We performed a comparison between Exabeam Fusion SIEM and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Free ingestion for Azure logs (with E5 licence)"
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The pricing of the product is excellent."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"The advanced analytics has a really great overview of user behavior."
"The way it can connect with AWS is very useful, and the integrations are pretty good."
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"The solution's initial setup process is easy."
"Timeline based analysis; good platform support"
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"Trellix ESM is very user-friendly."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"It is easy to use."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"The support I have received from the vendor has been great."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"I believe if it were more flexible it would be a better product."
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"The only problem is that the UI is not very impressive."
"We still have questions surrounding hardware deployment."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
"They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however."
"The organzation is rigid and not flexible in the way they operate"
"The user interface could be more user-friendly."
"I would like to see improvements to the user interface."
"Tech support is required each time there is a system update of the solution."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"I would like to see fingerprint recognition included in the next release of this solution."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
Exabeam Fusion SIEM is ranked 26th in Security Information and Event Management (SIEM) with 10 reviews while Trellix ESM is ranked 17th in Security Information and Event Management (SIEM) with 34 reviews. Exabeam Fusion SIEM is rated 8.0, while Trellix ESM is rated 7.4. The top reviewer of Exabeam Fusion SIEM writes "Enables centralized log collection on a single platform". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Exabeam Fusion SIEM is most compared with IBM Security QRadar, Palo Alto Networks Cortex XSOAR, Splunk Enterprise Security, Splunk User Behavior Analytics and Rapid7 InsightIDR, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and Fortinet FortiSIEM. See our Exabeam Fusion SIEM vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.