We performed a comparison between Elastic Security and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The connectivity and analytics are great."
"The Log analytics are useful."
"The UI-based analytics are excellent."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"The scalability is good. It can be scaled easily in the production environment."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"The performance is good and it is faster than IBM QRadar."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"Compared to other solutions, the user interface is good."
"McAfee as a whole is a good solution."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The playbook is a bit difficult and could be improved."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."
"We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"The solution could offer better reporting features."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"Sometimes, the solution isn't the easiest to use."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"Product currently requires Flash."
"The support from McAfee ESM could improve. They could improve the speed."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"The initial setup is difficult and could improve."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"I would like to see fingerprint recognition included in the next release of this solution."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 58 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Elastic Security is rated 7.6, while Trellix ESM is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Microsoft Defender XDR. See our Elastic Security vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.