Snare vs Trellix ESM comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
33,792 views|18,846 comparisons
Intersect Alliance Logo
590 views|422 comparisons
Trellix Logo
3,853 views|1,686 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Snare and Trellix ESM based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Snare vs. Trellix ESM Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance.""The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it.""The initial setup is very simple and straightforward.""There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection.""Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly.""Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements.""Microsoft Sentinel comes preloaded with templates for teaching and analytics rules.""If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."

More Microsoft Sentinel Pros →

"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value.""The best thing about Snare is its format and consistency.""Snare has good agents, especially for Windows."

More Snare Pros →

"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use.""The solution is 100% stable. We really have had a great time working with it. It hasn't let us down.""It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself.""McAfee as a whole is a good solution.""The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure.""Trellix ESM is very user-friendly.""The most valuable feature is the correlation rules.""The most valuable feature in ESM is its search and reporting feature. It's really nice."

More Trellix ESM Pros →

Cons
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft.""The solution could be more user-friendly; some query languages are required to operate it.""Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex.""The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results.""There is room for improvement in entity behavior and the integration site.""For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons.""Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter.""It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."

More Microsoft Sentinel Cons →

"Users will initially find it difficult to identify the event types and installation in Snare.""Snare should modernize its GUI a little bit.""The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."

More Snare Cons →

"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI.""There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee.""I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore.""The user interface could be more user-friendly.""There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable.""Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved.""The product’s alert response feature needs improvement. It could be more flexible and secure.""We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."

More Trellix ESM Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • More Microsoft Sentinel Pricing and Cost Advice →

  • "Snare has reasonable pricing."
  • "On a scale from one to ten, where one is cheap, and ten is expensive, I rate Snare's pricing a four out of ten."
  • "Snare is a cheap solution because a lot of customers are using it."
  • More Snare Pricing and Cost Advice →

  • "You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."
  • "We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees."
  • "The cost is dependent on the customer's environment and requirements."
  • "The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar."
  • "The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."
  • "We renew our license annually."
  • "McAfee is the right choice for a low-budget solution."
  • "The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."
  • More Trellix ESM Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    Questions from the Community
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Top Answer:The best thing about Snare is its format and consistency.
    Top Answer:Snare is a cheap solution because a lot of customers are using it.
    Top Answer:Users will initially find it difficult to identify the event types and installation in Snare.
    Top Answer:The solution's technical support is great.
    Top Answer:The product is slightly expensive. They offer some discount on the purchase of a certain number of nodes. They should… more »
    Top Answer:The integration capabilities of Trellix ESM with SaaS solutions are an area of concern where improvements are needed… more »
    Comparisons
    Also Known As
    Azure Sentinel
    McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager
    Learn More
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Snare customers consistently tell us that as the financial and reputational consequences of data breaches, cyber threats like malware and ransomware and the constant risks from insider threats increase that they have urgent and ongoing requirements for maintaining regulatory compliance, auditing and managing cyber threat detection and response. They also tell us that existing solutions like SIEM are often complex to implement and maintain, require specialised technical resources or are increasingly unaffordable or variable in their pricing. As a result of these increased requirements Prophecy International has created the Snare product suite.

    Compliance requirements can include any number of regulatory mandates including PCI-DSS, Sarbanes Oxley, HIPAA, NERC, GDPR and more. This makes Snare a high value solution for companies in the Government, Defence and Military sectors, Banking, Finance and Insurance, Retail, Health, Energy, Oil & Gas markets.

    Snare is a complete suite of Centralised Log Management (CLM), Security Analytics and SIEM tools.

    Created by ex military personnel for military use it offers the highest level of security.

    Designed to work as part of your security ecosystem Snare also integrates with most other SIEMs including SPLUNK, QRadar, ARCSight and many more. With over 3,000 customers worldwide using Snare for compliance, auditing and threat response, Snare is the name you can trust.

    From Enterprise Agents for Windows, Unix, Linux, OSX, Flat files and Databases to a complete forensics and long term log storage platform, agent management console, multipoint log reflector, advanced log analytics and next gen SIEM capability. Either hosted or on prem with both Opex and Capex pricing models, Snare is a one stop shop for CLM and SIEM. Snare product suite is broadly split into two areas:

    • Centralised Log Management and Snare Analytics

    Centralised Log Management incorporates and 4 core technologies

    • Snare Enterprise Agents
    • Snare Reflector
    • Snare Agent Management Console
    • Snare Central Service

    Snare Analytics incorporates another 4 core technologies

    • Enhanced Snare Central Server incorporating Analytics
    • Data Ingestion Technologies (via our Adaptors)
    • Dashboards and Visualisations including custom KPI engine
    • Runbook – enabling SOAR

    These products can be bought independently or combined into a compete solution. You can also “mix and match” with your current security technologies ensuring that you can leverage your existing investments.

    Make your organization more resilient and confident with Trellix Security Operations. Filter out the noise and cut complexity to deliver faster, more effective SecOps. Integrate your existing security tools and connect with over 650 Trellix solutions and third-party products.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Military, Defence and Security Agencies, Banking Finance and Insurance companies, Retail, Health and Utilities.
    San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Government15%
    Computer Software Company13%
    Financial Services Firm12%
    Manufacturing Company11%
    REVIEWERS
    Financial Services Firm25%
    Government15%
    Computer Software Company10%
    Manufacturing Company10%
    VISITORS READING REVIEWS
    Educational Organization69%
    Computer Software Company5%
    Government4%
    Financial Services Firm4%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise60%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise7%
    Large Enterprise73%
    REVIEWERS
    Small Business29%
    Midsize Enterprise15%
    Large Enterprise56%
    VISITORS READING REVIEWS
    Small Business8%
    Midsize Enterprise73%
    Large Enterprise19%
    Buyer's Guide
    Snare vs. Trellix ESM
    March 2024
    Find out what your peers are saying about Snare vs. Trellix ESM and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    Snare is ranked 38th in Security Information and Event Management (SIEM) with 3 reviews while Trellix ESM is ranked 17th in Security Information and Event Management (SIEM) with 34 reviews. Snare is rated 8.0, while Trellix ESM is rated 7.4. The top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Snare is most compared with syslog-ng, Splunk Enterprise Security, SolarWinds Kiwi Syslog Server, LogRhythm SIEM and Elastic Security, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and Fortinet FortiSIEM. See our Snare vs. Trellix ESM report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.