We performed a comparison between Google Chronicle Suite and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"It has basic out-of-the-box integrations with multiple log sources."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The analytic rule is the most valuable feature."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The log folder is fairly simple."
"Google Chronicle Suite provides useful APIs."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"The support team is responsive."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"The tool's most valuable feature is the search option, allowing easy navigation."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"McAfee as a whole is a good solution."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The playbook is a bit difficult and could be improved."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The reporting could be more structured."
"We are invoiced according to the amount of data generated within each log."
"The product's default dashboard feature has a few limitations regarding availability."
"A few areas are difficult to understand for someone who has less experience using the product."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"The tool is complicated for a first-time user. It should also include newer APIs."
"The configuration is not optimal."
"In terms of improvement, the UI can be a bit challenging for beginners."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"The solution's graphical user interface (GUI) should be more user-friendly."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"The product's stability is an area of concern where improvements are required."
"There's no software support from McAfee."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"Customized reports and alerting functionality could be included in the dashboard."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. Google Chronicle Suite is rated 7.8, while Trellix ESM is rated 7.4. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Google Chronicle Suite is most compared with Splunk Enterprise Security, AWS Security Hub, Sentinel, IBM Security QRadar and Elastic Security, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and SQRRL. See our Google Chronicle Suite vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
