We performed a comparison between Logpoint and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The initial setup is very simple and straightforward."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Log aggregation and data connectors are the most valuable features."
"They basically charge you in a better way."
"The solution's user interface is quite simple, and the integration is better than other products."
"The solution's most valuable aspect is the combination of the software and the support that they have."
"The integration is very user-friendly. There are not many CLI commands. Everything is directly accessible from the web interface."
"The product is easy to use."
"The solution is user-friendly."
"The most valuable features are the ones that we use the most, which are the search and report facilities."
"It is a very comprehensive solution for gathering data. It has got a lot of capabilities for collecting logs from different systems. Logs are notoriously difficult to collect because they come in all formats. LogPoint has a very sophisticated mechanism for you to be able to connect to or listen to a system, get the data, and parse it. Logs come in text formats that are not easily parseable because all logs are not the same, but with LogPoint, you can define a policy for collecting the data. You can create a parser very quickly to get the logs into a structured mechanism so that you can analyze them."
"Trellix ESM is very user-friendly."
"It is easy to use and deploy. It comes with user-friendly manuals."
"The most valuable feature is the correlation rules."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"We'd like to see more connectors."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The only thing is sometimes you can have a false positive."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The solution could improve the playbooks."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products."
"LogPoint can improve its dashboards. We are not able to customize the dashboard when creating them. They only have preset dashboards which do not have exactly what we are looking for."
"The solution should offer more integrations and third-party solutions like incident response platforms or allow access to third-party big data"
"Sometimes, the product is not stable."
"What could be improved in LogPoint is its UI because it's less friendly to users than LogRhythm. The UI could be more aesthetically appealing to users. It's completely outdated."
"The interface needs things like wizards that will assist with creating complex correlation rules."
"It is complicated to collect daily logs from other systems."
"The general public wasn't looking for that type of product unless you had a company that was medical or financial and needed 24-hour responsiveness."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"The support from McAfee ESM could improve. They could improve the speed."
"Product currently requires Flash."
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
"The initial setup is difficult and could improve."
Logpoint is ranked 26th in Security Information and Event Management (SIEM) with 20 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. Logpoint is rated 7.4, while Trellix ESM is rated 7.4. The top reviewer of Logpoint writes "Good technical support but it is complex to use and resource-heavy". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Logpoint is most compared with IBM Security QRadar, Elastic Security, Rapid7 InsightIDR, Wazuh and LogRhythm SIEM, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and Cybereason Endpoint Detection & Response. See our Logpoint vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.