We performed a comparison between Elastic Security and Trellix Active Response based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Impressive detection capabilities"
"The product's initial setup phase is very easy."
"It is stable and scalable."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"The most valuable feature is the analysis, because of the beta structure."
"The solution was relatively easy to deploy."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"The most valuable features are the speed, detail, and visualization. It has the latest standards."
"Stability-wise, I rate the solution a ten out of ten."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The solution is scalable."
"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."
"It's a little lighter compared to the older version, which was mostly signature-based."
"Intelligence aspects need improvement"
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"FortiEDR can be improved by providing more detailed reporting."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"We find the solution to be a bit expensive."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"Technical support could respond faster."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"Sometimes, the solution isn't the easiest to use."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"While the product is good, we are currently facing support issues."
"I also expected Active Response 's user interface to be much more analytical."
"There are some components on the cloud that should also reside in the on-prem deployment models but don't."
Earn 20 points
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 59 reviews while Trellix Active Response is ranked 57th in Endpoint Detection and Response (EDR). Elastic Security is rated 7.6, while Trellix Active Response is rated 6.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trellix Active Response writes "Lighter with good stability and pretty good technical support". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Trellix Active Response is most compared with Trellix Endpoint Security (ENS) and Trellix Endpoint Detection and Response (EDR). See our Elastic Security vs. Trellix Active Response report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.