"The ability to detonate a particular problem in a sandbox environment and understand what the effects are, is helpful. We're trying, for example, to determine, when people send information in, if an attachment is legitimate or not. You just have to open it. If you can do that in a secure sandbox environment, that's an invaluable feature. What you would do otherwise would be very risky and tedious."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts."
"Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."
"One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."
"The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."
"The most valuable feature is signature-based malware detection."
"If somebody has been compromised, the question always is: How has it affected other devices in the network? Cisco AMP gives you a very neat view of that."
"The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring."
"The best thing SentinelOne has done for us is that it gives us insight into the endpoints. We never had insight into lateral movement threats before. Once a threat known as Qbot gets on the network, it actually spreads throughout sub-networks quickly. SentinelOne has detected that and saved our bacon. We were able to get in there and stop the threat, lock it down, and prevent it from actually spreading through. It would have been 50 or 60 computers. It had spread through in a few minutes. We have a lot of HIPAA data and FERPA data that we need to keep protected."
"I have found the most valuable feature to be the rapid threat detection."
"I like that SentinelOne doesn't use a lot of system resources or make the system slow. It also performs a full scan quickly—within two hours. It has an easy-to-use end-user GUI."
"Another valuable feature is that if a machine is infected, one that may infect other computers within the network, we have the capability of segregating that machine in the network so that it remains connected to the internet but is cut off from the other machines in the network. That helps prevent spreading of the infection. That's a very unique feature, one I have not seen in the last 10 to 15 years from any other antivirus program. That's amazing."
"The product can scale as needed."
"I really love how simple and effective the product is. I really love the visibility it gives me into the endpoint. I really love that they open their product to the customer to enhance it with custom-made software, giving you the APIs to program it. Those are all things competitors don't have."
"It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way."
"The most valuable features are the prevention layer that detects the signature value and prevents threats in the network."
"It's quite easy to install agents."
"The solution provides dashboard control, so we can centrally monitor the entire status of our organization."
"I have found many of the features to be useful."
"The thing that I like is that they have gathered almost all the products in one management server, the ePolicy Orchestrator."
"A big advantage of McAfee Endpoint Security is the ability to manage very big environments. We are supporting environments with 200,000 to 300,000 endpoints. The ability to manage with one single console is very important for us. McAfee has phenomenally improved in terms of detection. It provides real-time detection and response with the error, Real Protect, and reputations. It is not only based on signatures but also on behavior analytics, artificial intelligence, or machine learning. We have environments that never had issues with ransomware in the last 20 years. McAfee has a very good performance in this field."
"I feel McAfee Endpoint Security to be a good, mature product."
"The solution scales well."
"It could be improved in connection with artificial intelligence and IoT."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal."
"The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time."
"I would like to see integration with Cisco Analytics."
"The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"We need to analyze the threats and make decisions based on that, so the analytics could be better at analyzing exactly where the threats are coming from."
"One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them."
"We'd like SentinelOne to upgrade automatically. It doesn't automatically update the agent if some system has an older version of the SentinelOne. It has to be triggered from the console."
"The stability of SentinelOne should be improved."
"As a cloud-based product, there is a minimum number of licenses that need to be purchased, which is unfortunate."
"The ability to integrate this product with an antivirus solution would be welcome. Even consolidation with more security products, like Umbrella networking abilities etc. to provide more on this platform, that would be great."
"The solution’s distributed intelligence at the endpoint is pretty effective, but from time to time I see that the agent is not getting the full execution history or command-line parameters. I would estimate the visibility into an endpoint is around 80 percent. There is 20 percent you don't see because, for some reason, the agents don't get all of the information."
"If it had a little bit more granularity in the roles and responsibilities matrix, that would help. There are users that have different components, but I'd be much happier if I could cherry-pick what functions I want to give to which users. That would be a huge benefit."
"With McAfee, if there is a zero-day vulnerability, you have to download the patch for it from the McAfee website, then apply it to your endpoint."
"The product could do more to keep administration alerted to detected threats on endpoints."
"The user interface could be improved by making it more user-friendly. There are multiple solutions and there is no clear line differentiating all of them. There is a centralized console where we manage everything but most of the administrators feel a little confused when it comes to managing multiple products from a single place."
"Some agents become old and then they don't communicate well any longer."
"An area in need of improvement involves the overview, which usually does not enable one to get the value in reports."
"Every time we open a ticket with McAfee, their response differs and they are not consistent."
"I would like to see more integration with third-party products."
"The initial setup isn't so easy. You need to know what you are doing."
SentinelOne is ranked 2nd in Endpoint Protection for Business (EPP) with 28 reviews while Trellix Endpoint Security is ranked 15th in Endpoint Protection for Business (EPP) with 38 reviews. SentinelOne is rated 9.2, while Trellix Endpoint Security is rated 8.0. The top reviewer of SentinelOne writes "Made a tremendous difference in our ability to protect our endpoints and servers". On the other hand, the top reviewer of Trellix Endpoint Security writes "Protect your business against a wide variety of threats". SentinelOne is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Darktrace and Cortex XDR by Palo Alto Networks, whereas Trellix Endpoint Security is most compared with McAfee MVISION Endpoint, Microsoft Defender for Endpoint, Symantec Endpoint Security, Cortex XDR by Palo Alto Networks and Trend Micro Apex One. See our SentinelOne vs. Trellix Endpoint Security report.
See our list of best Endpoint Protection for Business (EPP) vendors.
We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.