We performed a comparison between Elastic Security and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The connectivity and analytics are great."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The feature that we have found the most valuable is scalability."
"ELK documentation is very good, so never needed to contact technical support."
"The visualization is very good."
"It's not very complicated to install Elastic."
"The scalability is good. It can be scaled easily in the production environment."
"Enables monitoring of application performance and the ability to predict behaviors."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"The most valuable feature for me is Discover."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"I like the ease of deployment."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"It is easy to use."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"This solution integrates easily and very well with other technologies."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The playbook is a bit difficult and could be improved."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."
"Better integration with third-party APMs would be really good."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"We cannot add new data sources to the most recent version."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"Customized reports and alerting functionality could be included in the dashboard."
"The solution needs to improve case management. The UI is confusing."
"The initial setup is difficult and could improve."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 58 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Elastic Security is rated 7.6, while Trellix ESM is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Microsoft Defender XDR. See our Elastic Security vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.