We performed a comparison between Exabeam Fusion SIEM and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It's pretty powerful and its performance is pretty good."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The main benefit is the ease of integration."
"The solution's initial setup process is easy."
"Timeline based analysis; good platform support"
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"The advanced analytics has a really great overview of user behavior."
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"It's a very user-friendly product and it's a very comprehensive technology."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"I like the ease of deployment."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"McAfee as a whole is a good solution."
"The product’s most valuable feature is log monitoring."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
"We still have questions surrounding hardware deployment."
"The organzation is rigid and not flexible in the way they operate"
"The only problem is that the UI is not very impressive."
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"They should provide detailed information about detecting phishing emails."
"I would like to see improvements to the user interface."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"The support from McAfee ESM could improve. They could improve the speed."
"We cannot add new data sources to the most recent version."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"Tech support is required each time there is a system update of the solution."
Exabeam Fusion SIEM is ranked 28th in Security Information and Event Management (SIEM) with 10 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Exabeam Fusion SIEM is rated 8.0, while Trellix ESM is rated 7.4. The top reviewer of Exabeam Fusion SIEM writes "Enables centralized log collection on a single platform". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Exabeam Fusion SIEM is most compared with IBM Security QRadar, Palo Alto Networks Cortex XSOAR, Splunk Enterprise Security, Splunk User Behavior Analytics and Gurucul UEBA, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our Exabeam Fusion SIEM vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.