No more typing reviews! Try our Samantha, our new voice AI agent.

Netwrix Auditor vs Trellix ESM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Netwrix Auditor
Ranking in Security Information and Event Management (SIEM)
33rd
Average Rating
9.2
Reviews Sentiment
7.2
Number of Reviews
8
Ranking in other categories
GRC (14th), Identity and Access Management as a Service (IDaaS) (IAMaaS) (15th), Active Directory Management (3rd)
Trellix ESM
Ranking in Security Information and Event Management (SIEM)
30th
Average Rating
7.4
Reviews Sentiment
7.0
Number of Reviews
38
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Netwrix Auditor is 0.7%, up from 0.5% compared to the previous year. The mindshare of Trellix ESM is 1.0%, down from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Trellix ESM1.0%
Netwrix Auditor0.7%
Other98.3%
Security Information and Event Management (SIEM)
 

Featured Reviews

RishiPandit - PeerSpot reviewer
Lead - Technical Services at Impetus
Optimizing time and effort through comprehensive auditing features
Netwrix Auditor doesn't have many competitors at the level in which it is placed. All other companies provide auditing solutions but not up to the feature list; it is very broad and robust. The best features include flexibility to interact directly with MS-SQL. Real-time alerts help identify potential security threats. The ability to streamline audits with insights into configuration states is helpful, as the access reviews and audit reports are really insightful. This is a good tool. The search functionality is available, but comparative to other vendors, this is a bit slower. Reports are effective; the compliance reports and all the reports are very insightful. That is good.
MD
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
Offers comprehensive report generation while maintaining ease of integration
We need to improve Trellix ESM by making sure that most of the logging devices available in the global market should be covered, and if there is any device which is not covered, there should not be any additional charges for writing the custom parsers on that. We can add some new features regarding AI in the future for Trellix ESM, but the maturity will take a longer time. There are many false positives that happen in an environment during the first couple of months, or around six months, so the system analyst is not able to identify whether the event which has occurred is a true positive or a false positive.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I am impressed with the tool's reporting feature and notifications."
"The most valuable feature is the real-time monitoring."
"Netwrix Auditor was the easiest to use, most straightforward, and it had competitive pricing."
"It maintains audit logs for the duration of time that you wish, as long as you have the storage capacity to do so."
"Netwrix Auditor doesn't have many competitors at the level in which it is placed; all other companies provide auditing solutions but not up to the feature list—it is very broad and robust."
"The most valuable features of Netwrix Auditor are its affordability compared to similar products and its comprehensive monitoring of admin activities."
"I have found user behavior analysis and the ability to run risk assessments important features, and additionally the interface and online documentation are very good."
"Without Netwrix, it's impossible to take control of things."
"McAfee ESM is the perfect SIEM tool, and it provides best results based on data intake and rule based configuration."
"The support I have received from the vendor has been great."
"We are quite happy with the product and its stability, but the problem is the lack of support, which is one of the major issues that we are facing."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick."
"The ability to secure my data is the most important feature."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
 

Cons

"There is room for improvements when it comes to the licensing."
"I expect usability features to become more refined over time. I'm interested to see how it evolves and continues to improve."
"The Linux compatibility of this solution could be improved."
"If you buy direct, there is a minimum of 150 licenses that must be procured. The price point and barrier of entry is a little bit higher than it would be if you purchased the solution from an authorized reseller partner, rather than buying it and managing yourself."
"In the UI, we have to adjust and resize our console many times, and sometimes it appears, sometimes you have to close and open it, and sometimes it does not give a scroll bar to navigate."
"An improvement would be if there was an another way to manage the logs besides email because it's not so practical."
"The solution lacks self-service on password reset. It also needs to improve its scalability."
"When there are issues I would like remediation to be in one place."
"McAfee will fall back a little in this scenario because the cloud integrations aren't extensively available."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"The user interface could be more user-friendly."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"The API the product provides still needs to develop some maturity."
 

Pricing and Cost Advice

"This solution is reasonably priced. I would rate it a nine out of ten."
"There is a license for this solution and we are on an annual license. The price is reasonable."
"The tool's price is fair."
"The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar."
"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."
"It is an inexpensive product. We purchase its yearly license."
"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."
"Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar."
"The price of McAfee ESM is higher than some of the other solutions. There are additional features that can be added at an additional fee."
"The pricing is fair."
"The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
10%
Construction Company
9%
Manufacturing Company
8%
Comms Service Provider
7%
Comms Service Provider
14%
Construction Company
13%
Financial Services Firm
10%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise4
By reviewers
Company SizeCount
Small Business15
Midsize Enterprise6
Large Enterprise25
 

Questions from the Community

What is your experience regarding pricing and costs for Netwrix Auditor?
I don't know about the pricing of this, but it is good at this price point because our organization has purchased it, which means it was in budget. We usually do not buy expensive solutions, so the...
What needs improvement with Netwrix Auditor?
The areas of improvement include the front end, as the UI should be more intuitive and there should be fewer bugs. In the UI, we have to adjust and resize our console many times, and sometimes it a...
What is your primary use case for Netwrix Auditor?
We use Netwrix Auditor for auditing, log centralizing, centralizing the logs, log management, and for permission access management, giving permission on shared folders and Active Directory groups.
What is your experience regarding pricing and costs for McAfee ESM?
When discussing Trellix ESM pricing and licensing, if you consider some premium product, the pricing also has to be premium, however, enterprise customers who look for a premium product, alongside ...
What needs improvement with McAfee ESM?
Areas of Trellix ESM that could be improved or enhanced include checking on the clients who are still on-prem, especially banks, as most are not moving everything to the cloud due to confidentialit...
What is your primary use case for McAfee ESM?
My customer's usual use case for Trellix ESM involves one client, as most of the users have moved to ESM. Nowadays, they don't use IPS only, since McAfee IPS is standalone; they incorporate firewal...
 

Also Known As

No data available
McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager
 

Overview

 

Sample Customers

AT&T, SanDisk, Siemens, Verizon, Electrolux, Allianz, Societe Generale
San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport
Find out what your peers are saying about Netwrix Auditor vs. Trellix ESM and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.