We performed a comparison between i-SIEM and Trellix ESM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."It has a lot of great features."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"As a result of the automation, we are able to manage SIEM with a small security team. I'm in a unique position where we have been growing the security organization quite rapidly over the last three and a half years. But, as a direct result of the empow transition and legacy collection of tools towards the empow platform, we've been able to keep that head count flat. We've been able to redirect a lot of the security team's time away from the wash, rinse, repeat activities of responding to alarms where we have a high degree of confidence that they will be false positives, adjusting the rules accordingly. This can be a bit frustrating for the analyst when they have to spend hours a day dealing with these types of probable false positives. So, it has helped not only us keep our headcount flat relative to the resources necessary to provide the assurances that our executives expect of us for monitoring, but allows our analyst team to spend the majority of their time doing what they love. They are spending their time meaningfully with a higher degree of confidence and enjoying getting into the incident response type activity."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"This solution integrates easily and very well with other technologies."
"It is easy to use."
"The support I have received from the vendor has been great."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Sentinel's reporting is complex and can be more user-friendly."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The solution should allow for a streamlined CI/CD procedure."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Relative to keeping up with the sheer pace of cloud-native technologies, it should provide more options for clients to deploy their technologies in unique ways. This is an area that I recommend that they maintain focus."
"I would like to see improvements to the user interface."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"The product's stability is an area of concern where improvements are required."
Earn 20 points
i-SIEM is ranked 44th in Security Information and Event Management (SIEM) while Trellix ESM is ranked 17th in Security Information and Event Management (SIEM) with 34 reviews. i-SIEM is rated 9.0, while Trellix ESM is rated 7.4. The top reviewer of i-SIEM writes "The alert fatigue and false positive rates have just plummeted, which is really exciting". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". i-SIEM is most compared with Splunk Enterprise Security, AlienVault OSSIM, IBM Watson for Cyber Security and AWS Security Hub, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and Fortinet FortiSIEM.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.