We performed a comparison between Trellix Endpoint Security and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Trellix Endpoint Security users like the ePolicy Orchestrator, the solution’s robust central management console. CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. Trellix could improve by reducing resource usage, enhancing stability, and making the solution more user-friendly. Users say CrowdStrike Falcon would benefit from adding a sandbox feature and more detailed firewall management options.
Service and Support: Some users say Trellix support is helpful and responsive, while others believe there is room for improvement in communication and resolution times. CrowdStrike Falcon's customer service is considered prompt and helpful.
Ease of Deployment: Setting up Trellix Endpoint Security is simple if the user has some expertise. CrowdStrike Falcon's setup is considered to be simple and efficient, with deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable.
Pricing: Trellix Endpoint Security’s pricing is considered flexible, competitive, and about average compared to other solutions. Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive.
ROI: Users reported saving time by implementing Trellix Endpoint Security. CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the need for onsite servers.
Comparison Results: Trellix Endpoint Security is preferred over CrowdStrike Falcon. Users appreciate Trellix for its unified management capabilities, including a robust central console that enables simplified administration of all programs. They also value its stability, reliability, and resource efficiency. Users faulted CrowdStrike Falcon for its lack of specific features like sandboxing and granular firewall controls.
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"Microsoft 365 Defender is a good solution and easy to use."
"The solution is well integrated with applications. It is easy to maintain and administer."
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"We are happy with CloudStrike's ease of use and touch notification."
"Everything is automatic. I install the sensor and renew the service. Periodically, I get a notice that they've shut something down."
"The solution offers great stability."
"There's almost no maintenance required. It's very low if there's any at all."
"We like Falcon's network visibility. We can see how threats are evolving on PCS or in the company network. The solution's real-time incident response is very fast."
"I like the feature called RTC, the remote time connector."
"Trellix Endpoint Security offers robust access protection, addressing major concerns in prevention. It provides both application control and user access control within its access protection features."
"I like trap prevention DNS and threat prevention."
"What I like best is the integrated end-to-end security that works with the security information and events manager."
"We really like the dashboard from Trellix and we've found that it's pretty informative."
"Dynamic Application Containment."
"The thing that I like is that they have gathered almost all the products in one management server, the ePolicy Orchestrator."
"The solution offers very good endpoint security."
"Initially, the DLP was very valuable for disabling access to USB drives."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"The management and automation of the cloud apps have room for improvement."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"The logs could be better."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"Some of Falcon's features are a bit pricey."
"We sometimes get false positives."
"I would like to see a more accurate integration and an option to check the local machine."
"The pricing structure should allow for some flexibility."
"They offered a white glove service that was extremely costly. When we got into it, we saw it was relatively easy. If I was being nitpicky, I'd say that I don't like being sold something that's unnecessary. That's the only downside I've seen to the solution."
"We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike."
"We can't do scanning audits or device blocking or application control."
"It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful."
"The DAC (Dynamic Application Containment) component of this product needs improvement."
"When it runs in the background of the endpoint, the devices get slowed down for some applications."
"It would be nice if the solution was a bit more stable."
"The local technical support could be better."
"It would be a lot easier if I could add multiple user accounts within a single device."
"Its pricing needs to be improved."
"I would like to see more integration with third-party products."
"We would like to see all the features available on cloud."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 107 reviews while Trellix Endpoint Security is ranked 10th in Endpoint Protection Platform (EPP) with 95 reviews. CrowdStrike Falcon is rated 8.8, while Trellix Endpoint Security is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and Trend Vision One, whereas Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), Cortex XDR by Palo Alto Networks, Trend Micro Deep Security and Kaspersky Endpoint Security for Business. See our CrowdStrike Falcon vs. Trellix Endpoint Security report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.