We performed a comparison between Elastic Security and Trellix Active Response based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."This is stable and scalable."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"The solution was relatively easy to deploy."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"The product's initial setup phase is very easy."
"NGAV and EDR features are outstanding."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"It's open-source and free to use."
"The cost is reasonable. It's not overly pricey."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"Elastic is straightforward, easy to integrate, and highly customizable."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"Elastic Security is very easy to adapt."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"The solution is scalable."
"It's a little lighter compared to the older version, which was mostly signature-based."
"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"ZTNA can improve latency."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"We'd like to see more one-to-one product presentations for the distribution channels."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"The solution's query building is not that intuitive compared to other solutions."
"The solution does not have a UI and this is one of the reasons we are looking for another solution."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"There are some components on the cloud that should also reside in the on-prem deployment models but don't."
"I also expected Active Response 's user interface to be much more analytical."
"While the product is good, we are currently facing support issues."
Earn 20 points
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews while Trellix Active Response is ranked 57th in Endpoint Detection and Response (EDR). Elastic Security is rated 7.6, while Trellix Active Response is rated 6.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trellix Active Response writes "Lighter with good stability and pretty good technical support". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Trellix Active Response is most compared with Trellix Endpoint Detection and Response (EDR) and Trellix Endpoint Security (ENS).
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.