Trellix Endpoint Security (ENS) Reviews

We use the tool for endpoint security. 

Trellix Endpoint Security has a full suite of DLP. 

The product needs to reduce the usage of RAM and CPU. 

I have been using the solution for three years. 

Trellix Endpoint Security is stable. 

The solution is scalable and works on Windows, Mac, Linux, and mobiles. 

I am satisfied with the solution's support. 

Trellix Endpoint Security's installation was straightforward. It takes around one to two days to complete the installation. 

We did the tool's deployment in-house. 

I rate Trellix Endpoint Security a nine out of ten. 

Trellix Endpoint Security (ENS) is useful as an endpoint security software.

The most valuable feature of the solution is its dashboard.

The dashboard provided by the solution needs to be improved. The customization capabilities of the solution are an area where it lacks, so it would be great if our company could customize the solution to meet the demands of our customers.

In the future, I would like technical support for the solution and its UI to be more efficient.

I have been using Trellix Endpoint Security (ENS) for two years. I usually deal with a product's latest version. My company has a partnership with Trellix.

Stability-wise, I rate the solution an eight out of ten. The solution is mostly stable, but sometimes, there is a need to do some troubleshooting.

Scalability-wise, I rate the solution a seven out of ten.

I rate the technical support an eight out of ten.

Positive

Currently, I work with CrowdStrike since my company has a partnership with it. CrowdStrike is better than Trellix Endpoint Security (ENS). CrowdStrike offers functionalities like machine learning and DLP.

I have used the solution on the cloud and on-premises. Currently, the solution is deployed on the cloud services offered by Trellix, which I feel is a public cloud.

I don't think there are any extra expenses besides its licensing costs.

Maintenance of the solution is required, including some troubleshooting parts managed by five to six engineers in our company.

I recommend the solution to those planning to use it.

Not all solutions in the market are good, though I found Trellix Endpoint Security (ENS) to be a good product.

I rate the overall solution a seven out of ten.

McAfee is used to secure my laptop against online threats and malware. It detects and removes any potential issues from the laptop.

It's good that it periodically scans all my drives. I can stay up to date with the status of my drivers and update them if needed.

One suggestion is they should reduce the constant notifications. Whenever I open my laptop, there are too many notifications from McAfee, and it gets annoying.

I would like to see less notifications.

I have been using this solution for about four to five months because I've just purchased my new laptop. It came with the latest version when I got the laptop.

The stability is good. I receive updates regularly, which is quite good.

It's quite straightforward. You have the dashboard to access all the data protection features, so it's easy to use.

The deployment hardly takes two to three minutes.

For the McAfee process, I didn't need to contact anybody. I just needed to switch on my laptop, and it started on its own.

You need to subscribe to McAfee. There's a subscription on a yearly basis. It's not that expensive; it's quite affordable.

I would suggest giving it a try. Overall, I would rate the solution a nine out of ten. Due to the notifications, I would deduct one point. But overall, it's a nine. It's good.

It can be used for ransomware detection and data exfiltration. It is also able to detect Remote Access Trojan (RAT).

It is easy to use, flexible, and stable. Because it is a cloud-based solution and it integrates all endpoints of the cloud, we can do an IOC-based search. It can search the entire enterprise and tell us the endpoints that are possibly compromised.

It has a feature called Isolation. If a device is compromised, we can connect it to our SOC, and no one would be able to access it. This way we can limit the damage to the network while we are investigating.

Malware detection can be better. It doesn't have support and detection for the recent malware, but it has a compensatory control where it can do the behavior-based assessment and alert you when there is something malicious or unexpected. For example, when a certain user is executing the privilege command, which is not normal. These dynamic detections are good, and they compensate for malware detection.

It has very good integrations. However, its integration with Palo Alto was not good, and they seem to be working on it at the backend. It is not very resource-hungry, but it can be even better in terms of resource utilization. It could be improved in terms of efficiency, memory sizing, and disk consumption by agents.

They have something called Managed Detection and Response. They get intel from their customers, and that intel is shared with the rest of FireEye's customers. I want to subscribe to their intel, but that is not available to us.

I have been using this solution for two years.

It is stable. The FireEye team monitors it, and in case it goes down, we get an alert saying that the device is down. We either get their help or troubleshoot it ourselves to get it up and running.

It is quite scalable. We have scaled it according to their sizing recommendations. They have devices for different bandwidths, models, and offices.

We have about 4,000 people who are using this product. In terms of our plans to increase its usage, we are currently studying two options. One of them will basically scale up to about 40,000 instances.

Their technical support is good. For each region, they seem to have got local support that takes care of all problems. They have support teams in Singapore, India, and North America.

Its initial setup was straightforward. I have done one installation that took about 90 minutes. Virtual installations are straightforward. Physical installations have got some networking interfaces, and one needs to go through the documentation to do it. If you have got the right configuration, it is straightforward.

We have about five people within SOC. We manage the engineering and deployment aspects of it. It is not very resource-hungry.

For its deployment, we just needed about four people. We deployed about 14 appliances and one cloud-based instance. We have automated the deployment. We deployed it via Puppet, so the installation was fast.

We also use CrowdStrike Falcon, which is also endpoint security. At that time, we chose the best option based on our study. Both Falcon and FireEye were doing good in the market, so we basically went ahead with what was the best at that time. We buy the licenses for both of these and then do the deployment.

We also use Sophos, but it is signature-based. We have licenses for the normal management control software of Sophos and the agents. We have not used Sophos Intercept X. My understanding is that it is an EDR, and we look forward to doing a study on it.

Based on my two years of experience with this solution, I would comfortably recommend this solution.

I would rate FireEye Endpoint Security an eight out of ten.

We deploy the solution on-premises but we have the roadmap to migrate it on cloud. Initially, everything was on-premises, but we are moving to the cloud, which will be our first cloud migration.

The seamless deployment is very valuable.

The quality of the dashboard could be improved, and the central monitoring dashboard needs improvement. At first, we thought we were getting multiple views. One was a wholly summarized view, and the other was a more detailed view of an endpoint device. Digging into one device's detail is sometimes difficult. Additionally, the granularity of reporting can be improved. The next release could also include an extended mobile connection for the solution.

We have been using this solution for approximately four months.

The solution is stable.

The solution is scalable. Maybe in another six to eight months, we will scale to around 5,500 because we are recruiting more people, so the number may increase.

I have not had any experience with customer service and support.

We previously used Trend Micro. When we were deploying Trend Micro, we faced a lot of difficulties. When we acquired Trend Micro, we had no endpoint security so we had to remove an endpoint and deploy Trend Micro. As a result, deploying Trend Micro was very painful. There were frequent failures in the automatic script that Trend Micro had provided, and it took us about three and a half months to completely cover around 4,000 devices. At the same time, McAfee's deployment was seamless. There might have been an issue, but those issues never escalated. With Trend Micro, the issues escalated frequently.

We switched because of the distinction in scalability, Bluetooth and support. Additionally, one of the reasons we replaced Trend Micro was that we were raising a support ticket every month, which was embarrassing for us. We were losing five to seven tags. PSEs and the response to those PSEs were not satisfied every time.

I rate pricing and licensing a seven out of ten.

I rate this solution an eight out of ten. The solution is good, but the dashboard quality and granularity of reporting can be improved.

McAfee MVISION is security for integrated VMware and OpenSite cloud solutions.  

McAfee is fine as an endpoint. We are offering the product to clients for data protection. It is not about this being a reactive solution like a firewall. There should be a shield of gateways, wherever possible, whenever this security solution can be implemented.  

The biggest problem we had with this product was when the DDoS (Distributed Denial of Service) did not respond well to a threat. We experienced one virus attack that the product did not catch. I do not know the exact CDC (Communication Device Class) details. That time, we did an analysis, but the systems crashed. We could not even access the infected file servers.  

Because we could not access the servers in that attack, we could not even remove all the threats. Eventually, what we had to do is find out which servers got infected and then we had to roll back those servers to a previous backup. It left us in a little bit of a vulnerable situation. It ended up not being what we hoped for in an endpoint solution.  

Because McAfee was infected, other endpoint protections were also affected that made the situation more difficult to resolve.  

Improvements that I would like to see in MVISION would be to provide some additional features for the cloud to make their product a one-stop solution. For example, every organization is going into hybrid-cloud. That may allow part of a solution on-site. That can be part of multi-tier platforms and would be more flexible.  

What they can do is offer more in order to be a leader in innovation for different architectures rather than for enterprise only. For example, the endpoint security product uses every desktop like service. They have the features for the hardware detection and the platform access, then on the application layers. These three layers are a part of the firewall. So these are the firewall and then there are other things they could be offering as a single source to create a more secure environment as a proactive solution.  

This is something that definitely could be improved, especially with intrusion detection and intervention. It is very important to do more to cover the security of these more invasive practices. So, they could improve things with a web application firewall, and improve intrusion detection and prevention. Those should be the key areas which they are focusing on right now to improve the utility of the product moving forward.  

If you have a look into the Gartner report, there are many companies that are making advances in this category of product and it means competition for McAfee.  

I have been using this type of product from McAfee since about six years ago off and on.  

I think it is a stable product. It needs to be more robust in identifying threats.  

It is a scalable, of course, as it is designed for enterprise use. It is scalable unless you do not configure it correctly and try to work with it without knowing how to do it.  

We have been in touch with the McAfee technical support. They also struggled with a problem we had with an infected server. I was involved in the contact with McAfee at the time when trying to resolve the issue. Ultimately, they did not have any solution for the problem and we ended up rolling back the server. In all that is a bit of a problem with the product and the technical support. Neither were optimal.  

The installation and implementation are the easiest parts of using the product. The real difference comes in how you want to optimize the performance. That is the key. Otherwise, implementation is not challenging.  

By optimizing the performance, I mean that you should not change the function of the basic purpose of a security product. If it is a firewall implemented on the network, that product should be providing the service without excessive expense or resources in performance. We are looking at the cloud solutions in the same sense. There can be performance concerns for products on the cloud. It is a known factor.  

Then the second point is all about the features and configuration. The question is about configuration management using tools on the cloud platforms. You may be using multiple clouds. You have to be sure you can configure it so the product remains secure across platforms. Security solutions should also focus on providing that rather than forcing users on to different products and having to manage multiple solutions.  

The deployment for McAfee MVISION Endpoint, after everything has been considered and all of the points have been taken into account, takes some time. Say we have got around 3,000 to 10,000 servers. The type of configurations can be critical. If the client provides a rule-based requirement, we have to go with their requirements. Depending on what needs to be configured, this can take more or less time. Each of the servers will take a certain amount of time to do the implementation. So the time estimate for the implementation has to include the customer requirements. Analysis has to be completed for each unique need.  

The maintenance is looked after by the client. It should not take more than five to six team members, even if we have a client with 3,000 servers. That is the number of people that we would expect once the product is properly organized and implemented.  

That should not be considered just an eight-hour per day effort. It needs to be serviced around the clock because the servers do not sleep. Deployment of people to maintenance teams is important.  

With the installation complete, the configuration done, and the maintenance team in place, using the product is all about monitoring it. A lot of intrusion detection is getting automated now, but not everything will be. Someone has to take some time doing analytics with the logs.  

We try to configure the solution to sort out many things. We have to work with what the client is expecting and configure for that level of load and to get proper alerts. The configuration will probably be ongoing as a part of maintenance and review.  

MVISION is intended as an enterprise product and it is priced like one. That is what I can say about the pricing. Enterprise organizations will be able to make the expenditure and it will not be practical for most smaller organizations. This solution is within the price range of competitors at the enterprise level.  

We definitely evaluated other products and continue to. We have to put our case forward for justifying our products and solutions within our company and with our clients. It has been an experience with the POC. Whatever the product and features, the cost-benefit analysis has to be taken in terms of leaky security. That may not matter for certain situations and products, but from our testing and experience, it will definitely matter for this product right now.  

Our company has to make a decision about whether they have to switch to a different product internally. If we try to become a partner with a certain company and begin to resell that to other clients, we can get a better price in a negotiation. This may affect the product we end up using.  

We definitely need to explore a lot. In this case, it will take a lot of time to consider the benefits of various products and cost-benefits.  

My advice to people considering this solution is that they should take a look at it. As of now, that is all I can say. I was not focused on working with all of the products within this category and, after a long time, I am working with them again. Just these last three or four months, I am back into evaluating the security solution sets more rigorously.  

I am not biased at this point and have to leave the possibilities wide open in order to make a good recommendation.  

On a scale from one to ten where one is the worst and ten is the best, I would rate McAfee MVISION Endpoint as a five to six in a range of ten. The rating is not about the product being perfect, I am not rating it too high because the things that are missing are things that really should be a part of a superior endpoint solution already. They have so much to work on as of now with this product that it seems to be lagging behind. With their experience in the business, they should know these things are important. If you look into the other competing products of whatever brand, the competition has already released identity and access management. The new organizations in the category are coming into this field with all the latest innovations. As more of them do, they will create a challenge in the marketplace. McAfee is lagging a little behind and not moving quickly to keep up.  

The features we have found most valuable have been containment as well as the ability to triage agent activities.

The way that signatures work when using this solution could be improved. They could be more user friendly. We would like the ability to select a client's signature from a menu or file share to save time. 

FireEye allows three releases per day which are automated. If the automation fails for some reason, the release fails. FireEye does not allow manual releases. This is why we are moving away from using this solution. 

This is a stable solution.

This is a scalable solution. 

The customer service is good. 

Neutral

I have previously used Symantec at a different company. I think Symantec is the best solution overall. 

The initial setup was quite complex. It took three months for us to roll out the solution. 

The suitability of FireEye for a business depends on the business itself. 
I would rate this solution a seven out of ten. 

We are a reseller and McAfee is one of the security solutions that we implement for our customers.

The cloud-based security and data protection features are essential for the work from home set up, because of the pandemic.

Some of the most valuable features of this solution are the ePO, centralized management, single control, and ease of management. 

The agents are easy to deploy.

For McAfee, as long as you have ePO it is easy to manage.

It integrates well with other solutions and I like their CASB and the Web Gateway, their cloud security.  Most of our clients are migrating to the cloud and they are evaluating cloud security solutions and data protection.

Endpoint resource utilization causes high levels of instability and that is something that needs improvement. Our clients are concerned about how it can affect their endpoints and do not want the CPU overburdened.

I have been working with this solution for four years.

The stability is good.

This is a scalable solution. Most of our clients are enterprise-level companies with 10,000 users.

My personal experience with technical support is limited, but we have a good working relationship with them. In the four years that we have worked with McAfee, we have found that the people behind this product are easy to talk to. No matter how complex the problem is, they will help you to better understand it.

Overall, I feel that their support is good.

The initial setup is straightforward and it is easy to configure.

The pricing is mid-ranged and quite reasonable compared to other similar products.

Being a reseller, we handle many different endpoint products and have evaluated several of them. When comparing to Symantec, for example, McAfee is better in that they have multiple agents and multiple consoles. We also work with CrowdStrike and Cylance.

Some of our customers prefer McAfee because they started with an on-premises solution, which is a good thing. Not every company is cloud-ready, yet. Some of them have hybrid configurations, where they have on-premises protection as well as cloud-based protection.

Price-wise, McAfee is less expensive than CrowdStrike or Cylance, although not as cheap as Kaspersky or Sophos. I would say that it is reasonable, for the feature set.

We have been working with McAfee for four years and the sales and support have always been good. It is not difficult for us to handle McAfee because they have always worked well with us.

I think that this is a good option for people working from home because it is easy to implement and deploy the agents.

My recommendation for anybody who is implementing this product is to have VPN access set up, adding to the security, especially when working from home.

I would rate this solution an eight out of ten.