We performed a comparison between Trellix Endpoint Security and NetWitness XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Trellix Endpoint Security users like the ePolicy Orchestrator, the solution’s robust central management console. NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Trellix could improve by reducing resource usage, enhancing stability, and making the solution more user-friendly. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine.
Service and Support: Some users say Trellix support is helpful and responsive, while others believe there is room for improvement in communication and resolution times. NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours.
Ease of Deployment: Setting up Trellix Endpoint Security is simple if the user has some expertise. Some users found the initial setup of NetWitness uncomplicated, but others faced challenges.
Pricing: Trellix Endpoint Security’s pricing is considered flexible, competitive, and about average compared to other solutions. The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support.
ROI: Users reported saving time by implementing Trellix Endpoint Security. NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics.
Comparison Results: Our users prefer Trellix Endpoint Security over NetWitness XDR. Users praised Trellix's extensive management capabilities, low resource usage, and reasonable price. NetWitness XDR receives mixed reviews for its slower performance, and complex licensing. Users also that NetWitness could improve its threat intelligence and user interface. Trellix Endpoint Security earned positive feedback for its customer service and support, while some NetWitness users were unsatisfied with response times.
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"The stability of the RSA NetWitness Endpoint is very good."
"Ability to isolate the machine when there are malicious files."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"This solution allows us to locate the malware in real-time."
"The log correlation is good."
"It is stable. We have been using it for some time, without any issues."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"Would benefit with the addition of DLP features."
"It's quite easy to install agents."
"It also allows multifunctionality within a single platform."
"I have found the most valuable features to be the ability to manage the solution from anywhere and having an overview of the companies security."
"McAfee EndPoint Security has a lot of good features that work well if they are implemented properly."
"Tech support is responsive. They're good, the very best."
"The initial setup of Trellix Endpoint Security was straightforward."
"The product is fairly reliable."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"The contamination feature could be improved."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"RSA NetWitness Network could improve on integration with non-native application integration."
"Threat detection could be better."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The initial setup requires a high level of skill."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"An area in need of improvement involves the overview, which usually does not enable one to get the value in reports."
"With McAfee, if there is a zero-day vulnerability, you have to download the patch for it from the McAfee website, then apply it to your endpoint."
"It would be nice if the solution were to allow not just on-cloud management, but on-premises, as well."
"The price of the solution is high in Asia."
"It would be nice if the solution was a bit more stable."
"The software download features could stand improvement."
"I would like this solution to do what Palo Alto traps does because I would only need to run this one product."
"Every time we open a ticket with McAfee, their response differs and they are not consistent."
NetWitness XDR is ranked 41st in Endpoint Protection Platform (EPP) with 15 reviews while Trellix Endpoint Security is ranked 10th in Endpoint Protection Platform (EPP) with 96 reviews. NetWitness XDR is rated 8.0, while Trellix Endpoint Security is rated 8.0. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Vectra AI, whereas Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and Trend Micro Deep Security. See our NetWitness XDR vs. Trellix Endpoint Security report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.