Trellix ESM and Microsoft Sentinel are two comprehensive security management solutions. Microsoft Sentinel stands out with superior features, making it worth the investment.
Features: Trellix ESM provides advanced threat detection and response capabilities, integration with various security tools, and comprehensive reporting functionalities. Microsoft Sentinel offers seamless integration with Azure services, advanced AI-driven analytics, and extensive scalability. Users find Microsoft Sentinel's features more valuable for enterprise-level security management.
Room for Improvement: Trellix ESM users suggest enhancements to threat intelligence integration, more user-friendly configurations, and better user interface design. Microsoft Sentinel users request improvements in log retention policies, alignment with non-Microsoft services, and more detailed documentation. Trellix ESM requires more work on intelligence integration while Microsoft Sentinel needs to refine its retention policies and documentation.
Ease of Deployment and Customer Service: Trellix ESM's deployment process is straightforward, and it offers reliable customer support. Microsoft Sentinel, while also easy to deploy, benefits significantly from integration with Azure’s ecosystem. Some users report delays in customer service from Microsoft. Trellix ESM excels in customer support, while Microsoft Sentinel benefits from smoother integration within the Azure environment.
Pricing and ROI: Trellix ESM offers competitive setup costs and a solid return on investment through its advanced threat management capabilities. Microsoft Sentinel may come at a higher initial cost but delivers a higher ROI due to its scalable and efficient security features. Users feel the investment in Microsoft Sentinel pays off with its advanced capabilities.
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
We attribute our growth to Sentinel.
From a risk perspective, it's about mitigating risk, and as mentioned earlier, we haven't missed many things since we've had the offering in market—only a couple of minor incidents.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
Working with a Sentinel engineer helped us tune settings effectively.
When my team needs to escalate issues to Microsoft, especially for Microsoft Sentinel, the response is fast through their French entity.
I would rate support for Trellix ESM 10 out of 10 because if we connect with the support in the UK, we get excellent support.
It's rare for me to need them unless it's an issue with licensing, and they are the best in that regard.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
Being a SaaS solution, the scalability of Microsoft Sentinel is robust.
Scalability is quite easier with Trellix ESM, because all we need to do is add more receivers to it, so it can go to any point.
So far, we have not experienced any issues, and it has been stable from the beginning.
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
There are complexities in calculating the right pricing tier for different customers, which makes it difficult for me as a consultant during upfront pricing.
If there is any device which is not covered, there should not be any additional charges for writing the custom parsers on that.
Microsoft Sentinel offers more capabilities than Bastion, with a more intuitive experience.
Setting up the right cost model for customers is intricate, requiring careful consideration of various components and licensing tiers.
The ingestion costs for the data analytics is usually the highest cost.
Microsoft Sentinel's ability to correlate data from multiple sources and its detection capabilities are essential.
Microsoft Sentinel has improved cost efficiency, which is one of the key areas we're able to win business against the ability to have threat intelligence.
Microsoft Sentinel's ability to correlate data from multiple sources enhances our threat detection capabilities beyond what is a simple data lake solution by filtering out the noise and consolidating the signal down to a meaningful level that is easier to investigate and see.
The weakest point is it doesn't cover almost all the devices, so the customer has to be more dependent on the parsers to be written by the Professional Services team.
| Product | Market Share (%) |
|---|---|
| Microsoft Sentinel | 6.4% |
| Trellix ESM | 1.1% |
| Other | 92.5% |
| Company Size | Count |
|---|---|
| Small Business | 37 |
| Midsize Enterprise | 20 |
| Large Enterprise | 41 |
| Company Size | Count |
|---|---|
| Small Business | 15 |
| Midsize Enterprise | 6 |
| Large Enterprise | 24 |
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:
- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft
- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft
- Respond to incidents rapidly with built-in orchestration and automation of common tasks
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
Make your organization more resilient and confident with Trellix Security Operations. Filter out the noise and cut complexity to deliver faster, more effective SecOps. Integrate your existing security tools and connect with over 650 Trellix solutions and third-party products.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
