Trellix Endpoint Security Platform Reviews

Previously, before the transition to Trellix, we used McAfee. Following a merger, FireEye now collaborates with McAfee, utilizing its console and threat intelligence.

In terms of endpoint security, I would recommend Trellix Endpoint Security, especially for users prioritizing threat intelligence and seeking an internal solution. Trellix has proven effective in areas such as blocking capabilities, device control, and application control.

Trellix Endpoint Security offers robust access protection, addressing major concerns in prevention. It provides both application control and user access control within its access protection features.

Recently, Trellix has introduced a CDR, which involves more manual response than automatic. I believe they should enhance the system by adding features like automated response and the ability to create custom playbooks. This is crucial for an EDR solution, and currently, Trellix lacks this feature while other products offer it.

I have been using this solution for the past five years.

Previously, I would have rated it around ten, but now it's more like seven. They need to enhance the EDR part and put in more effort.

For on-premise implementation, I would rate it a six as there is a need for more scalable options during the initial setup. On the other hand, for cloud implementation, I would give it a nine because it offers enabled scalability options.

I acknowledge their technical expertise in the product, but the support has not been as satisfactory as it was with McAfee. I believe there is a need for improvement, whether it's the team's capacity or response time. Previously, the response time was excellent, but now it has increased, causing frustration among customers and creating potential issues. Reducing this delay would be beneficial.

Neutral

If someone asks for a bundled solution with strong threat detection, I would recommend Trellix because it stands out as the only bundle solution with a decent amount of threat detection. While there are other bundled solutions in the market, Trellix excels in both access and detection capabilities.

Regarding the initial setup of Trellix Endpoint Security, I am accustomed to executing it accurately. I would rate it around 8.5 or 9.I have successfully implemented Trellix Endpoint Security for up to five thousand endpoints, and the process took approximately four days. For smaller enterprises, it can be completed in about one day.

I would rate the cost as four to five, considering it's normal compared to other products. I find it nominal and worth the money.

The support phase needs improvement, specifically in reducing the time taken to respond to calls. Additionally, the EDR functionality in Intelix requires enhancement. While McAfee fulfilled product functionality even without strong support, the introduction of EDR seems to be partial and lacks automated response capabilities. The overall rating for Trellix Endpoint Security would be an eight.

For some of our engagements, we have used MVISION, including data protection, threat intelligence, and DPP also.

We use McAfee MVISION primarily for endpoint protection, antivirus, and understanding the threat intel for end users. 

It is very stable.  

The independent modules are very good. 

For the most part, the setup and deployment are simple.

The only challenge we found is the integration with its product modules. It has a DPP. That integration, we felt, is slightly complex. The complexity of advanced modules can be improved. They could do some improvements so that it is easier to deploy the advanced modules.

We would like more in their advanced modules or ATP.

I've used the solution for a could of years.

The solution has been quite stable. It is reliable. There are no bugs or glitches. It doesn't crash or freeze.

I cannot comment on the scalability. I've never tried to scale the solution. 

For desktop support, they are pretty good. 

There are certain engagements where our customers are still using it. Now, however, we do see a common trend of people moving towards Defender service rather than using McAfee.

We also use Trend Micro. We would prefer Trend Micro and would rate Trend Micro top and then make McAfee next.

The basic modules are straightforward to set up. We don't see many challenges there. However, when we talk about going into advanced ATP modules, et cetera, we do see certain amounts of complexity.

I did not work on the implementation and cannot say how long exactly it took to deploy. Likely, it would take between three and six months.

We generally deal with annual licensing. 

I'd rate the solution seven out of ten. Having used Trend Micro as well, I would rate Trend Micro higher. However, I would still choose this product as a second option.

When we recommend a product, we would recommend something based on the fit of the product and customer requirements. We worked with Defender, we worked with Trend Micro, and we worked with McAfee. All of them almost overlap in multiple use cases. That said, we do see the customer IT strategy and where they're going, and they are adopting Azure more. We know there are certain limitations in their landscape where there may be some old legacy systems, and in that case, then we would either switch back to McAfee or Trend Micro instead of Defender.

It is exclusively for Endpoint security. Besides that, we have subscribed to additional features such as MDX for mobile security and recently added ESL. Previously, we had Trend Micro, and at times we utilized it for malware. Comparing the three tools, I would recommend sticking with Trend Micro or Malwarebytes.

Trellix Security Endpoint can promptly isolate any host machines directly from the console. If alerts are received and isolation is necessary, it can be accomplished through the console. The console itself holds significant value, accessible through a browser and allowing remote actions via cloud login.              

If there's a possibility for remote assistance or investigation support in the future, it would be beneficial. Currently, we use another remote software for such purposes. If this feature could be included in the next version, that would be an improvement. The feature is called Remote Administration.

I have used Trellix Endpoint Security for the last two years.

It is stable and I would rate it 8 out of 10.

Scalability is 8 out of 10. 

The issue with technical support lies in the response time. When submitting a complaint, there is a delay, sometimes taking one or two days for a response. This extended timeframe is considered quite lengthy.

Neutral

The initial deployment of Trellix Endpoint Security involves some time to install agents on host machines. However, once in use, adding new versions and deploying agents to GPO becomes straightforward. It's possible to manually install agents on various devices, and the current process of deploying agents through GPO policies typically takes around ten to fifteen minutes per agent. The duration may vary based on internet connectivity, and it's generally faster when the machine is on the network.

I would rate it 8 out of 10 and it is very straightforward. 

It is reasonably priced. 

I would recommend it. I rate the solution an eight out of ten. 

Our company just started evaluating the solution for endpoint protection. We have tested it in a POC environment but have not deployed it to the production environment. 

The solution includes a good combination of features for both signature and signature-less detection. Based on types of threats, we can opt to use either or a combination of both. 

Good progress has been made with integrations for McAfee and FireEye but more work has to be completed because the feature is still pending. Down the line with these integrations, the solution will be very good product. 

The solution could provide open XDR in addition to EDR.

Adding MDR makes sense instead of just being on the EDR and DXDR fronts. 

I have been using the solution for a couple of weeks. 

The solution is stable. 

The solution is SaaS so should be fully scalable but we have not yet tested scalability. 

Technical support could be improved. Our team worked with the product reps to coordinate requirements and deploy.

The setup is quite easy and only takes a few minutes because it is a SaaS solution. 

We implemented the solution in-house for our POC environment. 

We use several products simultaneously and are using the solution in a test case. It might take two or three months to confirm if we plan to deploy to our production environment. 

The solution meets customer expectations and is a good product. I rate the solution an eight out of ten. 

I'm working on a project for the Hong Kong library system under the Hong Kong government. They provide workstations in the library for citizens to access the Internet. The ENS needs to be installed on all the PCs in the library. Another part involves the CSWA for the server farm. They are upgrading the entire library system, including the rental system, book search, eBooks, multimedia, and other services. The CSWA modules are primarily for the backend servers, including Linux and Windows.

Detection and response functionality meet our requirements, but the support is poor.

HIPS protects server files from being modified or deleted by unauthorized users. It's primarily deployed in the web tier.

It is a bit technical. The user interface has some significant limitations, mainly when using HIPS on the server side, to protect files from being changed or deleted by hackers, users, or administrators. The UI only allows for the inclusion of files using wildcards. 

For example, it can protect an entire directory or a subdirectory, but it doesn't let you select specific files within a directory.

I have been using Trellix Endpoint Security (ENS) as an implementor for two years.

We haven't had any system crashes or problems in most cases. SolidCore is not compatible with some kernels, which is causing problems. Endpoint, HIPS, and anti-theft are working fine so far. 

I rate the solution’s stability as seven out of ten.

We use one ePO server to manage around four thousand endpoints, including servers. This single server effectively handles this load.

It is suitable for medium and large enterprises.

I rate the solution’s scalability as seven out of ten.

Support is poor. A module called Solidcore needs to match with the OS kernel in one area. The support for this module has been slow because it doesn't match the latest OS. As a result, we haven't been able to upgrade our OS because McAfee does not support the latest version. We've also encountered issues where the product can't be upgraded or installed successfully. We're managing over 300 servers and 3,000 workstations. Upgrading has been a nightmare with this setup.

It provides a slow response. Sometimes, getting feedback takes a few days, and that is also not to the point.

Positive

The initial setup is easy and straightforward. Determining specific modules and functions often involves a lot of trial and error. Deployment takes only a couple of days.

Overall, I rate the solution a seven out of ten.

The tool is primarily used for endpoint detection. When an event occurs on an endpoint, alarms are generated. Colleagues from my company then investigate these alarms based on a playbook. Depending on the playbook and the specific customer contract, actions may be taken, such as informing the customer or implementing endpoint containment measures.

The tool has contributed to improving our security posture. While it's just one part of our overall solution, it plays a crucial role. As we continue to evolve, we anticipate it becoming even more important alongside other aspects like network behavior and additional metrics.

The tool's most valuable feature is containment. Last year, a German company faced an external attack. We installed the product on every machine, totaling hundreds of endpoints. The Trellix agent collected information, allowing us to check the entire IT infrastructure. 

The product is consolidating its portfolio into one product. It is difficult at the moment. 

I have been using the product for three years. 

The solution's scalability is easy. If you have Trellix Endpoint Security on-premises, you need to define how many agents you will support and consider future scaling. Different appliances are available for various scenarios. If you plan to have hundreds or thousands of agents in the future, hardware considerations become important. However, if it is deployed in the cloud, scaling up or down is easily manageable.

My experience with the product's tech support is good. 

Positive

Trellix Endpoint Security (ENS)'s deployment is not difficult. There are different options available, such as using an on-prem hardware box or a virtual machine in the cloud. Setting up the virtual machine in the cloud is easy, requiring only a connection to the customer's system. 

If you plan to install the solution on-premises, you bring the box to the customer and connect it to their system. This involves some configuration, such as opening a port on the firewalls. Deploying agents on the endpoints is straightforward and can be done from a central management point. The entire process takes around a day to configure, and then you are up and running.

Microsoft Defender is not cheap and from a cost perspective, Trellix Endpoint Security (ENS) is a better option. 

We integrate the product into our system using API. The information, in the form of messages or alarms, is received in our system. We further process this information and incorporate it into our complete solution. 

I rate the product an eight out of ten. 

In my company, we use Trellix Endpoint Security for its endpoint security capabilities. Wherever there is a need for someone to comply with ISMS, we deploy Trellix Endpoint Security over there and support them in maintaining it.

The most valuable feature of the solution is that it allows our company to opt for single management for multiple products. The tool also supports DLP encryption or proxy can be managed by a single management console, which is a major advantage.

Trellix Endpoint Security doesn't support Mac devices. Trellix Endpoint Security doesn't offer full-fledged support for Linux.

In the future, I would like the product to support Mac and Linux.

When it comes to classification, Trellix has its own DLP solution. They do provide classification in Trellix Endpoint Security, but not at a full-fledged level. It would be good if Trellix Endpoint Security provided a full-fledged classification.

The solution's technical support should be improved since we faced a lot of issues with the support. There were some delays in responses from the technical support. Technical support also lacks in providing proper solutions to issues.

I have been using Trellix Endpoint Security for ten to twelve years. I use the solution's latest version. My company has a partnership with Trellix.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution a seven out of ten.

I rate the technical support below five out of ten.

Neutral

I have used different products in the past. Since we are a consultant, we have to work with multiple vendors.

The initial setup of Trellix Endpoint Security was straightforward.

The solution is deployed on the hybrid cloud. Trellix Endpoint Security provides its tool as a SaaS product.

The deployment process can be done in around two hours.

Our company has around 40 engineers to deploy and manage the maintenance of the product.

There are some extra expenses for using the product, in addition to licensing related to the maintenance of the product.

The product is good, but that doesn't matter if the support is not proper.

I would definitely recommend the solution to those planning to use provided the support is good. If the support is not good, our company will have to state both the pros and cons of the product to its potential users, after which the customer can choose it if they find the pros to be favorable.

Overall, I rate the solution a seven out of ten.

We primarily use the solution for endpoint security.

One of the strengths of McAfee in general, not only in the Endpoint, is the ePolicy orchestrator. It's a single management platform for all the solutions and also a single agent. From my experience, with all other products, it becomes easy to use with multiple deployments. 

With McAfee, what you do is you just upload and download some packages for specific features. For example, with endpoint security, you get only the four features, the firewall, web control, the ATP, and then threat prevention. Should the client would want an additional feature, for example, device control, full-blown DLP, or application control, then we can add the packages for that and then easily deploy it with the client. 

Looking at the current ePolicy orchestrator, and the transition of most vendors to the cloud, they need to do an improvement with the current dashboard or the overall aesthetic of their GUI. They need to just keep up with the current trends. It's still a bit old-looking. That said, with the CASB, their other solutions their cloud solutions, they're already on the way with that. They are working on improving things. 

The initial setup can be a bit difficult. 

They should offer further application control. The way of doing the application control is based on an inventory scan. It would be great and it would be at par with other solutions if they would be able to improve that into a category-based application control.

I've used the solution for about three years. 

McAfee is one of my favorites. It's very stable and reliable. There are no bugs or glitches. 

We have been able to scale. For example, a client who wanted to migrate their on-premise solution and then move to the cloud found it to be pretty straightforward. With things like this, there is still room for improvement and there can be trouble doing that. However, with the experience that I had during the migration, it was pretty smooth and seamless.

I haven't had any experience with technical support. I'm working as a presales engineer, however, I have colleagues who've had a few experiences with McAfee technical support. Usually, it's all about clarifications around the licensing or loading of the license. For example, we have had experiences with the license already loaded to the client's account and we haven't received the email yet. When that happens, we have no way of accessing the account of the client. In those instances, we'd reach out to support. Beyond that, we don't really need help. 

I have experience with Trend Micro, Sophos, and McAfee.

The main difference is their single solution. There's one single pane of glass you're looking at which gets easier with the maintenance. The utilization is also great. It takes away the customer of having to deal with problems with the utilization. There's a balance between the performance of the agent as well as the operation of the client. You won't hear a client complaining that a McAfee solution.

The threat intelligence with respect to endpoint security is great too. With the threat intelligence and McAfee having been in the industry for so long, it has a better capability of protecting our endpoints.

For the setup, if you're not familiar with it, it can be a challenge. From my experience, when I just started working with McAfee, it was really hard to understand how the policies work, how the policies should be implemented and how would you assign them to certain groups. If you're just getting started, it's hard. However, if you're already familiar with how policy creation works and how you're supposed to assign it to certain groups or certain users, then it becomes easier over time.

For every 100 users, one person is enough in terms of handling maintenance tasks. Management is easy as you can manage everything from a single pane of glass. It doesn't require a lot of manpower. 

If you look from the Gartner perspective, and if we're only looking at the leaders' quadrant, McAfee is around five out of five in terms of price affordability. Among all other solutions, it has really a reasonable price. If you look at the entire Magic Quadrant, not only the leaders' quadrant, McAfee is even better. There are other solutions that have a more reasonable price, however, it also comes at the cost of the quality that we're offering.

I'm a reseller and solutions provider. 

It can be deployed in a virtualized environment or on the cloud. It depends on the client's requirements. I typically recommend the SaaS environment, however, in the Phillippines, it's mostly on-premises still. In that case, we may use a virtualized or physical server.

I'd rate the solution eight out of ten.