HP Wolf Security vs Trellix Endpoint Detection and Response (EDR) comparison

"I use HP Wolf Security to add a layer of safety, especially for laptops operating in various environments."

"The feature that stands out the most is that when someone clicks on a link in an email... [if] that link is malicious and it has some malware or keylogger attached to it, when it opens up in that Bromium virtualized browser, there's no chance of it actually being on the machine and running, because as soon as they click that "X" in the upper right-hand side of the browser, everything just vanishes. That is an added plus."

"The most valuable feature is the process isolation because it simply stops malware from infecting the machines."

"Now, instead of us having to go through that analysis, they actually give us a monthly report that shows us: "Here's what you got hit with, here's what would have happened, here are the forensics behind the attack," and, obviously, Bromium stopped it."

"It has prevented thousands of potential threats by encapsulating them within its own vSentry container, thus providing overall protection and integrity of the operating system."

"Our overall security posture has absolutely improved as a result of adding Bromium to our security stack. We continue to have less user impact through a significantly reduced amount of malware infections. It's become a non-event."

"The isolation feature is the most important because it prevents attacks."

"We've been able to isolate and prevent malicious code from external email attachments and from downloaded internet files. Those are the two big areas that have really made an impact."

"When Trellix detects some threats, the device is isolated in a quarantine zone for examination."

"This is a stable product."

"If there is any malicious behavior in the workstation or server, the tool stops or isolates it automatically and generates alerts."

"It relies on external systems for detection and then asks the endpoint to handle blocking. However, the most crucial feature is its investigative capabilities. With real-time search and other functionalities, it enables comprehensive detection and response."

"Blocking browser navigation is a feature of the solution with which we have experienced success."

"It is a scalable solution and very easy to use."

"The investigation and rule detection feature of the solution has proven most useful for our company"

"The biggest strength of the solution is that it's an integrated product that includes EDR and antivirus."

"Initially, when we came in contact with Bromium a few years ago, it had a nice threat analyst, or a LAVA Pop, which is what they used to call it. Once it detected malware, it would show us the malware's path... I don't see that on the computers now. We only get to see that in the console. I would like to still see that on the individual machines because when we go out to look at a machine, we don't necessarily have access to the console."

"When you deploy, not only is the user asked to reboot their computer, they are also asked to wait for 20 minutes while it sits there and initializes. It definitely impacts the end-user. It takes time away from their day."

"Initial setup was complex. There were many configurations that needed to be worked out with the vendor. The setup required hands-on assistance from Bromium."

"Room for improvement would be keeping up with the rate of change, specifically on Windows platforms. There are a lot of updates that come out for Microsoft Windows operating systems and the Bromium product needs to be able to keep up quickly with those updates and all the browser updates that are coming out. It's hard to do, but that's really where they need to be more responsive because we end up with problems and then we have to call support to get patches, etc."

"Reporting is one of the shortcomings of the product. We do mine the data that's in there from a forensics perspective... It becomes very difficult because you have to spend a lot of time digging through the volumes of data. Reporting is absolutely the biggest shortcoming."

"They have always struggled with usability. The protection that it offers you is tremendous, but there's definitely an impact with use of resources on the computer. It's gotten a lot better now with Win 10. But sometimes, when you open up a website, it's going to take longer than it would without Bromium, and it's the same with documents."

"The tool behaves differently when I ported to Windows 11."

"I did not find this to be an out-of-the-box solution, it required planning and alignment across many groups."

"The dashboard is split across different platforms. For example, if you want information on Incident Detection, you have to access one dashboard, and for DLP reporting, there's a separate platform. This fragmentation means you can't access everything from a single dashboard."

"I remember doing many tickets for Trellix support, and my EDR was not properly functioning. I didn't feel the detection or the real protection."

"The alert feature of McAfee MVISION Endpoint Detection and Response needs improvement because for you to get the alerts, you have to log on to the portal. What my company needs is a tool that sends you alerts. For example, if it detects a threat on your machine, it should send you an alert. My company gets the alerts instead from the antivirus software rather than the EDR. If you want to see the alerts on McAfee MVISION Endpoint Detection and Response, you have to connect to the system manually. Another area for improvement in the tool is the reporting. My company needs weekly and monthly reports about the alerts, but you can't extract reports from McAfee MVISION Endpoint Detection and Response, so a decision was made to move to another EDR solution, particularly Microsoft Defender for Endpoint, next month. My company tested Microsoft Defender for Endpoint via a POC for one to three months. The resource usage of McAfee MVISION Endpoint Detection and Response is also an area for improvement because it consumes a lot of memory. For example, during the on-demand scan, you can't work because of the high CPU usage. You need to schedule the scans. McAfee MVISION Endpoint Detection and Response has a lot of modules, but my company doesn't use all modules."

"The solution's downside stems from the fact that Trellix Endpoint Detection and Response (EDR) and McAfee MVISION Endpoint are not combined into a single solution, so from an improvement perspective, they need to be combined into a single solution."

"Some modules that are doing machine learning and artificial intelligence are blocking our processes."

"The endpoints and utilization are too high, which impacts the production activity."

"When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required."

"The solution lacks the ability to integrate with external platforms. In future releases of the solution, I would like to see the solution increase its integration capabilities with external platforms."

"The pricing is very fair compared to the competition. The licensing is straightforward."

"Pricing is reasonable."

"The product came as a bundle with the machine."

"The product's pricing is a good value. We only run it on our internet-facing workstations, we don't run it on everything in our environment. We are very selective. Some organizations may want to consider doing something like that to reduce their license count."

"I think the pricing is a good value. All of these security products are always going to be very expensive, but I don't think Bromium is unreasonable. I think Bromium is decently priced. It’s a tiered licensing platform. The more you buy, the cheaper gets per unit, and I think their tiers are very well defined. I think they're fair."

"Pricing for McAfee MVISION Endpoint Detection and Response is not that expensive, but it's not something that a startup could buy. Pricing for it is for midsized businesses. There's an additional payment if you want data retention for more than thirty days. They gave us data retention for thirty days. Then if you want longer data retention, they have the paid option for a three-month data retention period and for a one-year data retention period."

"On a scale of one to ten, where one is low and ten is high, I rate the solution's pricing an eight out of ten."

"The cost is okay, compared to other products."

"The product’s pricing is reasonable."

"The pricing is always high."

"The licensing costs attached to the solution are very easy to manage. There is a need to make yearly payments towards the licensing costs."

"Pricing is a problem in South Africa. It could be cheaper here. The rand-to-dollar exchange rate makes it expensive for us. A 25 dollar endpoint cost becomes quite significant when converted to rand."

"Speaking about the price, you must use the product to find the product's cost for you."