The best features Trellix Network Detection and Response offers are its handling of east-west traffic and east-west attacks inside the internal network and outside the organization. Additionally, there is a built-in firewall, an isolation option, automation alerts via email, sensor health updates, and network traffic segregation. We have different categories and can utilize customized signatures. A standout feature for me is that we can implement policies on different segments and sites independently, ensuring they do not interfere with other policies or sites.

The automation alerts in Trellix Network Detection and Response help us identify vulnerable systems on the network and vulnerable servers that require patches to remove vulnerabilities in our day-to-day operations.

Isolation in Trellix Network Detection and Response works effectively. If an incident occurs, we immediately isolate the system by putting that host in isolation, clean the host, and then perform operations to return the system to normal functionality.

Trellix Network Detection and Response has positively impacted my organization by addressing performance issues, specifically by offloading heavy traffic inspection and SSL inspection through sensors due to the limitations of the firewall. To minimize downtime or outages, we must also use built-in kits for backup ports and failover integrated with the ports.

Minimizing downtime with Trellix Network Detection and Response has resulted in enhanced productivity in our organization because we have deployed these sensors in high availability. In case of one device failure, traffic switches to an alternative path. The sensors provide exceptional performance, capable of performing SSL inspections at high throughput rates with low CPU usage, enabling them to handle significant traffic loads promptly.

View full review »

Trellix Network Detection and Response offers threat detection and prevention ability, the ability to find zero-day threats and malware, and anything malicious which has affected an organization. It is very easy to detect. Trellix Network Detection and Response has an MVX engine which is the most effective in handling scenarios such as APTs. Trellix Network Detection and Response also provides essential defense by automatically responding to network incidents that the firewall may not catch. There is also real-time visibility into network traffic and it integrates well with other security tools. It offers automated response features that significantly reduce the incident response time.

The MVX engine helped me in my day-to-day work. We recently gotten used to the workflows for the known false positive alerts. It definitely helped us reduce a lot of time with the auto-closing alerts and the detections that we had. It directly helped in reducing the SOC fatigue.

Trellix Network Detection and Response has positively impacted my organization by significantly reducing the time to detect as we also were experimenting with the automation systems. There were zero detection things and then there was better monitoring. The application filtering as well surpasses the firewall. It increased our ROI for the company from a sales perspective.

I can share specific outcomes or metrics regarding Trellix Network Detection and Response. Per day we used to have 70 to 80 alerts and those could be reduced up to 40 to 30 a day. This is almost a 40 to 50% decrease.

View full review »

The best features Trellix Network Detection and Response offers are its threat intelligence, which is quite good, along with endpoint isolation; I can simply isolate the endpoint. The incident response part is also good, and I have not faced any issue until now.

The features that stand out to me about Trellix Network Detection and Response also include its easy implementation and integration; I can simply push the agent, and integration is quite straightforward.

Trellix Network Detection and Response has positively impacted my organization by creating a better safeguard and protecting us from threats. Although it can be improved in some areas, for now it is working fine and well. The number of threats detected is also decreasing, and from a cybersecurity engineer's point of view, the threats are becoming much easier to resolve with the help of these EDR tools. I do not have to log in daily as I can simply see the reports in my email and work on them.

View full review »

The strong feature of Trellix Network Detection and Response, in my opinion, is network visibility, as it provides a deeper understanding of traffic behavior and suspicious communication patterns. Another strong point is that we can detect lateral movement, which is crucial since many advanced attacks move internally inside networks, helping us identify unusual behavior that may otherwise go unnoticed.

In day-to-day operations, Trellix Network Detection and Response helps improve investigation quality because analysts gain another visibility layer apart from endpoint solutions. We rely not only on endpoint detection but also validate suspicious traffic behavior, internal communication, and unusual network activity, which aids our investigations and sometimes reduces our investigation time.

One useful aspect of Trellix Network Detection and Response is its integration value because it works better when data can be correlated across security systems. The network telemetry adds important context to investigations, making responses more informed.

The biggest impact Trellix Network Detection and Response has had on our organization is improved visibility across our environment and better confidence during investigations, as security analysts can understand suspicious behavior more clearly instead of depending solely on isolated alerts. It supports our detection team by strengthening their capabilities to detect internal movement and abnormal traffic behavior.

View full review »

The main aspect of Trellix Network Detection and Response regarding visibility is that visibility is very important as it empowers users to understand what is happening; therefore, detection is one of the strongest features of Trellix Network Detection and Response. Based on what we can see or the events we can observe and how the traffic flows, we can take the next action, investigate incidents, have a proper workflow, and assign the right person or agent to take action and prevent threats before jeopardizing the network or data. Visibility is the top feature that needs to be addressed when it comes to detection and response.

The best features that Trellix Network Detection and Response offers are visibility, threat detection, and immediate response, which allows us to take action almost instantly while keeping proof through proper data capture and maintaining logs for future analysis to prevent attacks and ensure that we have the right policies and controls. Having historical data and integrating with other security stack tools also helps; therefore, proper integration with other security tools is also essential.

Trellix Network Detection and Response positively impacts my organization by enhancing our security posture and helping us cover several controls for compliance, as we need to fulfill various security frameworks to maintain our business operations. The presence of Trellix Network Detection and Response assists us in meeting compliance expectations, which is crucial.

Regarding specific outcomes after using Trellix Network Detection and Response, compliance is vital; having Trellix Network Detection and Response implemented is mandatory for several security frameworks, including local and industry-specific ones, making it a crucial component of our cybersecurity strategy.

View full review »

Trellix Network Detection and Response offers several best features including real-time threat detection, behavioral analytics, network visibility, automated incident response, and threat hunting and investigation.

I find myself relying the most on real-time detection from Trellix Network Detection and Response, which has made the biggest impact for me. It provides immediate visibility into suspicious activity, allowing the security team to investigate and respond quickly before an issue escalates. This significantly reduced detection time and improved our overall security posture.

Trellix Network Detection and Response has positively impacted our organization by improving our security visibility and threat detection capabilities. It has helped us identify suspicious network behavior faster, reduce the time required for investigations, and respond to incidents more effectively. As a result, we strengthened our overall security posture while reducing the manual effort needed for threat monitoring and analysis.

After deploying Trellix Network Detection and Response, we saw a noticeable improvement in our security operations. Threat detection and incident times were reduced by 40 to 50 percent, and the security team spent significantly less time manually analyzing network traffic. We were also able to identify suspicious activity that previously went unnoticed, leading to faster containment of potential incidents. It improved overall response efficiency.

View full review »

The best features Trellix Network Detection and Response offers are real-time threat detection, traffic analysis, and the way it breaks down alerts in a clear and simple way.

The feature we rely on the most day-to-day is real-time threat detection because catching a threat early makes a huge difference, and this product does that very well.

Trellix Network Detection and Response has positively impacted our organization by making our security team more confident and responsible, knowing that the network is being watched all the time, allowing us to respond to threats much faster than we used to.

Our team now responds to network threats much quicker than before, and we have managed to stop a few suspicious activities early that could have caused bigger problems.

View full review »

Trellix Network Detection and Response offers network visibility and behavior analysis combined with real-time threat detection as its most valuable capabilities. Traditional security tools are very effective at detecting known threats, but Trellix Network Detection and Response stands out because it can identify unusual network behavior and potential threats that do not match known signatures. In our environment, this has helped us detect suspicious activity much earlier and prioritize investigation more effectively.

Other features such as network visibility and threat detection are also beneficial.

Trellix Network Detection and Response has positively impacted our organization by improving threat visibility, accelerating investigation, and strengthening our ability to detect advanced threats across the network.

View full review »

The best features Trellix Network Detection and Response offers include very good threat detection, and I believe that it is one of the best XDR tools. For example, ePO and XDR components are very comfortable and similar to many other tools for this type of monitoring, and I have received very good feedback for this tool.

What makes Trellix Network Detection and Response stand out for me compared to other tools is the way you can detect threats. It is very easy and comfortable to use, and the detection shows clearly on the screen, which is very easy to understand.

Regarding the features, I think that the integration with other platforms is very comfortable with the customer because we can integrate it with any switch or firewall, and it is comfortable to add this tool.

Trellix Network Detection and Response has positively impacted my organization as I have improved my knowledge about detection and response. I have already used some other tools such as CrowdStrike and Umbrella, but Trellix is one of the best that I have tested.

I believe that for my organization, Trellix has helped a lot with detection and supported our customers effectively.

Trellix Network Detection and Response is a great tool that integrates with a lot of security tools such as Palo Alto, which is a good firewall. If you have these types of tools, your organization would benefit greatly.

View full review »

As a partner of Trellix, I believe the biggest advantage of this NDR solution is that it integrates with the network side. After that, it collects all traffic for the threat capability of Trellix Network Detection and Response, such as lateral movement and C&C callbacks. Ransomware detection allows me to initiate and analyze the logs for the threat model of Trellix Network Detection and Response, then it will respond.

I am working with the threat intelligence feature for threat intelligence and threat queries, and I review through the threat intelligence.

It is effective for Trellix Network Detection and Response to integrate with other security products. ePO integrates for some security solutions such as Microsoft. There is the capability of third-party integration and ingesting the telemetry from the security solution, showing me the workbench workbooks.

Automated responses help me minimize security threats with the playbook creation and automation.

Detailed forensic analysis helps me understand network threats in general.

Trellix Network Detection and Response solution is easy to scale. I need to integrate with the main core switch, and after that, it helps with the port mirroring for threat detection.

View full review »

The in-depth investigation capabilities are a major advantage. When the system flags something as malicious, it provides a packet capture of that activity within the environment. 

That helps my team quickly identify additional context that most other tools wouldn't offer – like source IP or base64 encoded data. We can also see DNS requests and other details that aren't readily available in solutions like Check Point or others that we've tried.

The detection itself is solid, and their sandboxing is powerful. 

There's a learning curve – you need a strong grasp of OS-level changes, process forking, registry changes, and the potential impact of those. But with that knowledge, the level of information Trellix provides is far greater than what we've seen elsewhere.

The real-time response capability of Trellix has been quite effective, although it's not very fast.  The key is this solution's concept of 'preference zero.' They don't immediately act on a zero-day. For example, the solution has seen a piece of malware for the first time. It'll let it in, then do sandboxing. Maybe after four or five minutes, it identifies that specific file's DNX Secure Store as malicious. At that point, they update the static analysis engine, and it gets detected if anything else tries to download the same file.

There is that initial 'preference zero' concept, like with Panda. You may not hold traffic in the network. That's standard in the industry; we don't do much about it. To address that, we also have endpoint solutions. We use SentinelOne in our environment, which helps us identify threats like Western Bureaus and others.

View full review »

Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch. When users break firewall rules, the solution identifies affected areas for immediate action, helping determine the actual reason for attacks. Its ability to report incidents like network paths makes it invaluable in securing the environment. With eight years of experience, I can attest that Trellix NDR is effective in detecting and protecting networks.

View full review »

Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats. The IP devices played a crucial role in blocking and reducing the amount of malicious traffic entering our company. Its endpoint security, EDR, and insights are valuable. The automation functionality, particularly the ability to automatically handle and mitigate detected threats, has proven to be immensely beneficial for our security operations.

View full review »

The NTAP features are the most valuable aspects of the product. Other features, like ITS, are there, however, the primary value is in the NTAP protocols.

It is an easy product to set up.

The product has been quite stable. 

Support is very helpful and responsive. 

View full review »

There are sandbox capabilities. You can submit malicious files and great feedback, including if there is malware, what it is doing, et cetera.

The way it works is better than others thanks to the sandbox. It can give you simulations in different operating systems and applications and give your real insights from the perspective of a real environment.  You gain insights into evasion techniques. 

It's not just running in the background on an endpoint. You can do tests and learn. You can do behavior analysis. That's the main feature. 

The solution can scale. 

View full review »

The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design.

View full review »

I think there are some very functional features in FireEye when you compare the solution to traditional SIEM solutions. Traditional SIEM solutions don't have their own IPS/IDS functionalities and they integrate with third party WANs. In contrast, FireEye has created an ecosystem of products integrated with their own SIEM, which is cloud-based and integrates with network security, email security, host security and the like. 

View full review »

It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye. 

I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went.

View full review »

The server appliance is good.

View full review »

The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline.

View full review »

It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities.

View full review »

The most valuable feature is the network security module. It is better than other solutions and it can make and find electrical movement.

Also, the attack vector is a feature that no one else offers.

Overall, it's a great solution.

View full review »

The most valuable feature is MVX, which tests all of the files that have been received in an email. It uses virtual machines to test the behavior of the files and determine whether they are malicious in nature. If there is any abnormal activity then the file will be blocked. The corresponding hash value will then be recorded, submitted to the cloud, and added to the blacklist.

View full review »

The feature that I have found most valuable is the ability to block someone. 

View full review »

The most valuable features are the ability to detect intrusions and the user-friendly dashboard. The integration with our CM worked well. It gives visibility into what's going on at the user level.

View full review »

The most valuable feature is FireEye NX.

View full review »

The most valuable feature is the view into the application.

View full review »

Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities. 

View full review »

The core functionality: It blocks what we need it to block.

View full review »

The most valuable features of the FireEye solution is the deep analysis for malicious software.

View full review »

The zero-day vulnerabilities feature is the most valuable feature.

View full review »

The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security.

View full review »

Simplified Alert Dashboard is straightforward to navigate.

View full review »

The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive. It has helped FireEye be the first ones to announce zero-days on many occasions.

View full review »

FireEye's virtual execution engine is designed to catch 0-day or targeted malware files.

View full review »

• Call back
• Zero day attack

View full review »

• Ability to edit the Yara rules
• Malware analysis tool

View full review »

I like the ability to detect zero day attacks, APT’s, and other types of malware which almost every other security device in the world is unable to detect.

View full review »

Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days. 

View full review »

The product is very easy to configure. Most of it is automated. We don’t have to configure it manually. It does not have any issues so far.

View full review »