We performed a comparison between Trellix Endpoint Security and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Trellix Endpoint Security users like the ePolicy Orchestrator, the solution’s robust central management console. CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. Trellix could improve by reducing resource usage, enhancing stability, and making the solution more user-friendly. Users say CrowdStrike Falcon would benefit from adding a sandbox feature and more detailed firewall management options.
Service and Support: Some users say Trellix support is helpful and responsive, while others believe there is room for improvement in communication and resolution times. CrowdStrike Falcon's customer service is considered prompt and helpful.
Ease of Deployment: Setting up Trellix Endpoint Security is simple if the user has some expertise. CrowdStrike Falcon's setup is considered to be simple and efficient, with deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable.
Pricing: Trellix Endpoint Security’s pricing is considered flexible, competitive, and about average compared to other solutions. Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive.
ROI: Users reported saving time by implementing Trellix Endpoint Security. CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the need for onsite servers.
Comparison Results: Trellix Endpoint Security is preferred over CrowdStrike Falcon. Users appreciate Trellix for its unified management capabilities, including a robust central console that enables simplified administration of all programs. They also value its stability, reliability, and resource efficiency. Users faulted CrowdStrike Falcon for its lack of specific features like sandboxing and granular firewall controls.
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The product integrates security into one tool instead of having third-party security tools."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably."
"Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that."
"The features we showcase to potential customers are prevention, malware protection, zero-day protection, and application scripting. Vulnerability assessment is another valuable feature."
"The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint."
"The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed."
"The automatic alert feature is the most important feature of the solution."
"All the features are beneficial."
"The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
"The central management console is powerful. You can manage endpoints, DLP, encryption, and all the other features from a single console."
"The product is quite user-friendly."
"The installation is pretty straightforward."
"Threat prevention is valuable because most clients use other solutions like antivirus as part of web protection. I don't find that kind of solution useful."
"Trellix Endpoint Security's dashboard is very flexible, and I can create my own user-specific dashboard depending on user privilege or preference."
"I like trap prevention DNS and threat prevention."
"The product is easy to use."
"This is a good solution for antivirus and malware protection."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"The web filtering solution needs to be improved because currently, it is very simple."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"The GUI can use improvement, it's cloud-based so sometimes the interface can be a bit slow. The interface could use a little bit more speed."
"Falcon could be improved with more function on the mobile end of things and better optimization with mobile devices."
"The price is too high."
"I would like to see a more accurate integration and an option to check the local machine."
"The management reporting functionality needs to be improved."
"The portal can be clunky to navigate at times and has room for improvement."
"If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products."
"The performance could be better."
"Recently, Trellix has introduced a CDR, which involves more manual response than automatic. I believe they should enhance the system by adding features like automated response and the ability to create custom playbooks. This is crucial for an EDR solution, and currently, Trellix lacks this feature while other products offer it."
"The vendor should simplify the way they bundle the products because it's very hard to explain to customers what products contain which features."
"The VirusScan needs to improve in order to detect ransomware and other advanced threats."
"It would be a lot easier if I could add multiple user accounts within a single device."
"The solution takes up a high amount of memory and can cause the system to hang."
"There are times the solution has some additional software added that is not fully integrated properly, such as Exchange Group Sheild. It is quite old and is not fully integrated properly and could be improved."
"The security of this solution needs improvement."
"It would be nice if the solution were to allow not just on-cloud management, but on-premises, as well."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 107 reviews while Trellix Endpoint Security is ranked 10th in Endpoint Protection Platform (EPP) with 95 reviews. CrowdStrike Falcon is rated 8.8, while Trellix Endpoint Security is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and Trend Vision One, whereas Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), Cortex XDR by Palo Alto Networks, Trend Micro Deep Security and Kaspersky Endpoint Security for Business. See our CrowdStrike Falcon vs. Trellix Endpoint Security report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.