We performed a comparison between Trellix Endpoint Security and NetWitness XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Trellix Endpoint Security users like the ePolicy Orchestrator, the solution’s robust central management console. NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Trellix could improve by reducing resource usage, enhancing stability, and making the solution more user-friendly. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine.
Service and Support: Some users say Trellix support is helpful and responsive, while others believe there is room for improvement in communication and resolution times. NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours.
Ease of Deployment: Setting up Trellix Endpoint Security is simple if the user has some expertise. Some users found the initial setup of NetWitness uncomplicated, but others faced challenges.
Pricing: Trellix Endpoint Security’s pricing is considered flexible, competitive, and about average compared to other solutions. The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support.
ROI: Users reported saving time by implementing Trellix Endpoint Security. NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics.
Comparison Results: Our users prefer Trellix Endpoint Security over NetWitness XDR. Users praised Trellix's extensive management capabilities, low resource usage, and reasonable price. NetWitness XDR receives mixed reviews for its slower performance, and complex licensing. Users also that NetWitness could improve its threat intelligence and user interface. Trellix Endpoint Security earned positive feedback for its customer service and support, while some NetWitness users were unsatisfied with response times.
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"Microsoft 365 Defender is a good solution and easy to use."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"The product is very easy to use."
"The stability of the RSA NetWitness Endpoint is very good."
"It is stable. We have been using it for some time, without any issues."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"Ability to isolate the machine when there are malicious files."
"The interface of this solution is very flexible and easy to use."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"Technical support is knowledgeable."
"The log correlation is good."
"I feel McAfee Endpoint Security to be a good, mature product."
"The loss prevention feature would be the most valuable."
"The installation is pretty straightforward."
"There is a new feature where you can set thresholds for all the CPU consumption allowing for no consumption on the servers when the scans happen. It is a separate plugin or addon, and if we have it on all the virtual machines it automatically checks the resources, and based on that, it will schedule the scans. That is something that I have not seen in other antivirus solutions, such as Symantec."
"The endpoint protection and disk encryption features are the most valuable."
"Anyone can use it, the protection is good, and they have all of the features."
"The product helps us by contacting us if there are any virus attacks on our system."
"The solution offers very good endpoint security."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"At times, there may be delays in the execution of certain actions and their effects."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"The solution lacks a reporting engine."
"RSA NetWitness Network could improve on integration with non-native application integration."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"Threat detection could be better."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"There are certain shortcomings in the features concerning DLP in Trellix, where certain additions must be made in the future."
"Signatures to protect against new attacks."
"The solution should provide a more easy way to uninstall it on specific stations."
"It didn't work well for some of the use cases. We have different use cases for each entity. Their support is also not good and needs improvement."
"The initial setup isn't so easy. You need to know what you are doing."
"We don't like the solution since it requires much memory consumption and consumes much CPU resources."
"We would like to see all the features available on cloud."
"Its pricing needs to be improved."
NetWitness XDR is ranked 41st in Endpoint Protection Platform (EPP) with 15 reviews while Trellix Endpoint Security is ranked 10th in Endpoint Protection Platform (EPP) with 95 reviews. NetWitness XDR is rated 8.0, while Trellix Endpoint Security is rated 8.0. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint, whereas Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and Trend Micro Deep Security. See our NetWitness XDR vs. Trellix Endpoint Security report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.