We performed a comparison between Elastic Security and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The stability of the solution is good."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The most valuable feature is the machine learning capability."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"The most valuable features include predefined use cases and threatening states."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
"The biggest challenge has been related to the implementation."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"Integrations could be improved, and the dashboard could be a little better."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"It should have more cloud connectors. It could also be cheaper."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while Trellix Helix is ranked 31st in Security Information and Event Management (SIEM) with 7 reviews. Elastic Security is rated 7.6, while Trellix Helix is rated 8.6. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Trellix Helix is most compared with Microsoft Sentinel, LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM and IBM Security QRadar. See our Elastic Security vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.