What is our primary use case?
We have been distributing Trellix DLP solutions for around 5 to 6 years because we have our DLP customers. When going for fresh leads, we insist on Trellix DLP solutions if they have a Windows environment. We definitely recommend Trellix DLP because it has many features, and when it comes to on-premises solutions, it has the best incident monitoring and evidence storing capacity. Data evidence is essential. If somebody shares something, we will be able to look at what files they had and what those contents are. This particular feature we highlight to every customer, making it a key selling point for Trellix DLP.
The main use cases would be incident monitoring and incident storing to look through the contents. Registering the documents enables fingerprinting so you can monitor wherever they go, whether they are sent via mail or through a browser. That is one of the benefits. With application monitoring, many solutions have control over data in applications. For example, remote access applications or instant messaging applications have access, but in most solutions, they are predefined, and to add a custom-based application, it takes some time. You need to have a call with tech support to add that application. However, with Trellix DLP, we can directly create a user-based classifier and application channel in the definitions and block the data leakage of sensitive data through that application.
Another part involves custom classifications; we can also integrate third-party classifiers, such as Titus and Mimecast.
What is most valuable?
We handle data security parts including DLP Encryption, EDR, and external endpoint security, including Trellix Endpoint Security.
The document registration feature enables fingerprinting of documents for monitoring their movement through email or browser. Application monitoring provides control over data in applications, with the ability to directly create user-based classifiers and application channels without requiring technical support intervention.
The solution includes custom classifications and integration capabilities with third-party classifiers. The Machine Learning capability assists with classification capabilities, though there is room for improvement in data discovery accuracy.
What needs improvement?
The Machine Learning capability could be improved, particularly in data discovery. When given sensitive data expressions, the system retrieves files that are not always related. The system should adhere strictly to the given expression rather than just focusing on keywords within the expression.
In endpoint features, while the detection rate is good, there could be improvements in remediation and rollback solutions during attacks. Other solutions now include such options since providing 100% security is impossible.
The flexibility varies across environments. Enterprise customers find the product performs well without affecting their data, with scans running as scheduled. However, SMB customers experience some performance issues during scanning.
Since EDR is integrated, users must access the EDR console to check endpoint detections. It would be beneficial if this functionality were incorporated within the EPO console, as the current threat graphs link doesn't display endpoint threat graphs.
For how long have I used the solution?
We have been distributing Trellix DLP solutions for around 5 to 6 years and continue to maintain our DLP customer base.
What do I think about the stability of the solution?
The solution is stable and does not have glitching issues.
What do I think about the scalability of the solution?
There are no limitations regarding scalability; the solution is sufficiently scalable.
How are customer service and support?
The technical support from Trellix was excellent previously, but since the rebranding, it needs improvement.
When cases are raised, partners perform initial L1 or L2 troubleshooting. However, ticket resolution times are often too long, with new engineers sometimes requesting the same logs repeatedly. This creates challenges, especially for enterprise customers with strict SLAs.
Which solution did I use previously and why did I switch?
We previously used McAfee but have transitioned everything to Trellix DLP now.
How was the initial setup?
The installation process is quite easy, especially with AD connectors for group policy installations for bulk setups.
What was our ROI?
Trellix DLP provides return on investment for enterprise customers, with approximately 20% ROI for enterprises.
What's my experience with pricing, setup cost, and licensing?
The solution is currently affordable and not considered expensive.
What other advice do I have?
The solution features both a dashboard and workspace, which is beneficial. The workspace provides updates on endpoints facing escalated attacks, allowing users to monitor endpoint updates and threat attacks. With EDR integration, users can check policy configurations and identify potential loopholes.
The flexibility varies between SMB and enterprise environments. Enterprise customers report minimal impact during scans, while SMB customers may experience some performance issues during scanning.
Previously held certifications have expired, and there have been challenges accessing the partner portal after the transition to Trellix. Access to the partner portal is important as enterprise customers often request certified professionals.
On a scale of 1-10, this solution rates at 8.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller