We performed a comparison between Trellix Endpoint Security and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"I feel McAfee Endpoint Security to be a good, mature product."
"Communication with all Mcafee products (also 3rd parties) by DXL infrastructure."
"This is a good solution for antivirus and malware protection."
"I like trap prevention DNS and threat prevention."
"We really like the dashboard from Trellix and we've found that it's pretty informative."
"Threat prevention is valuable because most clients use other solutions like antivirus as part of web protection. I don't find that kind of solution useful."
"There is a new feature where you can set thresholds for all the CPU consumption allowing for no consumption on the servers when the scans happen. It is a separate plugin or addon, and if we have it on all the virtual machines it automatically checks the resources, and based on that, it will schedule the scans. That is something that I have not seen in other antivirus solutions, such as Symantec."
"Trellix Endpoint Security offers robust access protection, addressing major concerns in prevention. It provides both application control and user access control within its access protection features."
"The product’s interface is intuitive."
"The deployment is easy and they provide very good documentation."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"I like that the solution is on top of the Kubernetes stack."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"Intrusion detection and prevention would be great to have with 365 Defender."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"Trellix lacked email protection when it was a McAfee product. They added this feature during the merger with FireEye, but it hasn't been fully integrated. The core features will be integrated into the next release. FireEye has several solutions for EDR and sandboxing."
"An area in need of improvement involves the overview, which usually does not enable one to get the value in reports."
"The user interface could be improved by making it more user-friendly. There are multiple solutions and there is no clear line differentiating all of them. There is a centralized console where we manage everything but most of the administrators feel a little confused when it comes to managing multiple products from a single place."
"There is room to improve with scalability."
"McAfee Endpoint Protection could improve the word control feature."
"We know that McAfee isn't the best antivirus and it can't protect us 100%, although we are okay with the level of protection that it gives us."
"There are certain shortcomings in the features concerning DLP in Trellix, where certain additions must be made in the future."
"Tech support is not as helpful as they were in the past."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"Some features, like alerting, are complex with Wazuh."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"The only challenge we faced with Wazuh was the lack of direct support."
"Its configuration process is time-consuming."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"There could be a hardware monitoring tool for the solution."
Trellix Endpoint Security is ranked 10th in Extended Detection and Response (XDR) with 95 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Trellix Endpoint Security is rated 8.0, while Wazuh is rated 7.4. The top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and Trend Micro Deep Security, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our Trellix Endpoint Security vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.