The main area regarding Trellix XDR improvement is that setup and tuning can be complex because it requires a skilled analyst based on utilization. Another concern is cost. If an organization has multiple security products, the cost will be higher. Integration with third-party tools is easy, but when a new or fresh analyst works on Trellix XDR, it might be more complex and they require support from a senior analyst. In some cases, when compared to CrowdStrike or Microsoft Defender, it is less preferred.
Solutions Architect at Mideast Communication Systems-MCS
Reseller
Top 5
Apr 27, 2026
Trellix XDR should get involved in AI security itself. They use AI, but they do not secure AI. They need to move in the direction that Trend Micro, F5, and Palo Alto have taken. Trellix XDR is not involved in this field, and their licensing prices are fairly expensive as well. It is not the biggest difference, and they are a good player, but they should get involved in this field. The trend these days is moving toward AI security, and Trellix XDR should align with this direction.
The CPU utilization is very high with Trellix XDR. We are getting multiple types of CPU utilization from the EPP solution, with the EPP agent reaching as high as 80 percent CPU utilization. This creates big challenges for us. The support experience is also concerning. When we require support from Trellix immediately with high priority, we receive multiple emails requesting logs of various types. After that, we have to escalate to Trellix higher management, and then their agent will come in for a remote session to resolve any issues. I would give them eight out of ten points because of the high CPU utilization and the delayed support we experience.
The EdgeGear solution is an area that requires attention, specifically regarding AI solutions and intelligence features. We are still investigating how XDR performs and will identify areas for improvement as we deploy it further.
The platform should enhance compatibility with all other SIEM solutions. Customers should not feel constrained to using only Trellix products due to integration challenges, as this limits their options. Future updates should prioritize enhanced integration features with third-party SIEMs and broader threat intelligence capabilities to improve the platform's adaptability in diverse environments.
Trellix XDR provides a comprehensive approach to threat detection and response, enhancing security by integrating data from multiple sources into a single pane of glass for more effective incident management.Leveraging robust analytics, Trellix XDR enables organizations to improve threat visibility and response capabilities. The platform streamlines security operations by centralizing data from networks, endpoints, and cloud resources. This integration helps security teams quickly identify,...
The main area regarding Trellix XDR improvement is that setup and tuning can be complex because it requires a skilled analyst based on utilization. Another concern is cost. If an organization has multiple security products, the cost will be higher. Integration with third-party tools is easy, but when a new or fresh analyst works on Trellix XDR, it might be more complex and they require support from a senior analyst. In some cases, when compared to CrowdStrike or Microsoft Defender, it is less preferred.
Trellix XDR should get involved in AI security itself. They use AI, but they do not secure AI. They need to move in the direction that Trend Micro, F5, and Palo Alto have taken. Trellix XDR is not involved in this field, and their licensing prices are fairly expensive as well. It is not the biggest difference, and they are a good player, but they should get involved in this field. The trend these days is moving toward AI security, and Trellix XDR should align with this direction.
The CPU utilization is very high with Trellix XDR. We are getting multiple types of CPU utilization from the EPP solution, with the EPP agent reaching as high as 80 percent CPU utilization. This creates big challenges for us. The support experience is also concerning. When we require support from Trellix immediately with high priority, we receive multiple emails requesting logs of various types. After that, we have to escalate to Trellix higher management, and then their agent will come in for a remote session to resolve any issues. I would give them eight out of ten points because of the high CPU utilization and the delayed support we experience.
The EdgeGear solution is an area that requires attention, specifically regarding AI solutions and intelligence features. We are still investigating how XDR performs and will identify areas for improvement as we deploy it further.
The platform should enhance compatibility with all other SIEM solutions. Customers should not feel constrained to using only Trellix products due to integration challenges, as this limits their options. Future updates should prioritize enhanced integration features with third-party SIEMs and broader threat intelligence capabilities to improve the platform's adaptability in diverse environments.