Microsoft Defender XDR vs Trellix XDR comparison

"Email protection is the most valuable feature of Microsoft Defender XDR."

"The solution is well integrated with applications. It is easy to maintain and administer."

"The integration with other Microsoft solutions is the most valuable feature."

"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."

"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."

"The summarization of emails is a valuable feature."

"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."

"From an attack chain perspective, Defender XDR handles phishing and spam emails easily, while Defender for Endpoint manages endpoints effectively. We've drastically improved our user experience."

"It contributes to our system's robust event detection and analysis, enabling us to respond effectively to incidents."

"The analytics assessment and flexibility of the platform are valuable."

"Trellix XDR is an excellent solution that is continually improving."

"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."

"The automation response being slow is the main concern; when an incident occurs or if I run a remediation, it takes significant time to complete the remediation."

"Microsoft support is not very good. You get stuck in low-level support for way longer than you should, instead of them escalating the issue up the chain."

"The solution could enhance the threat Intelligence feature by making it more relevant to specific industries. Much of the threat intelligence information isn't directly applicable to our environment. It would be beneficial if the threat intelligence were tailored to the industry, such as healthcare or fintech, where the solution is being used."

"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."

"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."

"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."

"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."

"Technical support is crucial, especially when facing critical issues. It's rated six out of ten. Improvements are needed in the support sector, with a focus on providing expert assistance during production periods."

"The platform should enhance compatibility with all other SIEM solutions."

"The EdgeGear solution is an area that requires attention, specifically regarding AI solutions and intelligence features."

"I believe that the pricing of the licensing is fair."

"On average, we pay around 55 euros per user for the services and features we receive."

"365 Defender can get expensive because you pay per gigabyte of data ingested. On the other hand, much of the data available in the other Microsoft security solutions are made available relatively cheaply—sometimes at cost or for free. Integrating only a limited set of third-party solutions with Sentinel would be cost-effective. It's much more affordable if companies only have Microsoft stuff."

"Microsoft Defender XDR is expensive."

"For Defender, they have Endpoint Plan 1 and Endpoint Plan 2, but I don't know on what basis they have classified Endpoint Plan 1 and Plan 2, but it has given me enough pain to pick and design Endpoint Plan 1 or Endpoint Plan 2 for my organization. In fact, we are still struggling with it. Too many SKUs are confusing. There should not be too many SKUs, and they shouldn't charge for every new feature."

"It is 15 dollars per server per month. It is worth it, but it can be costly. It depends on the company's size."

"The pricing of Microsoft 365 Defender is definitely on the costly side, but with the features and services that Microsoft provides, such as the seamless integration of all the Defender tools, while the price is on the higher side, there is no alternative."

"While Microsoft Defender XDR carries a higher cost, its ease of use compared to Defender may justify the investment."