Trellix Network Detection and Response

I mainly use Trellix Network Detection and Response  to find zero-day threats, malware, or anything malicious on our clients' endpoint devices.

I can give you a specific example of how I used Trellix Network Detection and Response  to spot something malicious. Such a scenario is when a user using a client device logs in to a Tor browser and is using the Tor browser to surf something malicious. On the dashboard, we used to get the alert for the same and we used to investigate from there by looking at the IP, the source IP, the destination IP, and how it is landing on the Tor browser and what the user is doing. We could do all of this with that.

Trellix Network Detection and Response offers threat detection and prevention ability, the ability to find zero-day threats and malware, and anything malicious which has affected an organization. It is very easy to detect. Trellix Network Detection and Response has an MVX engine which is the most effective in handling scenarios such as APTs. Trellix Network Detection and Response also provides essential defense by automatically responding to network incidents that the firewall may not catch. There is also real-time visibility into network traffic and it integrates well with other security tools. It offers automated response features that significantly reduce the incident response time.

The MVX engine helped me in my day-to-day work. We recently gotten used to the workflows for the known false positive alerts. It definitely helped us reduce a lot of time with the auto-closing alerts and the detections that we had. It directly helped in reducing the SOC fatigue.

Trellix Network Detection and Response has positively impacted my organization by significantly reducing the time to detect as we also were experimenting with the automation systems. There were zero detection things and then there was better monitoring. The application filtering as well surpasses the firewall. It increased our ROI for the company from a sales perspective.

I can share specific outcomes or metrics regarding Trellix Network Detection and Response. Per day we used to have 70 to 80 alerts and those could be reduced up to 40 to 30 a day. This is almost a 40 to 50% decrease.

There are many ways Trellix Network Detection and Response can be improved. Trellix Network Detection and Response needs to reduce the alert noise because even after a lot of filtering, there is still a lot of noise which needs to be tuned by the industry vertical. Trellix Network Detection and Response needs to deepen the cloud-native support with parity between on-premises and cloud deployments. Trellix Network Detection and Response needs to improve threat intelligence depth as Trellix Network Detection and Response is not known to have the best signatures or the AI-supported intelligence that competitors may have.

Trellix Network Detection and Response also needs revamped documentation because we had a lot of issues trying to find the syntaxes for all the rule-making. We had to search a lot and Trellix Network Detection and Response does not really help with their documentation, as it only covers basic information. The customer service is not that good. Trellix Network Detection and Response needs accelerated customer support to reach out to the top-level heads. Most of the time we are just stuck at the ground level talking to their customer support team, and they are not able to help us because we usually need to connect with the engineering team to help us out with the specifics.

I have been using Trellix Network Detection and Response for around 1.5 years.

Trellix Network Detection and Response is somewhat stable but there is a bit of downtime sometimes during the off-hours which definitely impacts our night shift. Other than that, there is nothing.

Trellix Network Detection and Response has good scalability, but since it is a legacy system, it was a bit difficult to pair with the other systems. The connectors were always out of sync and we have had multiple noise floods from these connectors which were not configured well. This was from the Trellix Network Detection and Response developer side and we could not get them to fix it on time. That is why our analysts were suffering with the noise.

Customer support for Trellix Network Detection and Response is not that good. We were trying to connect to the engineering team of Trellix Network Detection and Response while we were just stuck on a loop with the customer support team who were not basically helping us. They were constantly relaying our message to the engineering team and the engineering team was looping that back to them and then to us. It was a big hodgepodge basically.

We previously used Defender before Trellix Network Detection and Response and we switched because the client actually wanted to switch to something more affordable.

I have seen a return on investment with Trellix Network Detection and Response. There was definitely a good ROI involved with this. Not from the people side because there was still a lot of alert noise from Trellix Network Detection and Response, but definitely the time was reduced because of the automated detections plus the money factor as I believe Trellix Network Detection and Response offered a much cheaper plan compared to others.

My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response was fine. This is above my pay grade as I am just an associate and I deal with the alerts and detections and the fine-tuning of the rules. This is more towards the sales perspective of it which I was not involved with. But I am sure the ROI was definitely fine for this because we were using this tool for three years.

Before choosing Trellix Network Detection and Response, we evaluated Palo Alto and CrowdStrike.

I do not have any advice as such about Trellix Network Detection and Response, just would suggest it to those who are looking for an affordable option because there are a lot of things that other tools do better, but Trellix Network Detection and Response is a bit cost-effective, definitely. My overall rating for this product is seven out of ten.

I am working with Trellix Network Detection and Response  as part of my overall experience with these products today.

Trellix Network Detection and Response  is used for threat and response use cases for my clients. The solution correlates telemetry data from the endpoint or security solution, providing a single click of workbook and workbenches in the console for best visibility of root cause. After reviewing the workbenches and workbook, I create the playbooks accordingly, severity-wise.

The threat intelligence feature is helpful for full threat investigation. When I receive major detections from Trellix Network Detection and Response, I initiate some queries from the threat intel, and the threat intel shares with me the verdict and threat severity, which can be critical or high.

Forensic analysis is helpful because I need to collect some infections from infected machines. I first need to determine what the initial root impact machine is and the impacted network. It helps determine where the threats are coming from, and the forensic insights assist in this investigation.

As a partner of Trellix, I believe the biggest advantage of this NDR solution is that it integrates with the network side. After that, it collects all traffic for the threat capability of Trellix Network Detection and Response, such as lateral movement and C&C callbacks. Ransomware detection allows me to initiate and analyze the logs for the threat model of Trellix Network Detection and Response, then it will respond.

I am working with the threat intelligence feature for threat intelligence and threat queries, and I review through the threat intelligence.

It is effective for Trellix Network Detection and Response to integrate with other security products. ePO integrates for some security solutions such as Microsoft. There is the capability of third-party integration and ingesting the telemetry from the security solution, showing me the workbench workbooks.

Automated responses help me minimize security threats with the playbook creation and automation.

Detailed forensic analysis helps me understand network threats in general.

Trellix Network Detection and Response solution is easy to scale. I need to integrate with the main core switch, and after that, it helps with the port mirroring for threat detection.

The negative aspect is support. When I need urgent support from Trellix, there is a response after four hours or three hours, which is my main concern regarding the negative point of Trellix Network Detection and Response. Support is the only disadvantage I see.

I have been dealing with this product for around six years or more.

I am not facing any challenges of downtime at this time.

For support, I would rate it seven.

There is a difference when comparing Trellix Network Detection and Response with other competitors. For instance, Trend AI is not capable of the APT security provided, but Trellix Network Detection and Response gives us the APT solution.

I would say deployment is easy.

It is a money-saving solution, and I see ROI here.

The price for Trellix Network Detection and Response is reasonable. The pricing is reasonable, and I do not need to bargain with Trellix or customers.

I am dealing with two major vendors today, and I am still working with all of them. I work with Trellix Network Detection and Response as a reseller, and I am both a partner and a reseller selling it. It shows me the threat vector. I am not sure which feature should be added at this time. I am working on both solutions, on-premises and on cloud. I deploy on Trellix Cloud Workload Security . I have not worked with anything from AWS Marketplace  right now. My review rating for this product is nine out of ten.

My main use case for Trellix Network Detection and Response  is providing support for our customers, and one of our customers has Trellix, so we had to provide monitoring or specific XDR  tools for that customer, including Trellix, Crowdstrike, and many others.

A typical task or incident I have handled using Trellix Network Detection and Response  demonstrates that it is a very good tool for XDR , very comfortable to use, and extremely easy to use, making it one of the best XDR tools.

The best features Trellix Network Detection and Response offers include very good threat detection, and I believe that it is one of the best XDR tools. For example, ePO and XDR components are very comfortable and similar to many other tools for this type of monitoring, and I have received very good feedback for this tool.

What makes Trellix Network Detection and Response stand out for me compared to other tools is the way you can detect threats. It is very easy and comfortable to use, and the detection shows clearly on the screen, which is very easy to understand.

Regarding the features, I think that the integration with other platforms is very comfortable with the customer because we can integrate it with any switch or firewall, and it is comfortable to add this tool.

Trellix Network Detection and Response has positively impacted my organization as I have improved my knowledge about detection and response. I have already used some other tools such as CrowdStrike and Umbrella , but Trellix is one of the best that I have tested.

I believe that for my organization, Trellix has helped a lot with detection and supported our customers effectively.

Trellix Network Detection and Response is a great tool that integrates with a lot of security tools such as Palo Alto, which is a good firewall. If you have these types of tools, your organization would benefit greatly.

I would like to see in Trellix Network Detection and Response more explanation about some details of the threat, and I wish it had more actions that you can take to contain the host or move it somewhere else.

I have been using Trellix Network Detection and Response for a couple of months, possibly around six months, and I believe that it is a good tool and a very good XDR tool.

Trellix Network Detection and Response is stable in my experience.

The scalability of Trellix Network Detection and Response is very great.

The customer support for Trellix Network Detection and Response is great.

I previously used another solution, but Trellix was my first XDR tool. Then, I used CrowdStrike and Umbrella .

I think my comments about the return on investment are the same that the customers think.

My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response is very great.

I did not evaluate other options before choosing Trellix Network Detection and Response.

My advice for others looking into using Trellix Network Detection and Response is to remember the actions that can be added for the SOC team. I would rate this review as a nine out of ten.

The primary use case for Trellix Network Detection and Response  is network intrusion detection, which is crucial for protecting environments. It helps secure networks and defend against phishing and other attacks created by the networking sector. We use the solution for detection and forensics investigation, reporting incidents such as the source and network path of attacks.

Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch. When users break firewall rules, the solution identifies affected areas for immediate action, helping determine the actual reason for attacks. Its ability to report incidents like network paths makes it invaluable in securing the environment. With eight years of experience, I can attest that Trellix NDR is effective in detecting and protecting networks.

The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would help in network detection response. Networking often involves complexity that could be simplified. More visibility in the dashboard would help in quickly identifying and responding to incidents. Additionally, there should be improvements in AI intelligence, faster decision-making, and a more responsive technical support team.

I have been using Trellix NDR for approximately eight and a half years.

Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents. There is a need for technical expertise, specifically in device control and DLP  issues.

The initial setup of Trellix NDR has some complexities, particularly when dealing with big organizations' network design and path.

While I do not handle pricing directly, it is known that there is a variety of customers with different licensing needs, which depends on the organization's size and policy.

Currently, I would rate Trellix NDR as an eight out of ten. There are various opportunities for improving its response capabilities and dashboard visibility to quickly address incidents, which could improve the overall effectiveness of the solution.

The tool helps to reduce client risks.

Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days.

The solution's support needs to improve their support.

I have been working with the product for two years.

The tool is stable. However, it has some monthly limitations.

Trellix Network Detection and Response differs from other products due to its integration.

Trellix Network Detection and Response's deployment is easy and can be completed in a minute.

My team helps with the tool's deployment.

I would recommend the product to others. I rate it a nine out of ten.