We performed a comparison between Netsurion and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The features that stand out are the detection engine and its integration with multiple data sources."
"The initial setup is very simple and straightforward."
"We have no complaints about the features or functionality."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"I think Netsurion scales well. We've gone from a small number of agents up to thousands. So I would imagine that it would continue to scale. I don't see any issue with that."
"The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location."
"If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically."
"We have also integrated our endpoint security into the Netsurion SIEM. That's important because we have all the events in one place; we don't have to manage them in multiple places. In addition, the embedded MITRE ATT&CK Framework was paramount in our decision to choose Managed Threat Protection because the MITRE Framework is the industry standard for threats."
"I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one."
"We don't have the eyeballs available to stare and watch for things, or even have the capability of building internal alert systems. So, the managed SOC has been huge for freeing up staff to work on other responsibilities. We are saving on at least one full-time employee."
"I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows."
"The real-time alerting for things such as people getting dropped into a VPN group or the domain admin group — things like that which really shouldn't happen without proper change management, but we all know the reality, they do from time to time — gives me real-time visibility into what's going on."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"The most valuable feature is the correlation rules."
"The product’s most valuable feature is log monitoring."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"It is easy to use."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"We'd like to see more connectors."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"There is room for improvement in entity behavior and the integration site."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"They have their programs and tools that you have to put into your own environment. We basically ingest all the log data and then push it out to them. I wish it was a little bit different than that where we just push directly towards them. I do not know if that is a function that they thought would be better in terms of security, but I wish that instead of doing that, it should go from the device to them and not from the device to another system and then out to them. There seem to be some drawbacks to doing that."
"The weekly reporting could use some improvement. For example, when we handed them our landscape document, it took longer than I would have liked for those details to become noticeable within the reports."
"The agents on the endpoints seem to fail quite a bit, requiring manual involvement from the local administrators. I would like to see their product be much more ad hoc and update automatically."
"The biggest problem is that we have too many domain controllers. So, we have to keep all the clients and main system updated with the latest versions along with making sure all the firewalls are open."
"I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports."
"We get a report generated on a particular day of the week and we go through it, trying to mitigate problems and make sure we're seeing everything that's happening. It would be helpful if the SOC spent a little more time with us going through some of those reports."
"The threat detection and response is passive. We have asked if there were options for taking action, and we have not gotten any feedback on that, which would be useful to know. Depending on the situation and threat, some actions may not be possible, but we haven't gotten any feedback on what options could be directed and actionable with the understanding that it may have an extra cost. It would be nice to know or find out if it is actually possible to take actions by a SIEM service or a SIEM agent."
"The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"Tech support is required each time there is a system update of the solution."
"I would like to see good analytics in future releases."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
Netsurion is ranked 15th in Security Information and Event Management (SIEM) with 24 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Netsurion is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Netsurion is most compared with Arctic Wolf Managed Detection and Response, CyberHat CYREBRO and Wazuh, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our Netsurion vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.