Trellix Helix Connect Reviews

I have been using Trellix Helix Connect for about 1.5 years now.

The main use case for Trellix Helix Connect is to see the detections and the endpoint results of the endpoints involved in those detections. For example, if a user generates an alert by doing something suspicious, we get the alert on Trellix EDR, and then we get a link to Helix Connect through which we can check the details about the user and their machine.

Checking those details in Helix Connect helps me in my day-to-day work because, for example, if someone downloaded something that they were not supposed to download and we get a flag on the EDR, we see that person is the user on the EDR system and we go to Helix Connect to search out the username or maybe the hostname. We get the full device details, and from the device, we can contain the device, restrict the device, or delete that file from the device. We can also quarantine or un-quarantine the particular file based on the business needs of the company. This is how it makes it easier for us to mitigate things.

The best features Trellix Helix Connect offers are that it provides readily available connection and the speed of deployment. It comes with a set of pre-built rules, integrations, and analytics which eliminate months of hard work and research that we have to do on the rule-making part. Trellix Helix Connect is also easy to implement and integrate as both come from the same parent company. With the existing data sources, we can connect it, and it also has many connectors and over 490 third-party connectors which help us get prioritized AI-guided responses. The GenAI triage, which used to be called Trellix Wise before, is now accessible to both current and new customers. This GenAI-powered alert triage helps us in the automation of triaging the detections.

The pre-built rules and analytics save us a lot of time and have positively impacted my team's workflow because whenever we migrate to a new tool, we basically have to sit for months to form the rules and alerts. Trellix Helix Connect provided a very ready-to-go data source with connectors, which made it easy for us to implement the things from the start. It did not take a long time for us to set it up and launch into operations practically.

Trellix Helix Connect has positively impacted our organization by helping us quarantine and un-quarantine files and manage our full asset inventory. We can watch every host and what is happening with them, whether the host is being deleted, onboarded, or off-boarded. It has also helped with our monthly reviews and the reports through which we can observe the types of malware affecting us, the malware that is not impacting us anymore, and the trends in malware activity.

Trellix Helix Connect can definitely be improved, especially regarding cloud and SaaS telemetry gaps. It could enhance its native cloud and SaaS telemetry integration. Additionally, sometimes when we open the details of a file, it lacks meta fields altogether, and we must manually ask the user for the meta fields, such as when the file was created, last opened, last updated, and its hash value. Helix does not perform as expected in this regard. There are also many false positives flagged that should not be, and there is no on-premises option for FireEye Helix. Lastly, the GUI and dashboard feel very old-school and legacy, needing improvement, as all competitors have far superior GUIs and UI/UX interfaces.

I would add that we have experienced specific problems with session timeouts where we randomly log out from the system after some time and face issues in logging back in. This required us to contact customer service frequently, which is also not very reliable or prompt.

I have been using Trellix Helix Connect for about 1.5 years now.

Trellix Helix Connect has stability issues as it experienced downtimes during off-hours that affected our night shifts and late hours; however, the outages were only about 30 minutes to one hour long. Sometimes, this caused a mismatch in detections, but it is still manageable and not significant enough to cause major disruptions.

The scalability of Trellix Helix Connect is good as it has over 400 ready-to-go connectors, which is a strong feature.

The customer support is not very good, not that responsive, and not that fast either. We often wait for weeks to get a response from the engineering team due to a long relay process from customer representatives to the engineering team and then back to us.

We previously used Defender, and we switched to Trellix Helix Connect because the client wanted a more affordable solution.

I have not seen explicit ROI metrics since that part was handled by the sales representatives of our company and the client's company. However, from an analyst's perspective, it has required fewer L2 operators since we already have a broader view of what is happening with the endpoint machines, which helps us form a verdict quickly and results in fewer employees needed.

My experience with pricing, setup cost, and licensing for Trellix Helix Connect showed that the pricing was definitely competitive. We mainly chose this solution because of the pricing factor alone; many other options were more lucrative feature-wise, but for pricing, it was quite competitive at the time.

Before choosing Trellix Helix Connect, we evaluated other options, including CrowdStrike and Palo Alto.

My advice to others considering Trellix Helix Connect is to proceed only if you are getting competitive pricing; otherwise, it is nothing special and simply offers what many other connectors, such as CrowdStrike, Palo Alto, and Defender, already offer. Those options are far superior in terms of GUI and UI/UX standards. If you find competitive pricing that seems worthwhile, then proceed; otherwise, I would not recommend it. I gave this product a rating of 7 out of 10.

Hybrid Cloud

Other

Trellix Helix Connect is being managed by my company's infrastructure area to improve information security processes in monitoring, investigating, and minimizing problems and threats to our cloud services and systems. We use it mainly to monitor the performance of systems and applications, databases, and critical network processes. The objective is to perform data analysis for patterns that may indicate a threat. This intelligence process determines priorities and alerts that reveal possible threats as early as possible.

As an analyst, Trellix Helix Connect allows me to analyze patterns that may indicate a threat, enabling us to work on threats faster before they affect our business processes.

Some of the best features Trellix Helix Connect offers include valuable threat intelligence, SIEM log collection, VDI availability, runs on startup, user-friendly interface, the ability to identify threats on time, and real-time activity visibility. Problem reporting is integrated and simplifies analysis and compliance operations.

Valuable threat intelligence is crucial for us because it offers advanced threat intelligence as a valuable feature, allowing us to prioritize alerts quickly and efficiently.

Trellix Helix Connect has positively impacted our organization by improving our security, as we now have fewer attacks and more peace of mind when working, improved efficiency within the office staff. Additionally, it has increased security for our applications, and we were able to integrate internal applications already developed through API. We also integrated other Trellix tools that we already used.

There is little training available for technology teams to master the key features of Trellix Helix Connect, and that could be improved.

Reports can be difficult to customize and adapt, and analyzing them is also not easy, indicating an improvement opportunity.

I have been using Trellix Helix Connect for about eight years.

Trellix Helix Connect is very stable.

Trellix Helix Connect's scalability is great; it continues to improve incidents and attacks and handles my organization's growth well.

Customer support is exactly what we need.

I previously used AlienVault ECM.

I decided to switch from AlienVault ECM and Alert Logic to Trellix Helix Connect because ECM had more functionality and a friendlier, cleaner user interface than Alert Logic. ECM's ability to integrate easily into Intel's endpoint solution made it more appealing compared to AlienVault. Although AlienVault's inclusion of vulnerability management and IDS made it stand out, we chose Trellix Helix Connect because it is more cost-effective, flexible, and easy to use, with great customer support. It has improved our overall security posture, which is why we chose it.

It was very easy to deploy Trellix Helix Connect in our environment.

The configuration process took place easily and was smooth and straightforward.

Before choosing Trellix Helix Connect, I evaluated Microsoft Office 365 and IBM Cognos among other options.

The metering and billing experience was very easy to understand, and we are billed for what we use, so I would say it is very accurate in terms of billing.

Trellix Helix Connect offers a great price plan. We do not have to dig deep into our pockets, making it a very cost-effective platform.

The ability to manage budgets is very advantageous, along with an actively upgraded product with good vendor support, and the centralization of events from NIDS, IPS, IDS, firewalls, web proxy, and endpoint.

We use Amazon Web Services as our cloud provider.

Trellix Helix Connect integrates very smoothly with other AWS services we use.

I rate Trellix Helix Connect five out of five because of its monitoring activities, which help to impact our security posture and other business processes. We feel more secure since adopting this tool. It is also a very cost-effective tool, and we do not have to dig deep into our pockets. Additionally, the customer support has always been proactive and very helpful.

I recommend Trellix Helix Connect because it is easy to collect valuable data from hundreds of types of devices, and events correlation and offenses work very well. Notifications in case of an incident also work perfectly. The configuration is easy to customize with the content packs and plugins. The system is flexible for new questions or situations, helps improve visibility of threat actors, and aids in further prevention, making it a highly recommendable tool.

Trellix Helix Connect has helped us improve security, prevent incidents and attacks, reduce security and continuity risks, and correct independent management information.

I use other tech products including Google Analytics, FortiSIEM, and IBM QRadar. I am interested in analyst insights about other solutions.

The interview was straightforward, and I have no suggestions for changes for the future.

Public Cloud

Amazon Web Services (AWS)

Our main use case for Trellix Helix Connect is centralized security monitoring, threat detection, security event correlation, and incident response, which helps us to collect and analyze security events from multiple sources through a single platform.

One example of how I use Trellix Helix Connect for threat detection or incident response in my day-to-day work was when Helix correlated alerts from multiple security tools and identified a potential security incident that would have been difficult to detect by reviewing individual alerts separately, helping us investigate and respond much faster.

The best features Trellix Helix Connect offers are centralized visibility, security event correlation, threat intelligence integration, automated workflow, and incident investigation capability.

The most valuable feature out of those is security event correlation because it helps connect information from multiple security tools and provides better context for our investigation.

Trellix Helix Connect has positively impacted our organization by improving our threat detection capability, reducing investigation time, and providing better visibility across our security environment.

We estimate that security investigation and incident response activities are approximately 40 to 45% faster compared to before implementing Trellix Helix Connect.

Trellix Helix Connect is a powerful tool, and while I don't see any major issues, I would like to see additional dashboard customization options and more advanced reporting capability. Overall, the platform is reliable and everything is perfect regarding the needed improvements.

I have been using Trellix Helix Connect for more than two years.

Trellix Helix Connect is stable.

The scalability of Trellix Helix Connect is excellent; the platform has scaled well as our environment and log volume have grown, and there are no major issues we have faced.

Customer support for Trellix Helix Connect is very nice; they are knowledgeable and responsive.

Before Trellix Helix Connect, we relied on multiple monitoring and log management tools that lacked centralized correlation and visibility, but after Trellix Helix Connect, everything was centralized.

We have seen a positive return on investment through the faster incident investigation and improved operational efficiency, as well as the reduced manual effort for security monitoring. Before Trellix Helix Connect, we were doing everything manually, but after that, it has become automatic, allowing us to save about 40 to 45% time and reduce operational inefficiencies.

Our experience with pricing, setup cost, and licensing has been positive; the setup process was manageable, and the license model was flexible enough to meet our requirements.

Before choosing Trellix Helix Connect, we evaluated many other options including Splunk Enterprise Security, IBM QRadar, and Microsoft Sentinel.

Trellix Helix Connect's governance and security features provide strong assurance, ensuring that AI-driven insights and automated actions remain aligned with our organizational security policy.

The accuracy and reliability of Trellix Helix Connect's AI capabilities are impressive, as the AI-driven insight and correlation have been accurate and reliable, helping our team prioritize threats and focus on the most important security events.

My advice to others looking into using Trellix Helix Connect would be to integrate it with all major security tools and establish a clear incident response workflow to maximize the value of the platform. I would rate this product a 9 out of 10.

Hybrid Cloud

Microsoft Azure

Correlating the alarms is the priority for us, and Trellix Helix Connect was capable of doing that, and we were happy for this feature because we connect some third-party resources as well. We are not only using Trellix products but also other third-party firewalls and other security tools.

It helped streamline our incident management by reducing our investigation time; not extremely, but it helped.

Correlating the alarms is the priority for us, and Trellix Helix Connect was capable of doing that, and we were happy for this feature because we connect some third-party resources as well. We are not only using Trellix products but also other third-party firewalls and other security tools.

It helped streamline our incident management by reducing our investigation time; not extremely, but it helped.

There is room for improvement for Trellix Helix Connect; I see some direction that they still could improve.

The most problematic part was the integration part because in their catalog, they have so many third-party vendors, but some of them were not fully supported, so we requested some development and feature requests. Sometimes we saw that some documentation was not enough to integrate the third-party vendor's product. However, they improved their documentation, so it was a good experience.

Everyone expected that we could use an XDR solution as on-premises; they could make some improvement on this point, which is a priority for some institutions.

I am not sure what additional functionalities I would like to see in the future for Trellix Helix Connect; they could add some AI features, basically machine learning capabilities, and also improvements in the chatbot feature, but it was at the first stage an average.

I am not sure how long we were using it in our company; maybe two years or three years.

SLA times were okay for us; I cannot complain about anything for support. However, sometimes we can face some level one support engineers, at which point we had some problems.

We do not face much performance issues.

I would rate the technical support an eight from one to ten.

SLA times were okay for us; I cannot complain about anything for support. However, sometimes we can face some level one support engineers, at which point we had some problems.

Because of the budget, we are not using any XDR right now.

We stopped using FireEye Helix six or seven months ago.

I only used Trellix XDR, Helix Connect before Trellix Helix Connect.

The initial setup for Trellix Helix Connect was straightforward.

It is not the pricing of the product; basically, it was related to our own budget.

We had some issues, but it took some time, and we handled the problems.

We do not face much performance issues; for pricing, it was close to other competitors, but again, as I mentioned, it was directly related to our own budget.

The architecture has changed a little bit; there are new competitors according to me. So we may need to make POCs again and evaluate again.

I can say that I was working with Trellix Helix Connect overall, and the product was great; on the other hand, the concept has changed a little bit. We do not have any issue with the product. I was okay.

I used the integration feature of Trellix Helix Connect.

We also use NX, network security, and email security appliances and solutions as well, so with the ecosystem, it was excellent.

I leveraged some reports, and I can say that is all.

In general, I can say that Trellix Helix Connect impacted my organization positively.

I tried to integrate with Check Point and also Symantec mail security product, Secure Mail Gateway, which were the most problematic vendors.

On-premises

Other

Trellix Helix Connect is typically used for monitoring hidden events, such as malware events that a normal team might not detect, including phishing attacks. This is the most powerful case of an XDR, enabling easy detection of phishing scams and malware events.

I assess the effectiveness of Trellix Helix Connect's threat detection capabilities as robust, making it more powerful than Trend Micro and other solutions like CrowdStrike. It provides detailed visibility reports and granular reporting.

The orchestrated workflows of Trellix Helix Connect enhance threat response by providing detailed reporting, integration dashboards, and detailed feature reporting through Trellix ePolicy Orchestrator.

Metrics about the efficiency improvements Trellix Helix Connect has brought to our security operations demonstrate that its settings are the best when compared with other solutions in effectiveness.

The main advantage of Trellix Helix Connect is the vast integration with over 4,000 applications. This extensive support for integration is a major advantage of this product.

Trellix Helix Connect easily integrates with Office 365 and also integrates well with FortiGate, Palo Alto, and Barracuda, especially within AWS environments.

The weak point of Trellix Helix Connect is the data storage capacity; more storage must be purchased as the data grows, which is a disadvantage because the cost increases when more space is needed on the cloud.

It is quite costly, especially if the events are increasing daily. The overall solution is fine but requires purchasing more space on the cloud, which can be expensive.

I have been working with Trellix Helix Connect for around four to seven years. Before Trellix Helix Connect, it was known as McAfee, and I worked with McAfee for around 18 to 20 years.

Earlier, the technical support from Trellix was not good, but currently, there has been very significant improvement in technical cases, and the responses are strong and very helpful.

Earlier, the technical support from Trellix was not good, but currently, there has been very significant improvement in technical cases, and the responses are strong and very helpful.

I assess the effectiveness of Trellix Helix Connect's threat detection capabilities as robust, making it more powerful than Trend Micro and other solutions like CrowdStrike. It provides detailed visibility reports and granular reporting.

The initial deployment of Trellix Helix Connect is neither easy nor complex; I would rate it as medium because if you are a technical person familiar with antivirus and security products, you can handle it.

More people are needed for deployment; at least two or three people are necessary to cover all aspects and security postures in one solution, as it is not possible for one person to deploy everything.

Deployment for Trellix Helix Connect may take about two to three weeks if you are managing around 100 to 300 users.

I am currently also working with Microsoft, Kaspersky, and Symantec, along with Trellix Helix Connect.

I also work with Kaspersky and Symantec because they are cheaper solutions, but Trellix Helix Connect is the overall complete cybersecurity solution, covering all aspects in one package. That is why I prefer Trellix Helix Connect for cybersecurity.

The orchestrated workflows of Trellix Helix Connect enhance threat response by providing detailed reporting, integration dashboards, and detailed feature reporting through Trellix ePolicy Orchestrator.

I rate the technical support from Trellix an eight out of ten.

I rate Trellix Helix Connect a nine out of ten as a product in general.

Hybrid Cloud

Amazon Web Services (AWS)

I have been working with Trellix Helix Connect for a long period of time, almost nine years. I have worked on different products including Application Control, encryption, email security, EDR, XDR, and all the newly added products in Trellix.

The orchestrated workflows in Trellix Helix Connect have helped enhance my threat response. In the orchestration, we are getting the reporting site and an investigation report. If you are using DLP or XDR, we get the DLP report on the orchestrated platform. For SaaS-based EPO that is already in the cloud, customers have no hassle because all upgradations and products are upgraded automatically on the cloud side. However, for on-premises platforms, customers want different types of reporting. For example, if any incident happens, it instantly shows in the dashboard, and from this, we can get detailed reporting on that attack surface and incident report. I think if these types of things are added to the platform, it would be helpful for customers and for us.

The features that I find most valuable in Trellix Helix Connect are the incident response capabilities, which include EDR and XDR, along with the SoC capabilities added in the new advanced Trellix AI intelligence. These things are very important to all organizations.

Additionally, DLP is also very essential for our organization, as they are already using it. We are trying to introduce the Trellix layer security, but we still need some time to introduce all aspects to our own customers. We are working at our level best to achieve that.

The customizable alerts and reports in Trellix Helix Connect assist my team in adapting security strategies. When using cloud sites with products such as EDR and XDR, you are not left with vulnerabilities, but when you are using third-party tools, you can analyze that your site is totally secured. This is something customers sometimes require. For example, with this type of report submitted to CrowdStrike, that product shows their reporting and sends the email to that customer particularly, and they are very happy about that. In Trellix, we need these types of reports where you are giving information for analyzing or reporting, and scanning shows that your site is very secure and you are using a high-level, advanced-level threat protection detection product. This type of report could sometimes be sent to the customer, stating that you are using it and you are totally secure. This would be helpful for us.

I would assess the effectiveness of Trellix Helix Connect's threat detection capabilities as improved nowadays. Some aspects of Trellix are improved using the AI technological sector, particularly EDR, which is Extended Detection and Response, capable of visualizing the incidents and the response. However, from my perspective, compared to other products, we need to improve the integration of detection and response in the product. For example, if I consider CrowdStrike, they provide their EDR capabilities, the scanning report, and vulnerability in the product, and they have provided third parties to analyze the report. Trellix has not provided their actual report on whether there is any vulnerability on the cloud side or not. This is the type of thing that customers sometimes recommend, in that they need a report showing clear visualization and that AI has detected something on the cloud service which needs to be reported. These types of things are required for customers nowadays.

Trellix Helix Connect can be improved in various ways. There are some issues such as high CPU utilization that we have experienced in the past whenever we were using Trellix Endpoint Security in the cloud system, which prevented anyone from working properly. I think they are reducing this with the upgradation of the Endpoint Security product and other products, but the main concern is sometimes the client cannot work properly when using Endpoint Security because it takes high CPU utilization. We also sometimes face issues with encryption. We are worried about this because sometimes some systems are taking the encryption as inactive. The encryption is happening, but it is not active and is showing as inactive. However, for reporting purposes in the EPO, it is showing that it is active when it is not actually active. These types of mismatches between the customer and Trellix platform side need to be improved.

I have been working almost nine years.

I would rate technical support for Trellix Helix Connect as eight out of ten based on my calculations and perspective.

I do use the integration feature in Trellix Helix Connect. Trellix is now not only on-premises but also working on the SaaS base. In the SaaS-based EPO, we are integrated with the on-premise or SaaS base, and we are transferring the system to the SaaS base. Some clients are trying to transfer their system to the cloud and some are using that cloud DLP. The problem is with the DLP integration. Another product is Solidcore, which is related to Application Control, Change Control, and Execution Monitoring, and it is not properly integrated with the SaaS-based EPO. It is a main concern that we need proper integrations to the cloud services for Application Control, Change Control, and integrity monitoring for Solidcore devices.

I can share that the efficiency improvement Trellix Helix Connect brought to my customer's security operations varies because for different customers, their expectations, design, and requirements are different. For example, banks have different requirements than customers on the medical side, such as pharmaceuticals. In some banking sectors, they want proper visualization, reporting, and a customized dashboard that can help them submit their report to higher authorities. On the other hand, if you consider the pharmaceutical sector, they want total security where nobody can access and nobody can get any internal report or internal information. They want to secure their site. This is the difference between companies using it, as their requirements are totally different. Some use Application Control for ATM security for banks, but on the other hand, if you consider pharmaceuticals, they do not need any ATM security level of protection. They need high-level data protection as that is a high concern for them. Overall, the different products and their working capabilities are different, and customers want to get their organization secure in that way. I think penetration testing and other things could be added which would be helpful for customers for future reporting purposes, protection purposes, or detection purposes. My overall rating for Trellix Helix Connect is eight out of ten.

Hybrid Cloud

Other

My main use case for Trellix Helix Connect is to provide an MDR service to our clients. We use Trellix Helix Connect to correlate the alerts and automate the response most often.

For example, we use Trellix Helix Connect for MDR services with our clients when we have XDR for Trellix Helix Connect to analyze the alerts and set up the SOAR workflows. It depends on the client needs.

In our day-to-day operations, we have the main use case of Trellix Helix Connect which allows us to reduce MTTD and MTTR, and we have the KPIs to support this.

The best features that Trellix Helix Connect offers are SOAR, automation, hyperautomation, and the correlation of alerts and threat intelligence, for example, when the alerts cross through MITRE ATT&CK, which stand out most to me.

Out of those features, automation, alert correlation, and threat intelligence have made my work easier and more effective as we integrate many cybersecurity solutions into the XDR and set up the use cases to reduce MTTD and MTTR from days to minutes.

I would add that the level of integration with other brands is something that surprises me about the features of Trellix Helix Connect.

Trellix Helix Connect has positively impacted my organization as it is the most important tool to provide MDR service to our clients, which has resulted in specific outcomes and improvements.

To improve Trellix Helix Connect, I think it is possible to enhance the dashboard to share more information about the incidents. For example, if I want to check a MITRE technique, maybe it is necessary to have a quick link to check this technique in the dashboard.

I think the usability of hyperautomation is something to improve in the solution because it is expensive regarding the needed improvements.

I have been using Trellix Helix Connect for one year.

Trellix Helix Connect is very stable, and I have experienced almost no downtime or issues, as the downtime is mainly about maintenance time, confirming its reliability.

Trellix Helix Connect's scalability is excellent as the solution has a library to make integrations with other brands, allowing it to handle growth easily via API.

The customer support for Trellix Helix Connect is well in Latin America because there are many people in the region, which enhances the experience.

Neutral

I previously used legacy SIEMs before choosing Trellix Helix Connect.

My experience with pricing, setup cost, and licensing is that the licensing for XDR is good, though the hyperautomation feature is expensive.

We have seen a return on investment with Trellix Helix Connect, and we can share relevant metrics as we reduce the MTTD and MTTR and have KPIs indicating our ROI.

Before selecting Trellix Helix Connect, I evaluated other options including Palo Alto XDR, Cisco XDR, and Rapid7 with the new generation SIEM.

The most important metrics are the reduced MTTD and MTTR because the clients' legacy solutions provide faster response when they use this tool, showing measurable benefits.

I advise anyone considering Trellix Helix Connect to review the different solutions of the XDR ecosystem, focusing on the capability to integrate with other brands without shadow cost and the capability to respond and reduce MTTD and MTTR. I would rate this product at a nine out of ten.

Public Cloud

Other

Trellix Helix was used to retain all logs, where I created multiple alerts based on organizational requirements. These alerts would trigger when conditions matched specific criteria. Multiple data centers shipped logs through Trellix Helix, and those data centers were monitored through the platform. These were the fundamental use cases I utilized.

The area I found to be of value is the file rate capability in Trellix Helix, which is the primary feature I appreciate. For example, if we received any traffic, I could obtain a PDF file that could be analyzed in the EDR tool of FireEye. I have used multiple tools after that as well, but none of them have the same capability. If you obtain the PKS, you will not be able to analyze it, so that is the major thing I appreciate.

Regarding areas for improvement with Trellix Helix, I believe that if the integration with AWS and GCP environments could be improved, that would be beneficial.

I am currently not using Trellix Helix, but I used that product for approximately two point five years.

Regarding stability, I find it to be fine. I would rate it as pretty stable, and there is room for improvement in that area as well.

I rate the scalability of Trellix Helix as good.

I had to contact technical support a few times when the data center went down or when I was not receiving the EPS count on the ADCs. Initially, when the product was deployed, it was difficult to get a response, but later the response time became very fast.

My experience with the support team was very good; they were cooperative and demonstrated good knowledge of how things worked. Excluding my first experience, I would rate their support team a nine.

I found the initial setup to be easy; it was not difficult because we deployed it on multiple data centers. Creating the rules was also very easy, and it is a user-friendly tool. Initially, I struggled with it but later found it enjoyable writing the queries and getting the results.

The deployment for four data centers took a few hours; we had everything configured, but one data center was not receiving proper logs. We later found that there was an issue with the data center itself, but overall it did not take much time, so that was positive.

Trellix Helix is an excellent product that I would rate a nine on a scale from one to ten, with ten being the best. I would advise others looking into using Trellix Helix for the first time that it is very good because FireEye provides documentation on setup and how to create queries. They also have a YouTube channel explaining all involved queries, and I have not found anything lacking in the training for implementation. Only the cloud part could be improved, particularly shipping logs and configuring the AWS or GCP console.

On-premises

Other

We use Trellix Helix Connect because it is a SaaS solution. I think it has its own infrastructure rather than AWS or another provider. We use the Helix SaaS and a component called Evidence Collector that gets the logs from on-premise infrastructure and sends them to SaaS. I believe everything about Trellix Helix Connect is SaaS-based.

We use Evidence Collector which can be installed with the on-premise infrastructure to collect components such as files and IPS. This product receives the logs from the infrastructure and sends the information to Helix.

The best feature of Trellix Helix Connect is its quick implementation.

The integration with Mandiant is another significant advantage. When investigating an incident, we have access to IOCs and can receive results from Mandiant about these IOCs, similar to what VirusTotal offers. We can search and utilize this integration effectively.

We utilize the artificial intelligence capabilities in Trellix Helix Connect. We can perform some customization by providing parameters in the YARA from Helix, which provides valuable analysis points.

The solution allows users to create reports more quickly with comprehensive information, which can be expanded within minutes. This demonstrates the effectiveness of Trellix Helix Connect's automation capabilities for reducing incident response times.

The timeout of the tenant is an area that needs improvement. When investigating and gathering information from the Helix tenant for extended periods, disconnections occur. This results in lost work and the need to restart investigations due to disconnected sessions.

It is problematic when progress is lost and investigations must be restarted, resulting in lost information and significant time wastage.

The capability to integrate with other TIPs or cybersecurity intelligence sources could be improved to determine whether IOCs are malicious, similar to Mandiant's functionality.

The capacity to reduce false positives needs improvement as we receive many alerts from Helix that turn out to be false positives upon investigation. Enhanced capability in this area would make the system more efficient and easier to use.

The dashboards could be improved as customers frequently request real-time SOC dashboard displays for Helix.

The support for Trellix Helix Connect is not satisfactory. We experience difficulties accessing personnel with deep knowledge of Helix. We have numerous tickets to understand and resolve problems. It is not an easy product to support on a daily basis.

The support would rate a three out of ten. It can take one to four weeks to connect with someone who truly understands Helix and can provide solutions. This makes the product difficult to maintain.

Neutral

The solution can be challenging for analysts with lower skill levels. The syntax for finding findings requires specific knowledge, making it more difficult for initial users.

Trellix Helix Connect is generally easy to use, but the Evidence Collector component presents more challenges.

This review rates Trellix Helix Connect as 6 out of 10.

Public Cloud

Other

I am a presales manager for a cybersecurity company, and I use Trellix Helix to manage software for cybersecurity. I sell software to enterprise customers, and my main use case involves data protection, email security, and endpoint security.

One of the most valuable features of Trellix Helix is its AI capability for the XDR platform, enabling me to reduce the time to resolve incidents. The software correlates data from the security environment and allows searches in natural language. It is crucial for enterprise companies worldwide, not just in the United States. Trellix Helix offers more than 400 connectors for integration and supports both small and large environments.

I have just released this solution to the market, and my customers' response has been great. While Trellix Wise is seen as a top vendor with its AI implementation for accelerating incident investigation, there have been some support issues due to a recent fusion and merger in the company, which could be improved.

I have been working with Trellix Helix for two months.

The stability of Trellix Helix is really good. Although there have been some incidents, these were related to support issues rather than product instability. My solutions need to be highly available because they are critical for my customers.

The scalability of Trellix Helix is impressive. I support the largest companies in the world, and the solution is not just restricted to small or medium businesses. It can scale to support large environments.

The technical support for Trellix Helix is rated four out of five. Despite the ongoing transformation due to a fusion and merger of the company, the support could be better as there have been some challenges with staffing and information.

Positive

The initial setup of Trellix Helix was rated nine and a half out of ten. Although no software is ever one hundred percent, my experience was good and easy to use. The installation process is simple with straightforward configuration.

The price of Trellix Helix is competitive in the market. It is not the cheapest but also not the most expensive. As for additional costs beyond standard licensing fees, there are none.

I advise moving quickly to adopt Trellix Helix to improve operations and get faster response times for incidents. I rate Trellix Helix overall ten out of ten.

Hybrid Cloud

Other