We performed a comparison between RSA enVision and Trellix ESM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"The most valuable feature of this solution is the reporting."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"Compared to other solutions, the user interface is good."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"The support I have received from the vendor has been great."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"Trellix ESM is very user-friendly."
"It has performed well and delivered the results that I have been looking for."
"It is easy to use."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The solution could be more user-friendly; some query languages are required to operate it."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The on-prem log sources still require a lot of development."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The integration could be easier, it should support more products."
"RSA enVision log manager is out of date and is not in use anymore."
"In general, the solution currently isn't user-friendly."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"I would like to see fingerprint recognition included in the next release of this solution."
"There should be support for multitenancy in the product."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"Tech support is required each time there is a system update of the solution."
"Customized reports and alerting functionality could be included in the dashboard."
RSA enVision is ranked 36th in Security Information and Event Management (SIEM) with 5 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. RSA enVision is rated 6.8, while Trellix ESM is rated 7.4. The top reviewer of RSA enVision writes "Though the solution offers good technical support, it needs to be made more user-friendly ". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". RSA enVision is most compared with NetWitness Platform, Splunk Enterprise Security and IBM Security QRadar, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.