It relies on external systems for detection and then asks the endpoint to handle blocking. However, the most crucial feature is its investigative capabilities. With real-time search and other functionalities, it enables comprehensive detection and response. This capability resembles a layered approach, integrating and correlating all relevant data for thorough investigation.
Trellix needs to focus on gaining traction with partners and building trust among users. Many users may have moved on due to the name change, but concerns about resource intensity are more related to endpoint security than EDR itself. Improving its position in Gartner's quadrant and enhancing the product's image are crucial.
I have been using Trellix Endpoint Detection and Response (EDR) for three to four years.
Trellix EDR is designed to scale seamlessly, leveraging cloud infrastructure that eliminates traditional hardware limitations. This allows scalability up to fifteen thousand nodes or even two hundred thousand nodes, depending on the licensing. The cloud-based architecture enables centralized management from anywhere globally, facilitating comprehensive coverage across different geographical locations. In essence, it offers robust scalability and management capabilities.
For SMBs and enterprises, Trellix EDR typically recommends environments with more than fifty computers. The rationale is that the more computers there are, the greater the likelihood of being targeted by malicious actors. With an EDR solution, there's a better chance of detecting and mitigating malicious activities on your systems.
Support for Trellix EDR is not great. There have been instances where we encountered issues that required support intervention. In some cases, we were unable to resolve the problem ourselves, and escalated it to support. Unfortunately, there were delays in getting responses from support, which sometimes led to frustration and caused us to consider alternative solutions.
Administering Trellix EDR involves specific procedures. For instance, real-time searching requires using predefined keywords, which aren't readily visible unless you consult with Trellix support or a SE. A comprehensive manual simplifying these administrative tasks would greatly enhance usability. Despite this, setting up the product is straightforward and quick, since it operates in the cloud. Connecting to either cloud-based or on-premises APIs is seamless. However, the challenge lies in product administration, which some users might find complex, leading them to opt for alternative solutions over Trellix EDR.
Trellix EDR provides capabilities similar to AI, significantly aiding your software or IT support team in conducting investigations rapidly. Tasks that might have taken months can now be resolved quickly using the platform. This ability to swiftly identify and address the root causes of attacks is a major advantage. Moreover, by preventing breaches, Trellix EDR helps safeguard data and avoids the need for compliance measures with regulatory bodies. This security is crucial because, in regions like Africa or Nigeria, where certain breaches may go unnoticed, Trellix ensures compliance and transparency, such as mandatory breach reporting in other jurisdictions. Maintaining trust with customers is paramount, as damage to brand reputation can be difficult to repair. Therefore, investing in a solution like Trellix EDR not only protects your organization but also enhances its credibility and operational resilience.
Trellix Endpoint Detection and Response (EDR) is not expensive. When compared to competitors, the main difference lies in their flexibility.
I rate the product’s pricing a five out of ten, where one is cheap and ten is expensive.
Technical personnel often recommend Trellix Endpoint Detection and Response (EDR) for environments that are not necessarily small, but rather SMBs, those with around 50 computers. EDR solutions are increasingly aligned with the evolving threat landscape.
Trellix EDR provides advantages beyond just detection and response; it facilitates thorough investigation. It operates more like a layered approach, enabling detailed investigation through Trellix Investigator. This allows you to drill down into threats. With real-time search capabilities, you can monitor threats as they occur. Historical search features let you trace when a threat entered the environment and its progression. This granularity extends to file searches and other detailed inquiries, simplifying and enhancing threat management tasks.
In terms of integration, there is still room for growth. Currently, apart from basic anonymized data sharing, there isn't much integration visible. The ability to leverage EDR with other security solutions seems limited, except perhaps through programming.
Trellix EDR has the potential to be among the top EDR solutions with a few adjustments. It could become the best out there. When considering factors like support, pricing, and ease of use, Trellix EDR has the opportunity to excel. However, currently, there are areas where it can enhance user experience, particularly in simplifying tasks that end users might find challenging on the EDR platform. While it promises to enhance security posture and threat detection speed, these improvements may not be immediately apparent to users, impacting their confidence in the product.
Overall, I rate the solution a seven out of ten.