No more typing reviews! Try our Samantha, our new voice AI agent.

ConnectWise SIEM vs Trellix Endpoint Detection and Response (EDR) comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
ConnectWise SIEM
Ranking in Endpoint Detection and Response (EDR)
55th
Average Rating
8.6
Reviews Sentiment
6.6
Number of Reviews
3
Ranking in other categories
Security Information and Event Management (SIEM) (48th), Secure Access Service Edge (SASE) (22nd), Managed Detection and Response (MDR) (24th)
Trellix Endpoint Detection ...
Ranking in Endpoint Detection and Response (EDR)
14th
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
29
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of ConnectWise SIEM is 0.8%, up from 0.2% compared to the previous year. The mindshare of Trellix Endpoint Detection and Response (EDR) is 1.0%, down from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Trellix Endpoint Detection and Response (EDR)1.0%
ConnectWise SIEM0.8%
Other94.6%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
reviewer2711757 - PeerSpot reviewer
Cyber Security Software Engineer at a tech services company with 11-50 employees
Automated alerting and reporting excel while cost and feature limitations remain
I find automation to be one of the best and most valuable features of the product. Machine learning is incorporated into the solution, though AI is a broader term that I wouldn't apply here. I haven't personally explored AI yet, but I will investigate it. Machine learning functions more as automation in my experience, as there's no training involved yet. I want to conduct R&D on another project with Wazuh to determine how to capture usage, for example, tracking user logins and time spent. This is where I need to implement machine learning. Additionally, the extraction of GeoIP adds complexity. The solution is effectively reducing incident response times in operations.
Duncan  Kims - PeerSpot reviewer
Business Development Manager at a retailer with 10,001+ employees
Advanced detection has reduced targeted attacks and builds daily confidence in our defenses
Trellix Endpoint Detection and Response (EDR) has a very low false positive rate compared to other products, thus increasing the SOC efficiency in how my team relies on the solution day-to-day.With the best features Trellix Endpoint Detection and Response (EDR) offers, ease of SOAR integration helps to automate the IOC distribution, and our security team and management trust the product. Advanced detection capabilities ensure that targeted attacks will be detected and blocked before they arrive at our network. SOAR integration has assisted our security team and management in trusting the product.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"Cortex XDR by Palo Alto Networks has changed the way my security team detects, investigates, and responds to threats, as we are able to see the files, unwanted files, unsecured files, and unauthorized files, so we are quarantining them."
"Cortex is a very good total solution on the endpoints."
"Cortex XDR by Palo Alto Networks is specifically designed to prevent zero-day attacks and is part of an ecosystem of Palo Alto, providing customers with a long-term vision to modify and redesign how security is applied in their company."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"Stability is a primary factor, and then there's the ease of distribution and policy management; Cortex XDR by Palo Alto Networks is very easy to work with, and we're quite happy with them."
"Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."
"We think that this product will help us grow, as it meets our needs currently and we can grow with it over time."
"One valuable feature of ConnectWise Fortify is the ability to add other teams and receive notifications when customers make changes or remove multi-factor authentication in Microsoft or SAP environments."
"The integration capabilities of ConnectWise SIEM are off the shelf, making it easy to buy and use; you just unpack it and use it."
"We have found the solution has great functionality and it is easy to use."
"The most useful features are behavior monitoring, DLP, and access control. The automation has gotten much better in the last two years than when it was McAfee. It works better now and integrates more smoothly."
"It relies on external systems for detection and then asks the endpoint to handle blocking. However, the most crucial feature is its investigative capabilities. With real-time search and other functionalities, it enables comprehensive detection and response."
"Trellix has a user-friendly interface."
"It is a scalable solution and very easy to use."
"Trellix Endpoint Detection and Response (EDR) does everything; it saves time, it saves money, and of course, it provides peace of mind."
"The solution is scalable and the product has a good strategy when everything is in place."
"It has been helpful in terms of identifying unknown threats."
"This is a stable product."
 

Cons

"The tool needs to be improved in terms of integration and interface."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"In terms of areas of improvement, we have not completed our review of the product. We're also looking at other products. So, it's a little bit hard to tell what could be different because we have not completed the review of this product, but based on our experience so far, its implementation is quite complex."
"It'll help if customization was easier."
"There are some limitations on the Traps agents."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"The main issue I could point out is the offline agents and the way that it is missing."
"It takes time to scan the servers and devices."
"ConnectWise Fortify could work on covering more areas, like phishing messages, which have become more complicated to detect."
"The manage portion of the solution is complicated and should be simplified by having different versions to meet the needs of different size companies."
"ConnectWise SIEM is primarily focused on notifications and is limited in that aspect, while Wazuh can automate the elimination process."
"The dashboard and reporting features are not so user-friendly or intuitive, so they need some work."
"One of the issues about the product stems from the failure to work on its administrative scalability. The aforementioned area can be considered for improvement."
"When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required."
"Some modules that are doing machine learning and artificial intelligence are blocking our processes."
"Trellix does not support Linux and Mac."
"The solution's downside stems from the fact that Trellix Endpoint Detection and Response (EDR) and McAfee MVISION Endpoint are not combined into a single solution, so from an improvement perspective, they need to be combined into a single solution."
"The searching capabilities for the IOCs can be further improved"
"Initially, I was using it on servers, but it consumes a lot of resources on servers."
 

Pricing and Cost Advice

"Cortex XDR's pricing is ok."
"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"Our customers have expressed that the price is high."
"I don't have any issues with the pricing. We are satisfied with the price."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"The price of the product is not very economical."
"The solution is expensive."
"The product’s pricing is reasonable."
"Speaking about the price, you must use the product to find the product's cost for you."
"The licensing costs attached to the solution are very easy to manage. There is a need to make yearly payments towards the licensing costs."
"The cost is okay, compared to other products."
"Pricing is a problem in South Africa. It could be cheaper here. The rand-to-dollar exchange rate makes it expensive for us. A 25 dollar endpoint cost becomes quite significant when converted to rand."
"The pricing is always high."
"The price is reasonable."
"On a scale of one to ten, where one is low and ten is high, I rate the solution's pricing an eight out of ten."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Computer Software Company
15%
Construction Company
12%
Comms Service Provider
10%
Financial Services Firm
7%
Financial Services Firm
15%
Construction Company
7%
Manufacturing Company
7%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
No data available
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise3
Large Enterprise14
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with ConnectWise Fortify?
I haven't utilized the advanced threat intelligence capabilities with ConnectWise SIEM. Advanced threat intelligence ...
What is your primary use case for ConnectWise Fortify?
I do not have experience with ConnectWise SIEM for RMM, as I mostly work on Wazuh, and I have a team that handles Con...
What advice do you have for others considering ConnectWise Fortify?
The review can be made anonymous if just my name and not the company name is used. I would assess the real-time visib...
What is your experience regarding pricing and costs for McAfee MVISION Endpoint Detection and Response?
I find licensing to be one of the best aspects of Trellix Endpoint Detection and Response (EDR), but I am unsure abou...
What needs improvement with McAfee MVISION Endpoint Detection and Response?
Trellix Endpoint Detection and Response (EDR) could be improved as I find that, since FireEye and McAfee became Trell...
What is your primary use case for McAfee MVISION Endpoint Detection and Response?
My main use case for Trellix Endpoint Detection and Response (EDR) is for blocking malware and catching unusual behav...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
ConnectWise Security Management, ConnectWise Fortify, Continuum Fortify, ConnectWise SIEM, ConnectWise SASE
McAfee MVISION EDR, MVISION EDR, MVISION Endpoint Detection and Response
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Techvera, Syrex, Clark Integrated Technologies
Sutherland Global Services
Find out what your peers are saying about ConnectWise SIEM vs. Trellix Endpoint Detection and Response (EDR) and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.