We performed a comparison between Cybereason Endpoint Detection & Response and Trellix ESM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"The stability is very good."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"The most valuable feature is the analysis, because of the beta structure."
"The price is low and quite competitive with others."
"Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment."
"The interface is user-friendly."
"The dashboard is very good and you can consider it as an interactive UI."
"I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten."
"Immediately we can pick up the computers in the network if any malicious operation that is triggered."
"The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running."
"The solution is efficient."
"The initial setup is not overly complicated."
"Compared to other solutions, the user interface is good."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"This solution integrates easily and very well with other technologies."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"Trellix ESM is very user-friendly."
"McAfee as a whole is a good solution."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"I haven't seen the use of AI in the solution."
"FortiEDR can be improved by providing more detailed reporting."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"Detections could be improved."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The dashboard isn't easy to access and manage."
"Its Microsoft PowerShell protections still need some compatibility improvements. We have run across just a few. It is compatible with 90% of what we have in our network, but there is that 10% that we are still struggling with as far as compatibility with the type of PowerShell scripts needed to run our day-to-day business."
"Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group."
"The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor."
"What needs to improve in Cybereason Endpoint Detection & Response and what I'd like to see in its next release is a centralized dashboard that allows you to view what is there, similar to what's on Symantec Endpoint Protection Manager: a beautiful display and reporting. Cybereason Endpoint Detection & Response has to start with the compliance, the homepage, etc. Everything should be there and should be customizable. The options should be there. The tool is very good currently, but visibility for IT administrators is lacking and needs to be worked on."
"While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper."
"The integration with Microsoft solutions and Microsoft capabilities needs to be improved."
"It initially took some time to deploy."
"Cybereason does not have sandbox functionality."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"Tech support is required each time there is a system update of the solution."
"There's no software support from McAfee."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"The solution needs to improve case management. The UI is confusing."
"The initial setup is difficult and could improve."
"Product currently requires Flash."
More Cybereason Endpoint Detection & Response Pricing and Cost Advice →
Cybereason Endpoint Detection & Response is ranked 37th in Endpoint Detection and Response (EDR) with 19 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Cybereason Endpoint Detection & Response is rated 8.0, while Trellix ESM is rated 7.4. The top reviewer of Cybereason Endpoint Detection & Response writes "It has helped us become more knowledgeable about our environment and aware of threats". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Cybereason Endpoint Detection & Response is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Cortex XDR by Palo Alto Networks, Darktrace and SentinelOne Singularity Complete, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and SQRRL.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.