We performed a comparison between Trellix ESM and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"It is easy to use and deploy. It comes with user-friendly manuals."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"The product’s most valuable feature is log monitoring."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"The solution's technical support is great."
"This solution integrates easily and very well with other technologies."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"The most valuable features include predefined use cases and threatening states."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"The product can be improved by reducing the cost to use AI machine learning."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"The product's stability is an area of concern where improvements are required."
"It should have more cloud connectors. It could also be cheaper."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"Integrations could be improved, and the dashboard could be a little better."
Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews while Trellix Helix is ranked 32nd in Security Information and Event Management (SIEM) with 7 reviews. Trellix ESM is rated 7.4, while Trellix Helix is rated 8.6. The top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, IBM Security QRadar, USM Anywhere and Palo Alto Networks Cortex XSOAR. See our Trellix ESM vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.