We performed a comparison between Elastic Security and Trellix Endpoint Security based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"The most valuable aspect is undoubtedly the exploration capability"
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"The performance is good and it is faster than IBM QRadar."
"The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed."
"ELK documentation is very good, so never needed to contact technical support."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"Stability-wise, I rate the solution a ten out of ten."
"It's not very complicated to install Elastic."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"The installation is pretty straightforward."
"What I like best is the integrated end-to-end security that works with the security information and events manager."
"Automatic user recovery prior to Windows booting up."
"I like trap prevention DNS and threat prevention."
"It has been protecting us for many years, and we hope it will continue to do so for many years to come."
"It's easy to use and it's very powerful. It offers nice endpoint protection."
"Would benefit with the addition of DLP features."
"The most valuable feature is the centralized console where everything can be controlled by the administration."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"The solution does not offer a unified response and standard data."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"The logs could be better."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"Better integration with third-party APMs would be really good."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"Technical support could respond faster."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"There isn't really a very good user experience. You need a lot of training."
"The solution takes up a high amount of memory and can cause the system to hang."
"It didn't work well for some of the use cases. We have different use cases for each entity. Their support is also not good and needs improvement."
"Trying to move away from the signature model for antivirus and malware blocking is something that would be nice. Instead of having to update every day, which is signature-based, moving to more of a kernel or architecture-based model would probably be beneficial."
"Recently, Trellix has introduced a CDR, which involves more manual response than automatic. I believe they should enhance the system by adding features like automated response and the ability to create custom playbooks. This is crucial for an EDR solution, and currently, Trellix lacks this feature while other products offer it."
"With McAfee, if there is a zero-day vulnerability, you have to download the patch for it from the McAfee website, then apply it to your endpoint."
"It can be quite complicated to learn McAfee Endpoint Security and to feel comfortable with the environment."
"The local technical support could be better."
"Tech support is not as helpful as they were in the past."
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 58 reviews while Trellix Endpoint Security is ranked 10th in Extended Detection and Response (XDR) with 94 reviews. Elastic Security is rated 7.6, while Trellix Endpoint Security is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and Trend Micro Deep Security. See our Elastic Security vs. Trellix Endpoint Security report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.