We performed a comparison between Sumo Logic Security and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The UI-based analytics are excellent."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"We use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people."
"It helps a lot because we can troubleshoot issues pretty easily."
"Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos."
"Technical support is always great."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"It is easy to use."
"McAfee as a whole is a good solution."
"It has performed well and delivered the results that I have been looking for."
"This solution integrates easily and very well with other technologies."
"Trellix ESM is very user-friendly."
"The product’s most valuable feature is log monitoring."
"The solution's technical support is great."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Sentinel's reporting is complex and can be more user-friendly."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"We would like the ability to drill down into a dashboard and get into deeper levels."
"The initial setup is the most stressful, like learning how to use it."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"The solution should improve its UI."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"We cannot add new data sources to the most recent version."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"The user interface could be more user-friendly."
"Product currently requires Flash."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
Sumo Logic Security is ranked 20th in Security Information and Event Management (SIEM) with 17 reviews while Trellix ESM is ranked 17th in Security Information and Event Management (SIEM) with 34 reviews. Sumo Logic Security is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of Sumo Logic Security writes "Integrates well, useful rules, and beneficial GUI". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Sumo Logic Security is most compared with Wazuh, Splunk Enterprise Security, Rapid7 InsightIDR, VMware Aria Operations for Logs and IBM Security QRadar, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and Fortinet FortiSIEM. See our Sumo Logic Security vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.