• Home
  • Sentinel vs. Trellix ESM

Sentinel vs Trellix ESM comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews
32,763 views|18,195 comparisons
92% willing to recommend
OpenText Logo

Sentinel

Read 16 Sentinel reviews
1,425 views|1,429 comparisons
81% willing to recommend
Trellix Logo

Trellix ESM

Read 34 Trellix ESM reviews
3,720 views|1,591 comparisons
76% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Sentinel vs. Trellix ESM
March 2024
Executive Summary

We performed a comparison between Sentinel and Trellix ESM based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Sentinel vs. Trellix ESM Report (Updated: March 2024).
Download the complete report
768,415 professionals have used our research since 2012.
Featured Review
Santhosh I
Helps prioritize threats and decreases time to detect and time to respond.
The solution improved our organization in a few ways. The key one is the cloud layer of integrations. When we were on-premises with SAP monitoring... Read more →
Marshalleno Skosan
Native integrations are hassle free and transactional user data enhances security
We have not necessarily realized the power of the solution but find integrations with other products to be valuable. We are able to understand how... Read more →
Daniel Durian
Provides visibility of all the traffic within the company infrastructure
It provides threat monitoring from the Internet and if there is malicious activity on the end-point, the ESM can provide us what host is affected.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent.""We are able to deploy within half an hour and we only require one person to complete the implementation.""The machine learning and artificial intelligence on offer are great.""The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native.""The Log analytics are useful.""Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself.""The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance.""The connectivity and analytics are great."

More Microsoft Sentinel Pros →

"The stability is phenomenal and we never had any issues with downtime or even had to restart.""The most valuable feature of this solution is that it provides a central locking system for many event sources.""One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this.""The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this.""The solution lets us get all the logs properly and regularly monitor customer infrastructure.""Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network.""The solution's Kusto Query Language (KQL) execution time is pretty good.""It makes everything easier by automating some tasks and growing with our needs."

More Sentinel Pros →

"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it.""The product’s most valuable feature is log monitoring.""The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure.""It enables us to detect malicious threats, issues, or vulnerabilities in our network.""McAfee as a whole is a good solution.""It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints.""It is user-friendly. The notification part of McAfee ESM is very easy.""The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."

More Trellix ESM Pros →

Cons
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed.""Sentinel's reporting is complex and can be more user-friendly.""We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers.""I would like to be able to monitor applications outside of the Azure Cloud.""Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks.""Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification.""The product can be improved by reducing the cost to use AI machine learning.""For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."

More Microsoft Sentinel Cons →

"Log source integration with Sentinel needs to be improved.""The solution does not allow outsourced authorizations.""It is an ancient product.""The dashboard and customer view should be improved""There is no integration in the web-side of the tool.""There is a need for more flexibility in customization, especially when working with different vendors and platforms.""I would like to see a better reporting work structure on the dashboard.""This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."

More Sentinel Cons →

"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics.""There's no software support from McAfee.""The support from McAfee ESM could improve. They could improve the speed.""The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use.""We cannot add new data sources to the most recent version.""I would like to see improvements to the user interface.""Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface.""The product’s alert response feature needs improvement. It could be more flexible and secure."

More Trellix ESM Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "We inquired about getting support from the vendor, Micro Focus, but the cost was very high."
  • "We receive a pricing discount because of our ongoing partnership with Micro Focus."
  • "Sentinel's slightly on the expensive side."
  • "The solution’s pricing is aligned with its competitors."
  • "Sentinel is a subscription-based solution."
  • "Sentinel is an expensive solution."
  • "Sentinel is moderately priced."

    • More Sentinel Pricing and Cost Advice →

  • "You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."
  • "We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees."
  • "The cost is dependent on the customer's environment and requirements."
  • "The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar."
  • "The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."
  • "We renew our license annually."
  • "McAfee is the right choice for a low-budget solution."
  • "The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."

    • More Trellix ESM Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    768,415 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What do you like most about NetIQ Sentinel?
    Top Answer:The solution lets us get all the logs properly and regularly monitor customer infrastructure.
    Read all 10 answers   →
    What is your experience regarding pricing and costs for NetIQ Sentinel?
    Top Answer:Sentinel is moderately priced.
    Read all 8 answers   →
    What needs improvement with NetIQ Sentinel?
    Top Answer:While it is great with Microsoft, there is a need for more flexibility in customization, especially when working with… more »
    Read all 9 answers   →
    What do you like most about McAfee ESM?
    Top Answer:The solution's technical support is great.
    Read all 22 answers   →
    What is your experience regarding pricing and costs for McAfee ESM?
    Top Answer:The product is slightly expensive. They offer some discount on the purchase of a certain number of nodes. They should… more »
    Read all 16 answers   →
    What needs improvement with McAfee ESM?
    Top Answer:The integration capabilities of Trellix ESM with SaaS solutions are an area of concern where improvements are needed… more »
    Read all 20 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    NetIQ Sentinel, Novell SIEM
    McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager
    Learn More
    Microsoft
    OpenText
    Trellix
    Video Not Available
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Sentinel is a full-featured Security Information and Event Management (SIEM) solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers the true "actionable intelligence" security professionals need to quickly understand their threat posture and prioritize response.

    Make your organization more resilient and confident with Trellix Security Operations. Filter out the noise and cut complexity to deliver faster, more effective SecOps. Integrate your existing security tools and connect with over 650 Trellix solutions and third-party products.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Faysal Bank, GaVI, Handelsbanken, ISC Mªnster, Lambeth Council, Swisscard, The Municipality of Siena, Tukes, University of Dayton, University of the Sunshine Coast
    San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Comms Service Provider36%
    Non Tech Company9%
    Computer Software Company9%
    Government9%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Government13%
    Financial Services Firm9%
    Manufacturing Company8%
    REVIEWERS
    Financial Services Firm25%
    Government15%
    Healthcare Company10%
    Manufacturing Company10%
    VISITORS READING REVIEWS
    Educational Organization70%
    Computer Software Company5%
    Government4%
    Financial Services Firm4%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business50%
    Midsize Enterprise17%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise15%
    Large Enterprise63%
    REVIEWERS
    Small Business29%
    Midsize Enterprise15%
    Large Enterprise56%
    VISITORS READING REVIEWS
    Small Business8%
    Midsize Enterprise74%
    Large Enterprise18%
    Buyer's Guide
    Sentinel vs. Trellix ESM
    March 2024
    Free Report: Sentinel vs. Trellix ESM
    Find out what your peers are saying about Sentinel vs. Trellix ESM and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,415 professionals have used our research since 2012.

    Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Sentinel is rated 7.6, while Trellix ESM is rated 7.4. The top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Sentinel is most compared with Splunk Enterprise Security, IBM Security QRadar, Google Chronicle Suite, Wazuh and LogRhythm SIEM, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our Sentinel vs. Trellix ESM report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.