We performed a comparison between Trellix Endpoint Security and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"It's quite easy to install agents."
"The most valuable feature is ease of use."
"Trellix Endpoint Security offers robust access protection, addressing major concerns in prevention. It provides both application control and user access control within its access protection features."
"When Intel acquired McAfee they worked on the protocol so that all vendors can work on the same platform. It's a very big improvement in McAfee. All McAfee products talk to each other. Other vendor's products can join this platform as well so it makes it more powerful on the enterprise side for McAfee."
"The installation is pretty straightforward."
"The solution is broken down into different components from the portals. Web filtering, which is an added feature has been great for us."
"There is a new feature where you can set thresholds for all the CPU consumption allowing for no consumption on the servers when the scans happen. It is a separate plugin or addon, and if we have it on all the virtual machines it automatically checks the resources, and based on that, it will schedule the scans. That is something that I have not seen in other antivirus solutions, such as Symantec."
"It provides a robust defense against cybersecurity threats while offering user-friendly features like notifications and approval prompts."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"The product’s interface is intuitive."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"It offers built-in modules for file integrity and vulnerability management."
"I like that the solution is on top of the Kubernetes stack."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"The tool is stable."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"The price should be adjustable by region."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"Currently, Trellix Endpoint Security can't find the running mutexes, while other open-source products can do it."
"The platform needs improvement in terms of handling heavy databases."
"Its pricing needs to be improved."
"Users can just install software into their computers. We need some sort of application control system that, if there are any pieces of software that are not whitelisted, then the solution could flag it or maybe alert the administers. That would be very helpful."
"McAfee Endpoint Protection could improve the word control feature."
"I think it would be nice if Dynamic Application Control would come together with McAfee Endpoint Security."
"An area of improvement for this solution is to make it easier to manage."
"The solution's technical support should be improved since we faced a lot of issues with the support. There were some delays in responses from the technical support."
"The only challenge we faced with Wazuh was the lack of direct support."
"The tool does not provide CTI to monitor darknet."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"The implementation is very complex."
"Its configuration process is time-consuming."
"A lack of certain features creates limitations."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
Trellix Endpoint Security is ranked 10th in Extended Detection and Response (XDR) with 94 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Trellix Endpoint Security is rated 8.0, while Wazuh is rated 7.4. The top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and Trend Micro Deep Security, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and USM Anywhere. See our Trellix Endpoint Security vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.