We performed a comparison between Elastic Security and Trellix Endpoint Security based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"The solution is well integrated with applications. It is easy to maintain and administer."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The solution is quite stable. The performance has been good."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"The solution is broken down into different components from the portals. Web filtering, which is an added feature has been great for us."
"The initial setup of Trellix Endpoint Security was straightforward."
"The most valuable features are the prevention layer that detects the signature value and prevents threats in the network."
"The most valuable features are the adaptive tech on McAfee."
"The most valuable features are reporting from the ePO console and the advanced threat protection (ATP)."
"I have found many of the features to be useful."
"What I like best is the integrated end-to-end security that works with the security information and events manager."
"One valuable feature is Threat Prevention with the on-demand scan."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"Sometimes, configurations take much longer than expected."
"At times, there may be delays in the execution of certain actions and their effects."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"The solution could offer better reporting features."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"This solution is very hard to implement."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"I would like this solution to do what Palo Alto traps does because I would only need to run this one product."
"It can be quite complicated to learn McAfee Endpoint Security and to feel comfortable with the environment."
"Some agents become old and then they don't communicate well any longer."
"They can make it free, but that's not going to happen."
"It would be nice if the solution were to allow not just on-cloud management, but on-premises, as well."
"While we are pleased with the endpoint solution, there should also be a separate one for the firewall."
"The solution takes up a high amount of memory and can cause the system to hang."
"We know that McAfee isn't the best antivirus and it can't protect us 100%, although we are okay with the level of protection that it gives us."
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 58 reviews while Trellix Endpoint Security is ranked 10th in Extended Detection and Response (XDR) with 94 reviews. Elastic Security is rated 7.6, while Trellix Endpoint Security is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and Trend Micro Deep Security. See our Elastic Security vs. Trellix Endpoint Security report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.