We performed a comparison between Darktrace and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Network Detection and Response (NDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them."
"I find it very good in the way that they show the past events, including the attack history."
"Darktrace is very flexible."
"We liked their approach to identifying intrusions or network anomalies using AI."
"The models, triggers, and alerts are customizable."
"The most valuable feature of this solution is that it does not require human intervention to eliminate a threat."
"It is a stable solution."
"The most valuable features of Darktrace are its full capabilities. You have visibility of everything."
"Very functional and good for detecting malicious traffic."
"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."
"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."
"The server appliance is good."
"The most valuable feature is the view into the application."
"It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."
"The solution can scale."
"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."
"The pricing is a bit high for the region."
"In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from."
"The interface and dashboards could be improved for ease-of-use."
"I would like to see some additional enhancements."
"Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better."
"I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
"In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace. It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions."
"Darktrace needs to automate the reports of false positives, botnets and everything."
"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."
"The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless."
"Technical support could be improved."
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
"Management of the appliance could be greatly improved."
"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."
"FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically."
"It is an expensive solution."
More Trellix Network Detection and Response Pricing and Cost Advice →
Darktrace is ranked 1st in Network Detection and Response (NDR) with 65 reviews while Trellix Network Detection and Response is ranked 7th in Network Detection and Response (NDR) with 36 reviews. Darktrace is rated 8.2, while Trellix Network Detection and Response is rated 8.6. The top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". On the other hand, the top reviewer of Trellix Network Detection and Response writes "Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Cisco Secure Network Analytics, whereas Trellix Network Detection and Response is most compared with Fortinet FortiSandbox, Palo Alto Networks WildFire, Zscaler Internet Access, Fortinet FortiGate and Symantec Advanced Threat Protection. See our Darktrace vs. Trellix Network Detection and Response report.
See our list of best Network Detection and Response (NDR) vendors.
We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.