Trellix Endpoint Security (ENS) Reviews

We want more protection for our servers. We would like to know if a real incident or something compromising is happening. Therefore, we have deployed this EDR solution.

The exploit guard and malware protection features are very useful. The logon tracker feature is also very useful. 

They have also given new modules such as logout backup, process backup. We ordered these modules from the FireEye market place, and we have installed these modules. We are currently exploring these features. 

The Linux support is very poor. I use base detection. Currently, they are providing malware protection and logon track features in Windows and Mac. These features aren't available in Linux. It will be helpful to extend these capabilities to Linux.

We would also like assets grouping and device lock protection features, which are included in their roadmap.

We have been using FireEye Endpoint Security for the past two years.

The current version is more stable than the previous ones.

It is easily scalable.

My experience was 50/50. Sometimes, it was good. Sometimes, they took some time.

We were using McAfee AV. We switched to FireEye Endpoint Security because we had some performance issues with McAfee AV. We are not facing those issues with FireEye Endpoint Security.

It is easy to deploy. It took us a month to deploy. 

Deployment may take more time based on the architecture and the environment. With some vendors, it took us some time to analyze because there were things that we wanted to monitor, which depended on the production. Therefore, we installed it step by step, not in one step at full force.

If you are deploying on Windows or Mac, there will be minimal issues, and you can go for this solution. With Linux, you need to understand a few features. What you expect from Windows and Mac is not available in Linux. If your main technologies are open source, then probably rethink about FireEye Endpoint Security. You can go for FireEye Endpoint Security after they have the same capabilities in Linux. Most of the features are there in their roadmap.

We mostly faced issues with Linux support. In the past, we also had issues related to communication between an agent and an endpoint where they didn't communicate, the communication got stopped automatically, or the data communication time didn't sync properly. In the later versions, they improved and resolved these issues.

I would rate this solution a seven out of ten. It's gradually growing, and a few features that we require are not there. If these requirements are satisfied, I would rate them nine or ten.

FireEye Endpoint Security is positioned as an Endpoint Detection and Response (EDR) product. 

We are a distributor of the FireEye product. We offer a combination FireEye package. We offer the product in many sectors, like banking and government.

We use the latest version.

We offer it in a private cloud model for our customers who want to build a security operations centers in their environment.

The most valuable network security feature is the network sandbox solution. This sandbox feature works on traffic flow. Detects multi stages attacks based on MVX analytics engine which detects zero-day, multi-flow and other evasive attacks with dynamic, signature-less analysis in a safe, virtual environment. It stops infection and compromise phases of the cyber-attack kill chain by identifying never-before-seen exploits and malware.

It has capabilities like machine learning and endpoint protection as an antivirus.

The investigation and forensic analysis have been most helpful.

They could use a Host Intrusion Prevention System (HIPS) and application control module.

If you have another endpoint product running on the same machine, you have to fine tune functions from FireEye to avoid performance and user experience issues.

It is stable. There are zero false positive solutions, not like other solutions.

We plan to increase our usage.

They have a strong technical support.

Before FireEye, we used McAfee Endpoint Protection and Trend Micro.

The setup was straightforward.

Our deployment and implementation strategies have to remain agile. Every customer requirement is different. Some implementations require a direct connection and so it will take, for SMB customers, a day more or less. For larger enterprises according to the distribution and the need for more trenches with lots of internet gateways, it could take up to five days. E.g., the deployment could take two to three days with 500 users.

Our technical team does the implementation.

We require two to three people for deployment and maintenance.

The current pricing is much better than before because they now offer product-related promotions along with some changes in product licensing. The new pricing model is better than before.

It is a yearly subscription-based product, which includes the license and hardware. There is also a subscription for technical support up to five years.

It is inexpensive with a competitive price.

We also looked at Palo Alto Networks Traps and Trend Micro.

It offers protection from the latest threats.

The two primary use cases are towards the process monitor and malware detection for APT (Advanced Persistent Threat).

FireEye Endpoint Security has improved our customers' organizations. Before a customer was with us, they may have worked with Windows Defender. This is for suspicious activity. Then they implement the next solution that is for network monitoring. With that, they deploy the EGX for info security. Now, with these components, they have a lot of visibility on their network and endpoint activity.

The most valuable feature that my customers have found with solution is the capacity to collect all the information for forensic analysis purposes.

In my personal and professional view, I think the reports need more development. They need more details on the reports and more details taking the executive view into consideration.

These reports contain the information that is gathered at the intake solutions. They are more geared for the technician and I think they need more executive information because it is important to talk to the main executives, and for them to see what is happening related to some of those suspicious activities.

I have been using FireEye Endpoint Security for something like 4 years.

In terms of stability, we have had some issue related to the deployment and hardware requirements, because most customers need to revalidate all those requirements. For example, if your deployment was on a hyper B environment, we don't know their server. They decrease in the performance of the appliance because in some cases, the requirements are not specifically stated, including the CP or reserve for those components. For example, I may define that the memory requirement is 16 gigabytes with a specific machine build.

FireEye Endpoint Security's scalability is awesome. I think it is one of the best on that front. This is because many of its steps are related to the optimization of whole the process, it's ratings and solutions with mail, social network, input solutions, and next generation CMM like Kellogg's. All these are on the single platform called FS. I sold a lot. You can see its integration with print solutions. That's very amazing.

We have companies with a lot of endpoints. We think we have something like 4000 agents and 2 main appliances.

Technical support is really great. The support is generally very fast, responding within one day.

The main deployment is very simple because it's related to the deployment of an OVA file. The physical deployment is no problem.

But the deployment needs some special knowledge about the quick console.

Deployment tales about one week or less.

If you compare your solution without the antivirus solution, and the price of the agent, it is a little bit expensive. But when you learn more about the value of forensic analysis, you will pay those costs. The price is expensive compared with other solutions, with the competitors. But it is really fast and really flexible and the user can research the information.

I think they checked out Kaspersky as well.

I would recommend to check how they might pull reports. For example, where the customer modes fall because it's an independent investigation related to an IP.

On a scale of one to ten, I would give FireEye Endpoint Security a ten, because it's the only good option.

We are a solution provider and McAfee MVISION Endpoint is one of the products that we implement for our clients. Our clients use it to help manage their security.

The most valuable feature is user-based policy provision. It allows for greater granularity.

Our clients use the VPN to create secure connections to their servers.

A policy-editing console should be added.

Having automatic updates would be helpful.

We have been dealing with this product for about two years.

We are completing two deployments each week and I don't have any comments with regards to stability. I would say that it's stable enough.

We have about 20 clients who are using this solution and it is easy to scale. I would estimate the number of users to be about 400.

McAfee has good support and they are very responsive.

We deal with endpoint solutions from several vendors including Sophos, Symantec, and CrowdStrike. We are still using Symantec in parallel with McAfee.

The capabilities of these products are similar and the real difference is in the support. McAfee has the best support nowadays, as Symantec takes too long to respond.

The initial setup sometimes has to be done manually because of issues with Active Directory. That said, it is not normally complex. Complexity can come from using export files because McAfee does not have a policy-editing console.

One of the recent deployments we completed required three of us 15 days. This including training people in different locations.

We implement and deploy this product for our clients.

Licensing fees are billed on a yearly basis.

I would rate this solution an eight out of ten.

We use McAfee MVISION Endpoint to protect our environment.

I am satisfied with this solution.

The performance is good. 

I would like to see more automation.

I have been working with McAfee MVISION Endpoint for at least ten years.

McAfee MVISION Endpoint is a stable solution.

In our company, we have 650 users.

At this time, there are no plans to increase our usage.

Technical support is good.

I did not complete the installation myself.

We have a team of five to maintain and deploy this solution.

I had some assistance from a technician.

Licensing fees are paid yearly.

We are currently, exploring other solutions.

I would recommend this solution for others who are interested in using it.

I would rate the McAfee MVISION Endpoint solution an eight out of ten.

The most valuable feature is the integration between environments.

Something that needs to improve is the interface. I would also like to see simple processing and reporting online. 

The stability of the solution was not very good.

We had some issues with the scalability but it was taken care of. It can be improved, however. 

I will rate this solution an eight out of ten. In the next version I would like to see an improvement in the scalability and stability. 

I used it in my previous company. From an end-user perspective, I was the manager of the Cyber Defense Center that was in charge of the whole deployment and daily operations. I was using it as a Site Media Operations Manager.

The response part of EDR was most valuable. We used that to separate the endpoint from the network. We utilized the solution during the instant response. We were also utilizing advanced malware detection capabilities, but we benefited the most from its help with the response.

In some cases, the detection part was not accurate enough. We opened a few cases for the vendor to help us with some miscategorized findings on the endpoints. There were some false positive detections, and we had to work with the vendor to get them tested. We even had some incidents that were not detected. It was a black box type of solution for us.

I used it for one year. 

I have no complaints. I would rate them a five out of five.

It was a new deployment. We previously didn't have any similar solution in that company.

It was pretty straightforward. Its deployment took half a month. It was quite a big deployment. We had quite a lot of end-user devices. We deployed it for 10,000 devices. We had around 20 security operations staff members at that time.

It was driven by an in-house engineering team, but we leveraged some integrator companies as well. We had three members in the engineering team who took care of the deployment and everyday operations. During the deployment phase, we got help from integrators. So, we had two additional FTEs during the six-month implementation period.

In terms of ROI, if one is the best, I would rate it a two out of five. We had some false positive detections. We even had some incidents that were not detected. We did not get the expected level of visibility through FireEye.

It was an annual fee. There was just one overall fee.

It was a very hard decision to make. We did a comparison with some other competitor products. One of them was Palo Alto Networks Cortex XDR, which was the biggest competitor at that time. We even checked Microsoft ATP and McAfee. So, we compared a couple of products before selecting FireEye.

Organizations trying to or going for the FireEye solution should understand that they won't be able to see under the hood or what is happening within the product. FireEye is quite a black box solution. Understanding why certain findings got a particular verdict is not easy. If you want well-automated operations and you don't have an advanced operations team that wants to check the verdicts and understand how the product is working and making decisions, then it is good for you. If you have proper engineering skills on board and your operations teams want to understand the basic logic within the product that they are using on a daily basis, this might not be the best product for you.

I would rate it an eight out of 10.

We primarily use the solution for security. We use it to detect threats and cyber attacks.

The product is easy to use.

It's a stable solution with good performance. 

The scalability is good.

The installation process is very straightforward.

We would like to solution to offer better security. 

I've been dealing with the solution for years.

The product is quite stable. The performance has been good. There are no bugs or glitches. It doesn't crash or freeze. We find the product to be quite reliable.

The solution is capable of scaling. It's not a problem. We have the solution on around 300 endpoints. 

We have around 150 to 160 users on the solution currently.

We do plan to increase usage in the future.

I've never contacted technical support. I cannot speak to how helpful or responsive they are. 

It's not a difficult solution to set up. It's pretty straightforward and simple. 

I don't recall how much time did it took. It was one of my team members that actually was occupied with the task. It was a while ago as well. I don't know anymore.

We worked with external consultants. I don't know exactly what the scope was, however. 

We bought a four-year license for the product. We're under a contract with them for that amount of time. 

We did not evaluate any other EDR products before choosing FireEye. 

We are just customers and end-users of the product. We don't have a special business relationship with the company. 

I'm not sure which version of the solution I'm using. I don't know the version number off-hand. 

I'd rate the solution at an eight out of ten.

I'd recommend the solution to other users and organizations.