We performed a comparison between Elastic Security and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"Elastic is straightforward, easy to integrate, and highly customizable."
"The most valuable feature for me is Discover."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"The product has huge integration varieties available."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"Compared to other solutions, the user interface is good."
"Trellix ESM is very user-friendly."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"The support I have received from the vendor has been great."
"The troubleshooting has room for improvement."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The solution should allow for a streamlined CI/CD procedure."
"The reporting could be more structured."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"The solution could offer better reporting features."
"Their visuals and graphs need to be better."
"I would like more ways to manage permissions and restrict access to certain users."
"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."
"We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."
"Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"Tech support is required each time there is a system update of the solution."
"There's no software support from McAfee."
"I would like to see improvements to the user interface."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"The user interface could be more user-friendly."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"We cannot add new data sources to the most recent version."
"Product currently requires Flash."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 58 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Elastic Security is rated 7.6, while Trellix ESM is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Microsoft Defender XDR. See our Elastic Security vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.