We performed a comparison between Trellix ESM and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The initial setup is very simple and straightforward."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The automation feature is valuable."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"It has basic out-of-the-box integrations with multiple log sources."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"Compared to other solutions, the user interface is good."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"It is easy to use."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"The most valuable features include predefined use cases and threatening states."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The reporting could be more structured."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The solution should allow for a streamlined CI/CD procedure."
"The solution could be more user-friendly; some query languages are required to operate it."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Tech support is required each time there is a system update of the solution."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"The product's stability is an area of concern where improvements are required."
"The solution needs to improve case management. The UI is confusing."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"The user interface could be more user-friendly."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"I would like to see good analytics in future releases."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"It should have more cloud connectors. It could also be cheaper."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"Integrations could be improved, and the dashboard could be a little better."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews while Trellix Helix is ranked 32nd in Security Information and Event Management (SIEM) with 7 reviews. Trellix ESM is rated 7.4, while Trellix Helix is rated 8.6. The top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, IBM Security QRadar, USM Anywhere and Palo Alto Networks Cortex XSOAR. See our Trellix ESM vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.