We performed a comparison between Trellix Endpoint Security and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The integration between all the Defender products is the most valuable feature."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"Microsoft Defender XDR is scalable."
"What I like best is the integrated end-to-end security that works with the security information and events manager."
"The most valuable features are the adaptive tech on McAfee."
"McAfee EndPoint Security has a lot of good features that work well if they are implemented properly."
"It also allows multifunctionality within a single platform."
"Would benefit with the addition of DLP features."
"I have found the most valuable features to be the ability to manage the solution from anywhere and having an overview of the companies security."
"The manageability of the product itself is its most valuable aspect. You have the underlying EPO, and on top of it, you can deploy the various components as you require. This is unlike other solutions like Symantec where you have to deploy everything or nothing. With this solution, you can choose to only deploy antivirus or only deploy a firewall, or only something else. I choose the components and that deployment is done through EPO. It makes manageability very flexible."
"I think the costing is fine compared to other products. Cost-wise you definitely get value for your money."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"The product is easy to customize."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"Wazuh is simple to use for PCI compliance."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"The logs could be better."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The price should be adjustable by region."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"Recently, Trellix has introduced a CDR, which involves more manual response than automatic. I believe they should enhance the system by adding features like automated response and the ability to create custom playbooks. This is crucial for an EDR solution, and currently, Trellix lacks this feature while other products offer it."
"Its pricing needs to be improved."
"With McAfee, if there is a zero-day vulnerability, you have to download the patch for it from the McAfee website, then apply it to your endpoint."
"When it runs in the background of the endpoint, the devices get slowed down for some applications."
"It would be nice if the solution were to allow not just on-cloud management, but on-premises, as well."
"It would be a lot easier if I could add multiple user accounts within a single device."
"The solution consumes a lot of end user memory and CPU. Trellix doesn't really focus much on the anti-malware side."
"On the next release, they should build an easier way to see a repair option within the McAfee icon on your system tray. If there was an issue, you should be able to contact the user or just right-click on "repair". That would be a very good feature to add. That could be a place of improvement, just adding that button, or customizing it."
"Integration with Vyara could be better."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
"Its configuration process is time-consuming."
"The tool doesn't detect anomalies or new environments."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
Trellix Endpoint Security is ranked 10th in Extended Detection and Response (XDR) with 94 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Trellix Endpoint Security is rated 8.0, while Wazuh is rated 7.4. The top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and Trend Micro Deep Security, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and USM Anywhere. See our Trellix Endpoint Security vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.