Cybereason Endpoint Detection & Response vs Trellix ESM comparison

"The initial setup was easy and straightforward."

"The dashboard is very good and you can consider it as an interactive UI."

"The initial setup is not overly complicated."

"The interface is user-friendly."

"The initial setup was straightforward."

"It gives all the information in a clear response."

"I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten."

"They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen."

"The most valuable feature in ESM is its search and reporting feature. It's really nice."

"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."

"McAfee as a whole is a good solution."

"It is user-friendly. The notification part of McAfee ESM is very easy."

"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."

"Scalability is quite easier with Trellix ESM, because all we need to do is add more receivers to it, so it can go to any point."

"The solution's technical support is great."

"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."

"Ad hoc higher-level reporting to senior management can be improved or can be implemented. That's definitely an area of improvement that they need to focus on."

"The reporting feature needs improvement."

"The network coverage becomes an issue most of the time."

"Cybereason does not have sandbox functionality."

"It should be more stable, and the sensor needs improvement in terms of connectivity."

"While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper."

"They need to improve their technical support services."

"The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor."

"I would like to see improvements to the user interface."

"I would like to see good analytics in future releases."

"It is more difficult to operate Trellix ESM than other solutions."

"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."

"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."

"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."

"The user interface could be more user-friendly."

"This product is somewhat expensive and should be cheaper."

"In terms of pricing, it's a good solution."

"The pricing is manageable."

"Though it is not the cheapest solution but it fits our budget. We pay an annual licensing fee."

"I do not have experience with the licensing of the product."

"I had to go through a third-party to purchase it, which I wasn't really pleased about."

"We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money."

"In terms of cost, this is a good choice for our needs."

"The pricing is fair."

"The cost is dependent on the customer's environment and requirements."

"McAfee is the right choice for a low-budget solution."

"The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."

"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."

"The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."

"We renew our license annually."

"The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar."