rely on the most day-to-day is real-time threat detection because catching a threat early makes a huge difference, and this product does that very well.

Trellix Network Detection and Response has positively impacted our organization by making our security team more confident and responsible, knowing that the network is being watched all the time, allowing us to respond to threats much faster than we used to.

Our team now responds to network threats much quicker than before, and we have managed to stop a few suspicious activities early that could have caused bigger problems.

Based on my experience with the solution, I do not see any improvements needed for Trellix Network Detection and Response at present; it might be required in the future, but there is no space to improve it currently.

If I had to imagine an area where Trellix Network Detection and Response could be enhanced in the future, I would say that more AI-based alerting could be improved so that more customized and advanced reporting could be generated.

I have been using Trellix Network Detection and Response for three years.

Trellix Network Detection and Response is quite stable and performs well overall.

Trellix Network Detection and Response's scalability has been really good; it has handled our growing network well, and as we have added more systems, it has kept up without any issue.

Customer support for Trellix Network Detection and Response is very excellent, as they provide thorough troubleshooting steps to overcome any technical issues.

We are using this type of solution for the first time, so we have not switched from other solutions.

My advice for others looking into using Trellix Network Detection and Response is to take some time to set it up properly, fine-tune the alerts to suit your environment, and once that is done, it runs very smoothly and gives your security team a much stronger grip on what is happening across the network.

We did not evaluate other options before selecting Trellix Network Detection and Response; we chose it based on its advanced threat detection capabilities and integration with our existing security ecosystem.

Regarding Trellix Network Detection and Response's AI capabilities, I think the governance side is well thought out, keeping everything in check and ensuring that detection is handled in a controlled and secure manner.

As for Trellix Network Detection and Response's accuracy and reliability of output, it has been quite accurate in the detection of real threats, and we have not seen any false alarms, so the alerts have been mostly relevant and actionable.

I would rate this product overall as a 9.

On-premises

Trellix Network Detection and Response is used for monitoring network traffic, detecting advanced threats, identifying suspicious behavior, and improving incident response capability across the organization.

Trellix Network Detection and Response offers network visibility and behavior analysis combined with real-time threat detection as its most valuable capabilities. Traditional security tools are very effective at detecting known threats, but Trellix Network Detection and Response stands out because it can identify unusual network behavior and potential threats that do not match known signatures. In our environment, this has helped us detect suspicious activity much earlier and prioritize investigation more effectively.

Other features such as network visibility and threat detection are also beneficial.

Trellix Network Detection and Response has positively impacted our organization by improving threat visibility, accelerating investigation, and strengthening our ability to detect advanced threats across the network.

Trellix Network Detection and Response is a powerful tool with areas that need improvement, such as dashboard customization options and reporting flexibility. Additionally, I find that third-party integrations are somewhat complex and need to be more user-friendly. Everything else is reliable and meets our security requirements well.

I have been using Trellix Network Detection and Response for more than two years.

Trellix Network Detection and Response is stable in our environment, with no downtime issues.

Trellix Network Detection and Response has excellent scalability, as the platform has scaled well as our environment has grown and continues to provide consistent visibility and performance.

Customer support for Trellix Network Detection and Response is knowledgeable, responsive, and helpful during troubleshooting and recommendations.

Before Trellix Network Detection and Response, we were using traditional network monitoring security tools.

I have seen a return on investment with Trellix Network Detection and Response through improvements in operational efficiency, faster threat investigation, and reduced manual monitoring effort. Overall, security operations are approximately 30 to 40 percent more efficient, and we can save time because everything automatically analyzes, resulting in approximately 40 to 50 percent time savings.

My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response is positive, as the setup process was straightforward, licensing was flexible, and the value delivered by the platform justified the investment.

Before choosing Trellix Network Detection and Response, I evaluated other options as alternatives.

A specific example of how Trellix Network Detection and Response helped me detect and respond to a real threat was when it detected an unusual communication pattern from an internal device to an unknown external destination. Traditional security controls did not flag the activity, but Trellix Network Detection and Response behavior analysis identified it as suspicious, allowing me to investigate and mitigate the risk quickly.

Threat investigation and incident response activities are approximately 30 to 40 percent faster than before due to centralized visibility and automated analysis, which demonstrates how much investigation time has improved.

I advise others looking into Trellix Network Detection and Response to integrate it with existing security ecosystems and establish clear incident response workflows, as organizations that improve their visibility capability will gain significant value from the platform. I would rate this product a 9 out of 10.

Hybrid Cloud

Microsoft Azure

My main use case for Trellix Network Detection and Response is providing support for our customers, and one of our customers has Trellix, so we had to provide monitoring or specific XDR tools for that customer, including Trellix, Crowdstrike, and many others.

A typical task or incident I have handled using Trellix Network Detection and Response demonstrates that it is a very good tool for XDR, very comfortable to use, and extremely easy to use, making it one of the best XDR tools.

The best features Trellix Network Detection and Response offers include very good threat detection, and I believe that it is one of the best XDR tools. For example, ePO and XDR components are very comfortable and similar to many other tools for this type of monitoring, and I have received very good feedback for this tool.

What makes Trellix Network Detection and Response stand out for me compared to other tools is the way you can detect threats. It is very easy and comfortable to use, and the detection shows clearly on the screen, which is very easy to understand.

Regarding the features, I think that the integration with other platforms is very comfortable with the customer because we can integrate it with any switch or firewall, and it is comfortable to add this tool.

Trellix Network Detection and Response has positively impacted my organization as I have improved my knowledge about detection and response. I have already used some other tools such as CrowdStrike and Umbrella, but Trellix is one of the best that I have tested.

I believe that for my organization, Trellix has helped a lot with detection and supported our customers effectively.

Trellix Network Detection and Response is a great tool that integrates with a lot of security tools such as Palo Alto, which is a good firewall. If you have these types of tools, your organization would benefit greatly.

I would like to see in Trellix Network Detection and Response more explanation about some details of the threat, and I wish it had more actions that you can take to contain the host or move it somewhere else.

I have been using Trellix Network Detection and Response for a couple of months, possibly around six months, and I believe that it is a good tool and a very good XDR tool.

Trellix Network Detection and Response is stable in my experience.

The scalability of Trellix Network Detection and Response is very great.

The customer support for Trellix Network Detection and Response is great.

Positive

I previously used another solution, but Trellix was my first XDR tool. Then, I used CrowdStrike and Umbrella.

I think my comments about the return on investment are the same that the customers think.

My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response is very great.

I did not evaluate other options before choosing Trellix Network Detection and Response.

My advice for others looking into using Trellix Network Detection and Response is to remember the actions that can be added for the SOC team. I would rate this review as a nine out of ten.

Public Cloud

Amazon Web Services

I am working with Trellix Network Detection and Response as part of my overall experience with these products today.

Trellix Network Detection and Response is used for threat and response use cases for my clients. The solution correlates telemetry data from the endpoint or security solution, providing a single click of workbook and workbenches in the console for best visibility of root cause. After reviewing the workbenches and workbook, I create the playbooks accordingly, severity-wise.

The threat intelligence feature is helpful for full threat investigation. When I receive major detections from Trellix Network Detection and Response, I initiate some queries from the threat intel, and the threat intel shares with me the verdict and threat severity, which can be critical or high.

Forensic analysis is helpful because I need to collect some infections from infected machines. I first need to determine what the initial root impact machine is and the impacted network. It helps determine where the threats are coming from, and the forensic insights assist in this investigation.

As a partner of Trellix, I believe the biggest advantage of this NDR solution is that it integrates with the network side. After that, it collects all traffic for the threat capability of Trellix Network Detection and Response, such as lateral movement and C&C callbacks. Ransomware detection allows me to initiate and analyze the logs for the threat model of Trellix Network Detection and Response, then it will respond.

I am working with the threat intelligence feature for threat intelligence and threat queries, and I review through the threat intelligence.

It is effective for Trellix Network Detection and Response to integrate with other security products. ePO integrates for some security solutions such as Microsoft. There is the capability of third-party integration and ingesting the telemetry from the security solution, showing me the workbench workbooks.

Automated responses help me minimize security threats with the playbook creation and automation.

Detailed forensic analysis helps me understand network threats in general.

Trellix Network Detection and Response solution is easy to scale. I need to integrate with the main core switch, and after that, it helps with the port mirroring for threat detection.

The negative aspect is support. When I need urgent support from Trellix, there is a response after four hours or three hours, which is my main concern regarding the negative point of Trellix Network Detection and Response. Support is the only disadvantage I see.

I have been dealing with this product for around six years or more.

I am not facing any challenges of downtime at this time.

For support, I would rate it seven.

There is a difference when comparing Trellix Network Detection and Response with other competitors. For instance, Trend AI is not capable of the APT security provided, but Trellix Network Detection and Response gives us the APT solution.

I would say deployment is easy.

It is a money-saving solution, and I see ROI here.

The price for Trellix Network Detection and Response is reasonable. The pricing is reasonable, and I do not need to bargain with Trellix or customers.

I am dealing with two major vendors today, and I am still working with all of them. I work with Trellix Network Detection and Response as a reseller, and I am both a partner and a reseller selling it. It shows me the threat vector. I am not sure which feature should be added at this time. I am working on both solutions, on-premises and on cloud. I deploy on Trellix Cloud Workload Security. I have not worked with anything from AWS Marketplace right now. My review rating for this product is nine out of ten.

The solution has been in place for quite some time – three or four years. We've renewed it several times, and we upgraded from Gen 3 to Gen 4 hardware at one point as well.

Currently, it's integrated with our firewall and McAfee IPS. We also have network-based sandboxing deployed. It uses static and dynamic analysis engines, so we get alerts if malicious traffic is detected or harmful objects are downloaded.

We've been using their PX solution for packet capture, which is the core of their NDR functionality. But we haven't fully adopted the combined product – NX and PX  – yet because they are still separate. 

The storage requirements for raw packet capture, especially with our traffic levels, make it quite expensive.  And that's true for many security products. I feel like NDR is pretty expensive. 

However, this is especially true about raw packet capture for network telemetry – the storage requirements with RAID 0 become quite expensive, regardless of the solution.

We had a serious incident where an attacker attempted a web shell attack on one of our web servers [DevOps server]. We were able to identify that the hackers used a malicious script and tried to target specific files. The hacker also tried to make a copy of some files. 

We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. With Trellix, we easily confirmed that there was no lateral network involvement and that nothing else was infected. It helped us correlate the events and feel confident in our containment.

Trellix NDR was effective in that situation.

Morevoer, we've integrated this solution with our SIEM. There's a degree of integration provided by Trellix with their solution, and we're satisfied with that. However, without the SIEM, that's the extent of our integrations at the moment.

We're exploring further options due to organizational shifts towards the cloud, potentially moving away from a hybrid environment. We're assessing SaaS-based SIEM solutions. Trellix has its own offering, Helix, which we've evaluated and even purchased in the past. Ultimately, we discontinued its use. To summarize, our primary integration right now is with our SIEM.

The SIEM integrates well with our threat intelligence sources. We also have some secondary integrations in place. Overall, things are running smoothly.

The in-depth investigation capabilities are a major advantage. When the system flags something as malicious, it provides a packet capture of that activity within the environment. 

That helps my team quickly identify additional context that most other tools wouldn't offer – like source IP or base64 encoded data. We can also see DNS requests and other details that aren't readily available in solutions like Check Point or others that we've tried.

The detection itself is solid, and their sandboxing is powerful. 

There's a learning curve – you need a strong grasp of OS-level changes, process forking, registry changes, and the potential impact of those. But with that knowledge, the level of information Trellix provides is far greater than what we've seen elsewhere.

The real-time response capability of Trellix has been quite effective, although it's not very fast.  The key is this solution's concept of 'preference zero.' They don't immediately act on a zero-day. For example, the solution has seen a piece of malware for the first time. It'll let it in, then do sandboxing. Maybe after four or five minutes, it identifies that specific file's DNX Secure Store as malicious. At that point, they update the static analysis engine, and it gets detected if anything else tries to download the same file.

There is that initial 'preference zero' concept, like with Panda. You may not hold traffic in the network. That's standard in the industry; we don't do much about it. To address that, we also have endpoint solutions. We use SentinelOne in our environment, which helps us identify threats like Western Bureaus and others.

The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless. 

STG needs to... I'm not sure what their roadmap is; they've mentioned full integration, but it hasn't materialized yet. Both the McAfee and FireEye engineering teams need to accelerate the process, as it would definitely benefit customers. The integration between Nextiva and Trellix could also use some work.

I have been using it for seven years. I have been involved since the FireEye days. That's when I started working with it.

We're on version 9.1.5.

I would rate the stability an eight out of ten. It's quite stable.

We've upgraded without any major hiccups – I'd rate scalability a nine out of ten. We've smoothly transitioned from a lower-capacity appliance to a higher one. The current appliance supports 2.5 Gbps of traffic, and we're currently handling around 300-500 Mbps without issue. Scalability is definitely there, we've never faced any problems in that regard.

We have approximately 500+ users. However, we also have applications hosted here, along with multiple IPC tunnels. We're using Netskope's Zero Trust Web DNA as well. So, 500+ users, but typical traffic averages around 300 to 400 Mbps.

The customer service and support are really good. Trellix offer multiple contact options – you can call and get immediate assistance from someone in Israel, Singapore, Japan, or even India. Plus, they offer chat support through Teams or Webex. 

Trellix's documentation portal is also good.

Positive

We've used Forcepoint, NetFlow, SentinelOne, Trellix, Arista…some Splunk, and some Elastic as well. It's a mix of tools across different security domains.

These are all security-focused products. Security is my primary focus.

The initial setup was really straightforward. It took maybe a day to complete the upgrade. 

We spent some time getting the prerequisites ready, which took a bit longer, but the actual deployment was very fast.

So you just identify the network where you want to connect it and just plug it in. It only took half a day. 

Therefore, the preparation took some time, but the deployment itself was quick.

Handling upgrades:

We have a practice where network device upgrades take priority - starting with the App Firewall and working our way through Web Proxy and so on. We avoid parallel endpoint upgrades as we've had challenges with those.

Trellix releases sandbox system updates yearly, which are fine. Those don't require downtime. However, operating system upgrades are a factor. 

We review KBR details thoroughly. Three or four months ago, we went from 9.1.4 to 9.1.5, and we're evaluating a possible upgrade to version 10, perhaps next month.

Generally, we follow the n-1 version strategy. But if there are significant new features in a release, we might upgrade sooner. Overall, it's manageable – we upgrade frequently, and this particular solution hasn't caused downtime issues. Plus, we use DNS-based global [settings/configuration?], so downtime isn't a major concern.

For the deployment process, we needed two or three engineers. The physical appliance mounting and setup require multiple people. Trellix's appliances are very heavy.

The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced. It's a bit on the expensive side, but we don't want to compromise with cheap, less reliable solutions. 

We want quality. It's like... you might not opt for the top-of-the-line Apple product, but Samsung is a good choice. We wouldn't go for an Oppo, VIVO or ASUS type of device.

Overall, I would rate the pricing an eight out of ten, with one being expensive and ten being very cheap. 

Overall, I would rate the solution a nine out of ten.

Potential customers should definitely evaluate their specific use cases, budget, and commercial considerations. The product itself is good, there's no doubt. But it's essential to understand your use cases – then I'd definitely recommend it.

On-premises

The primary use case for Trellix Network Detection and Response is network intrusion detection, which is crucial for protecting environments. It helps secure networks and defend against phishing and other attacks created by the networking sector. We use the solution for detection and forensics investigation, reporting incidents such as the source and network path of attacks.

Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch. When users break firewall rules, the solution identifies affected areas for immediate action, helping determine the actual reason for attacks. Its ability to report incidents like network paths makes it invaluable in securing the environment. With eight years of experience, I can attest that Trellix NDR is effective in detecting and protecting networks.

The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would help in network detection response. Networking often involves complexity that could be simplified. More visibility in the dashboard would help in quickly identifying and responding to incidents. Additionally, there should be improvements in AI intelligence, faster decision-making, and a more responsive technical support team.

I have been using Trellix NDR for approximately eight and a half years.

Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents. There is a need for technical expertise, specifically in device control and DLP issues.

Positive

The initial setup of Trellix NDR has some complexities, particularly when dealing with big organizations' network design and path.

While I do not handle pricing directly, it is known that there is a variety of customers with different licensing needs, which depends on the organization's size and policy.

Currently, I would rate Trellix NDR as an eight out of ten. There are various opportunities for improving its response capabilities and dashboard visibility to quickly address incidents, which could improve the overall effectiveness of the solution.

On-premises

We use the solution in our servers and workstations for Endpoint Detection and Response. 

Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats. The IP devices played a crucial role in blocking and reducing the amount of malicious traffic entering our company. Its endpoint security, EDR, and insights are valuable. The automation functionality, particularly the ability to automatically handle and mitigate detected threats, has proven to be immensely beneficial for our security operations.

Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use.

I have been using the product for 13 years. 

I rate the product’s stability a nine out of ten. 

We are using Trellix Network Detection and Response on approximately 3,500 servers and 33,000 workstations. I rate its scalability a ten out of ten. 

We handle the first-line support for Trellix Network Detection and Response on our own, performing troubleshooting and maintenance. For more advanced issues, we rely on Trellix Network Detection and Response's classic support as the third-line support.

The tool's integration with our existing security infrastructure was not difficult. Following the provided processes made the integration relatively straightforward. Its deployment was not difficult for us. We received support from Trellix professional services, which made the process smoother. The process took two months to complete. 

I rate the tool a nine out of ten. 

On-premises

In my company, the solution is used for our endpoints.

The product's integration capabilities are an area of concern where improvements are required.

I have been using Trellix Network Detection and Response for two to three years. I use the solution's latest version.

Stability-wise, I rate the solution an eight out of ten.

Around 1,000 people in my company use the product.

I have not worked with other solutions before Trellix Network Detection and Response.

The installation phase was easy.

The solution is deployed on an on-premises model.

The solution can be deployed in a couple of days.

There are around 15 engineers in my company to take care of the product's deployment and maintenance areas.

Trellix Network Detection and Response has enhanced our organization's in-house capability in the area of threat detection.

Trellix Network Detection and Response worked very well in a scenario where it was used to help my company respond to a network incident efficiently.

The network detection and response capabilities of the product are the most valuable for our company's security operations.

The operation of the dashboards is not problematic in the product.

The network analytics feature of the product helps me in my daily tasks.

The product is user-friendly.

The product did improve my company's time to detect and respond to threats.

My company takes care of the maintenance of the product.

I rate the overall tool a seven out of ten.

On-premises

It is mostly an NTAP tool. It is just blocking the CNC domains. That is the primary use case.

The NTAP features are the most valuable aspects of the product. Other features, like ITS, are there, however, the primary value is in the NTAP protocols.

It is an easy product to set up.

The product has been quite stable. 

Support is very helpful and responsive. 

It is not supporting multiple SSLs. If we've got four or five servers and all the traffic has to pass through Fire Eye, and the servers are using their own SSL certificate, FireEye is not supporting this. 

We'd like the potential for better scaling. 

Generally, this particular product has a lot of room for improvement.

I've used the solution for a few years. 

It's stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

This is a standalone solution. It doesn't scale per se. 

The technical support is really very good. We are quite satisfied with the level of services we get. 

We did not previously use a different solution. 

The product is plug-and-play so there is no complication regarding the setup of the solution. It's very simple and straightforward. I wouldn't describe the process as complex. 

In terms of maintenance, only some support is required occasionally. You do not need a dedicated staff member constantly on the product to maintain everything. 

I have never really gotten into the licensing aspect of the solution. I can't speak to the exact costs. 

We are currently evaluating Check Point SandBlast Network.

I'm an end-user. 

I'd rate the solution seven out of ten.