We performed a comparison between Trellix Endpoint Security and NetWitness XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Trellix Endpoint Security users like the ePolicy Orchestrator, the solution’s robust central management console. NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Trellix could improve by reducing resource usage, enhancing stability, and making the solution more user-friendly. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine.
Service and Support: Some users say Trellix support is helpful and responsive, while others believe there is room for improvement in communication and resolution times. NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours.
Ease of Deployment: Setting up Trellix Endpoint Security is simple if the user has some expertise. Some users found the initial setup of NetWitness uncomplicated, but others faced challenges.
Pricing: Trellix Endpoint Security’s pricing is considered flexible, competitive, and about average compared to other solutions. The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support.
ROI: Users reported saving time by implementing Trellix Endpoint Security. NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics.
Comparison Results: Our users prefer Trellix Endpoint Security over NetWitness XDR. Users praised Trellix's extensive management capabilities, low resource usage, and reasonable price. NetWitness XDR receives mixed reviews for its slower performance, and complex licensing. Users also that NetWitness could improve its threat intelligence and user interface. Trellix Endpoint Security earned positive feedback for its customer service and support, while some NetWitness users were unsatisfied with response times.
"I have found the ability to delete unwanted threats beneficial."
"Microsoft 365 Defender is a stable solution."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"The integration, visibility, vulnerability management, and device identification are valuable."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"The summarization of emails is a valuable feature."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The stability of the RSA NetWitness Endpoint is very good."
"The log correlation is good."
"It is stable. We have been using it for some time, without any issues."
"Technical support is knowledgeable."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"We like the management of the ePO, and we like the management console."
"We receive good protection with this solution."
"The most valuable features are reporting from the ePO console and the advanced threat protection (ATP)."
"The user behavioral analysis feature is great."
"I have found many of the features to be useful."
"Trellix Endpoint Security offers robust access protection, addressing major concerns in prevention. It provides both application control and user access control within its access protection features."
"It also allows multifunctionality within a single platform."
"It provides a lot of information and great visibility, with really great options for managing the environment."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"The support could be more knowledgable to improve their offering."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"The price should be adjustable by region."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"The initial setup requires a high level of skill."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The solution needs to offer better local technical support."
"We would like to see all the features available on cloud."
"I think it would be nice if Dynamic Application Control would come together with McAfee Endpoint Security."
"While we are pleased with the endpoint solution, there should also be a separate one for the firewall."
"The user interface could be improved by making it more user-friendly. There are multiple solutions and there is no clear line differentiating all of them. There is a centralized console where we manage everything but most of the administrators feel a little confused when it comes to managing multiple products from a single place."
"We’re facing remote installation issues sometimes:"
"The product is not easy to use."
"The management console is a little bit difficult to understand for admins. You need a lot of time in order to become familiar with that. It is a little bit complicated and not too easy to understand. Its price can also be improved. Its price is higher than its competitors. McAfee also needs to have better cloud integration and more data centers in the EU. The cloud center should be in Europe or in Germany. In Germany, it is really important to have access to your data within the same country. Customer data needs to be placed and processed in the same country."
NetWitness XDR is ranked 41st in Endpoint Protection Platform (EPP) with 15 reviews while Trellix Endpoint Security is ranked 10th in Endpoint Protection Platform (EPP) with 95 reviews. NetWitness XDR is rated 8.0, while Trellix Endpoint Security is rated 8.0. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint, whereas Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and Trend Micro Deep Security. See our NetWitness XDR vs. Trellix Endpoint Security report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.