Name: Trellix Network Detection and Response
Brand: Trellix
Rating: 4.2 (40 reviews)

DepAssist9876

Deputy Assistant Secretary with 201-500 employees

Mar 6, 2019

Download

We don't have to react because it stops anything from hurting the network

Pros and Cons

"We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up."

"Cybersecurity posture has room for improvement."

What is our primary use case?

Our primary use case if for zero-day identifying anomalies and zero-day vulnerabilities without requiring signature recognition.

How has it helped my organization?

McAfee didn't even know that there was a vulnerability out there, and this solution found it before McAfee, and then we notified them, and they came up with a patch to remediate that exploit.

What is most valuable?

The zero-day vulnerabilities feature is the most valuable feature.

What needs improvement?

Cybersecurity posture has room for improvement.

Buyer's Guide

Trellix Network Detection and Response

January 2026

Free Report: Trellix Network Detection and Response Reviews and More

Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.

DOWNLOAD NOW

881,082 professionals have used our research since 2012.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It's stable, we haven't had a lot of issues. We get updates when we need them and the vendor is responsive when we have issues.

What do I think about the scalability of the solution?

We have scalability across our whole network. We haven't had any scalability issues at all. It's used daily, as far as for the continuous monitoring required for cybersecurity.

We have the administrators, which is approximately five people that monitor it. Then it's also for our enterprise network, which is over 200k users. They're all sysadmins and cybersecurity engineer type people.

How are customer service and support?

The support from the company has been wonderful. Any time we've had any issues they responded.

How was the initial setup?

I did not set it up, but the setup seemed to be straightforward.

What was our ROI?

We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing are reasonable compared to competitors.

What other advice do I have?

There may be other tools that do this, but FireEye is part of the defense in depth. What other products miss, FireEye tends to pick up.

I would rate it an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Ala Khalil

PreSales Director at a marketing services firm with 51-200 employees

Nov 11, 2018

Download

The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security. The one thing that needs to improve is that they use guidance or FDK for max data.

Pros and Cons

"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."

"The world is currently shifting to AI, but FIreEye is not following suit."

What is our primary use case?

My primary use case for this solution is world gateway or an email gateway for forensic tools.

What is most valuable?

The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security.

What needs improvement?

The one thing that needs to improve is that they use guidance or FDK for max data. They don't have their own tools, that is a weakness in the Mandiant.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

I find this product stable.

What do I think about the scalability of the solution?

I find this product scalable for our needs.

How is customer service and technical support?

We have our own qualified tech support team, and we do not find a need for the tech support from FireEye IT.

What's my experience with pricing, setup cost, and licensing?

We looked into other forensic options in the past. We used to use RSA in the past, but it is not the same as FireEye.

What other advice do I have?

The world is currently shifting to AI, Artificial Intelligence engines. FireEye, now has nothing in the road map to shifting to AI. Other companies do have a roadmap for AI integration. Now the hacker is more intelligent. The hacker is going to hack the laptop for example, and an AI engine could be an excellent prevention mechanism.

Disclosure: My company has a business relationship with this vendor other than being a customer. I am a reseller.

Buyer's Guide

Trellix Network Detection and Response

January 2026

Free Report: Trellix Network Detection and Response Reviews and More

Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.

DOWNLOAD NOW

881,082 professionals have used our research since 2012.

SeniorNe6c94

Security Engineer at a computer software company with 51-200 employees

Jan 22, 2018

Download

Alert Dashboard is easy to navigate, but detection, reporting, policy management need improvement

Pros and Cons

"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."
"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."
"Stability issues manifested in terms of throughput maximization."

What is most valuable?

Simplified Alert Dashboard is straightforward to navigate.

What needs improvement?

1. Granular reporting

Need more attributes for each alert; e.g. protocol, time, type of attack, etc. These attributes could be used for report generation or to aid as search criteria.

2. Rule base

Create an option to create/add/edit rules in the existing policy. Most importantly, create room to add exceptions to false positive alerts.

3. Use one appliance for both Web detection and email detection to reduce the cost of shipping and delivery.

4. Detection of .zip and .rar files.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Stability issues manifested in terms of throughput maximization.

What do I think about the scalability of the solution?

There were scalability issues for the appliance-based solution, but not for the cloud-based solution.

How are customer service and technical support?

I rate it eight out of 10.

Which solution did I use previously and why did I switch?

I was not using anything previously.

How was the initial setup?

Straightforward.

What's my experience with pricing, setup cost, and licensing?

Use cloud solution; pricing is a bit high.

Which other solutions did I evaluate?

Palo Alto.

What other advice do I have?

I rate this solution at six out of 10. There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management. It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives.

Disclosure: My company has a business relationship with this vendor other than being a customer. Value-added reseller.

it_user792615

Security Consultant at a tech services company with 51-200 employees

Jan 16, 2018

Download

Improves defense against zero-day threats and network security, but management of the appliance could be greatly improved

Pros and Cons

"Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security."
"The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive."

"Management of the appliance could be greatly improved."

What is our primary use case?

Implementing at customer sites. Conducting pre-sales and PoC demos for customers and providing technical support to customers on behalf of FireEye.

How has it helped my organization?

Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security.

What is most valuable?

The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive. It has helped FireEye be the first ones to announce zero-days on many occasions.

What needs improvement?

Management of the appliance could be greatly improved.

They should take a leaf out of the book of Symantec's (Formerly Blue Coat) MAA appliances. The management is super-easy, most features are available through the GUI, and the administrator has an easy to navigate interface that helps in faster threat analysis.

For how long have I used the solution?

One to three years.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner of FireEye selling their products to customers.

it_user494931

Master Consultant (Network Security) at a tech services company with 1,001-5,000 employees

Aug 31, 2016

Download

It added a layer of inspection that might be missed by traditional IPS or antivirus products. Features such as IPS are lacking.

What is most valuable?

FireEye's virtual execution engine is designed to catch 0-day or targeted malware files.

How has it helped my organization?

I work for a managed services provider, so we don't deploy the product internally but deploy it in customers’ environments. For our customers, it added a layer of inspection that might be missed by traditional IPS or antivirus products, and that is the capability of catching new malware that might not have been identified or seen in the wild before.

What needs improvement?

FireEye’s main feature is its sandboxing or threat emulation capabilities to detect malware with extra add-ons such as signature-based IPS or endpoint protection, but these features are lacking compared to most IPS or endpoint vendors. FireEye would need to work on these capabilities to have a fuller product offering (especially when all the other major NGFW vendors such as Check Point or Palo Alto offer similar threat emulation capabilities to FireEye).

For how long have I used the solution?

I have been using it for 3-4 years.

What was my experience with deployment of the solution?

Deployment is extremely easy, and we haven't run into any issues.

Which solution did I use previously and why did I switch?

We also use the same capabilities that come in other products such as Palo Alto (wildfire) or CheckPoint (threat prevention). I don't think there is much difference in the capabilities between either of the products.

How was the initial setup?

Initial setup was very straightforward.

What about the implementation team?

We implement and provide continued managed services coverage for the product.

What other advice do I have?

Currently, I think if you have another product that can provide the same functionality (such as Palo Alto or CheckPoint), and that device is capable of handling the extra load of running these features, then I would consider using those products instead of adding a new product to the network.

Disclosure: My company has a business relationship with this vendor other than being a customer. My company is a vendor partner.

it_user298434

NetworkEngineer informaton security at a tech services company with 51-200 employees

Aug 27, 2015

Download

It helps to detect and prevent zero day attacks.

What is most valuable?

Call back
Zero day attack

How has it helped my organization?

We have discovered different malware which was basically a zero day attack and call back.

What needs improvement?

Cluster option is not available in NX, and for false positives we need some customization configuration available, such as a whitelist.

For how long have I used the solution?

I've used it for one year.

What was my experience with deployment of the solution?

No issues encounter.

What do I think about the stability of the solution?

No issues encounter.

What do I think about the scalability of the solution?

No issues encounter.

How are customer service and technical support?

Customer Service:

It's very good.

Technical Support:

It's very good.

Which solution did I use previously and why did I switch?

Different IPS and end point products were used. FireEye has a different concept for the handling of ATP and malware with a virtual machine which resides in their box.

How was the initial setup?

It was simple and straightforward.

What about the implementation team?

We have implemented it ourselves on customer premises.

What other advice do I have?

It is a good product to implement, especially where the existing technology fails to detect zero day attacks.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user221841

IT Security Manager with 51-200 employees

May 12, 2015

Provides a target response time of one minute for both hardware and software issues— and immediate escalation to level-two advanced support for high-severity issues.

After the release of our first product we had a lot more exposure with the public and we knew we would attract some unwanted attention. We started looking at solutions for network hardening and intrusion protection.

We engaged The Herjavec Group to perform a network penetration test. THG offers a comprehensive suite of security and network services to organizations around the world, supported by Canada’s largest group of certified security professionals. Although the initial findings from the test showed the existing network to be robust, through practical experience with other similar clients, THG recommended implementing a FireEye Network Threat Prevention Platform. We felt comfortable after seeing the early results of the penetration test but decided to do an in-house demo of the FireEye Network Threat Prevention Platform to see how it would add to the protection of our internal systems and R&D network. As part of the overall evaluation of similar technologies, along with THG’s recommendation to evaluate FireEye, we also looked at several other competitive offerings. Once we had a chance to do our own due diligence, it was clear that there is really nothing else that compares with the FireEye appliance. After the proof of concept, I really didn’t have to do much to justify the investment. We immediately purchased the FireEye Network Threat Prevention Platform.

With any new solution the deployment effort and ongoing management overhead is always a consideration. We’ve been really pleased with how straightforward the FireEye solution is to manage. Installation was very simple, and the solution requires little-to-no ongoing maintenance. Because threat protection is a mission-critical function, we opted for the FireEye Platinum Support program. This level of support provides a target response time of one minute for both hardware and software issues— and immediate escalation to level-two advanced support engineering for any high-severity issues encountered. Our board of directors are very conscious about the value of the intellectual property that we are constantly creating and very sensitive to security concerns—especially cyber-based threats. You can’t put a price on an attack, especially when it’s your company’s underlying IP at risk. FireEye gives us leading edge protection.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.