Trellix Network Detection and Response and Microsoft Defender for Identity are two competitive solutions in network detection and identity protection. Microsoft Defender appears to have the upper hand due to its integration and comprehensive features, despite Trellix being favored for its pricing and support.
Features: Trellix offers capabilities such as detecting zero-day threats, detailed malware analysis with its MVX Engine, and in-depth network security insights. It also allows integration with multiple security solutions for enhanced protection. Microsoft Defender for Identity, however, integrates effectively with other Microsoft tools and utilizes advanced AI for threat detection. It offers historical logging and provides visibility into user activities while leveraging extensive cloud integration.
Room for Improvement: Trellix users express the need for better false positive management, enhanced firewall integration, more cloud support, and advanced VM customization. Microsoft Defender for Identity requires refinement in false positive handling, seamless integration between on-premise and Azure, improved alert accuracy, and stronger technical support.
Ease of Deployment and Customer Service: Trellix primarily supports on-premises deployments, with its customer service being highly rated. Microsoft Defender for Identity emphasizes public cloud environments, offering strong integration with Microsoft 365 and commendable technical support, though users find room for improvement in user navigation.
Pricing and ROI: Trellix, while perceived as expensive, is recognized for its effective threat detection, providing considerable ROI by preventing breaches. Microsoft Defender for Identity, as part of the Microsoft 365 suite, offers competitive pricing with flexible feature-based purchases, ensuring a robust security package with notable ROI, especially within the E5 license.
Generally, the support is more effective than other providers like Oracle.
The quality of support is very good, but troubleshooting can take time due to complex setups and the need to provide many logs.
The people I normally use for support are very knowledgeable, especially when they help remote in and get to where I need to go and show me much faster and help me understand what I should be doing.
Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents.
The customer support for Trellix Network Detection and Response is great.
In a Microsoft-centric organization, especially with Azure infrastructure and Office 365, Microsoft Defender for Identity is scalable.
Microsoft Defender for Identity is quite robust and built on Azure hyperscale infrastructure, with a 99% availability.
We do not see any issues with the stability of Microsoft Defender for Identity.
Having recently started using it, reliability is affirmed, but manual investigation is often performed to verify if alerts identified by auto-remediation are accurate.
If Microsoft could develop a feature that indicates when impossible travel is caused by VPN connections, it would prevent unnecessary password resets and session disruptions, especially for VIP users in organizations.
One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform.
Reducing false positives is something we've been working on with Microsoft.
There should be improvements in AI intelligence, faster decision-making, and a more responsive technical support team.
I would like to see in Trellix Network Detection and Response more explanation about some details of the threat.
If they can reduce the costs, organizations will be happy, and it will compensate for using the Azure environment, which is more expensive on the infrastructure as a service side.
Ensuring a fair price according to market standards.
From an organization perspective, using E5 licenses is value for money, especially if Azure and Office 365 are already in use.
We receive an advance report of risky users, allowing us to take preemptive action before an attack causes damage to organization details.
The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect.
The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks.
Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch.
What makes Trellix Network Detection and Response stand out for me compared to other tools is the way you can detect threats. It is very easy and comfortable to use, and the detection shows clearly on the screen, which is very easy to understand.
| Product | Market Share (%) |
|---|---|
| Microsoft Defender for Identity | 4.5% |
| Trellix Network Detection and Response | 3.9% |
| Other | 91.6% |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 4 |
| Large Enterprise | 14 |
| Company Size | Count |
|---|---|
| Small Business | 20 |
| Midsize Enterprise | 8 |
| Large Enterprise | 19 |
Microsoft Defender for Identity offers real-time threat detection and protection for hybrid Active Directory environments. It integrates with Microsoft 365 components for seamless security and monitors advanced behaviors, enhancing identity protection across cloud and on-premises environments.
Microsoft Defender for Identity provides detailed threat insights and user behavior analytics to detect unauthorized access and notify anomalies. It allows setting custom detection rules, enhancing threat response automation. While it needs improvements in cloud security, SIEM integration, and access controls, users leverage its ability to mitigate identity threats like suspicious logins and ransomware. Enhanced integration with Microsoft security products ensures a coordinated threat response for identity control and privilege management.
What are the key features of Microsoft Defender for Identity?In specific industries, organizations implement Microsoft Defender for Identity to secure on-premises and hybrid Active Directory environments through user and entity behavior analytics, malicious activity detection, and integration with Microsoft security tools. This approach enhances security posture assessment and helps mitigate identity threats like identity harvesting and unauthorized access.
Detect the undetectable and stop evasive attacks. Trellix Network Detection and Response (NDR) helps your team focus on real attacks, contain intrusions with speed and intelligence, and eliminate your cybersecurity weak points.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
