We performed a comparison between Elastic Security and Trellix Endpoint Security based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"The threat intelligence is excellent."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"The product has huge integration varieties available."
"ELK documentation is very good, so never needed to contact technical support."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"The most valuable feature is the ability to collect authentication information from service providers."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"Enables monitoring of application performance and the ability to predict behaviors."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"We've found the initial setup to be quite straightforward."
"The endpoint protection and disk encryption features are the most valuable."
"The most valuable features are reporting from the ePO console and the advanced threat protection (ATP)."
"The most valuable feature is the centralized console where everything can be controlled by the administration."
"The most valuable feature is ease of use."
"It has been protecting us for many years, and we hope it will continue to do so for many years to come."
"Threat prevention is valuable because most clients use other solutions like antivirus as part of web protection. I don't find that kind of solution useful."
"Communication with all Mcafee products (also 3rd parties) by DXL infrastructure."
"The new central console is better than the earlier one."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"Defender XDR could provide recommendations for threat-hunting queries. Some people do not know how to write an advanced threat query, so we need to spend time training them."
"Intrusion detection and prevention would be great to have with 365 Defender."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"The solution's query building is not that intuitive compared to other solutions."
"In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"It could use maybe a little more on the Linux side."
"Signatures to protect against new attacks."
"The solution could provide open XDR in addition to EDR."
"I would like this solution to do what Palo Alto traps does because I would only need to run this one product."
"There are more secure featured solutions from McAfee on the market but for smaller companies like ours, they are too expensive."
"We would like to see all the features available on cloud."
"The vendor should simplify the way they bundle the products because it's very hard to explain to customers what products contain which features."
"There are two main areas that require improvement. One is the size of the packages. Although I'll admit manageability is good, if I want to deploy, let's say just the antivirus or just the firewall, each of those package sizes are quite large. They are sometimes as big as 200MB or 250MB. When I have operations in remote areas where connectivity is always poor, it's difficult. To deploy such a package in a remote location over the internet or something like that is always challenging."
"We know that McAfee isn't the best antivirus and it can't protect us 100%, although we are okay with the level of protection that it gives us."
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 59 reviews while Trellix Endpoint Security is ranked 10th in Extended Detection and Response (XDR) with 96 reviews. Elastic Security is rated 7.6, while Trellix Endpoint Security is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and Trend Micro Deep Security. See our Elastic Security vs. Trellix Endpoint Security report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.