Trellix SecOps and Analytics

I am a presales manager for a cybersecurity company, and I use Trellix Helix to manage software for cybersecurity. I sell software to enterprise customers, and my main use case involves data protection, email security, and endpoint security.

One of the most valuable features of Trellix Helix is its AI capability for the XDR platform, enabling me to reduce the time to resolve incidents. The software correlates data from the security environment and allows searches in natural language. It is crucial for enterprise companies worldwide, not just in the United States. Trellix Helix offers more than 400 connectors for integration and supports both small and large environments.

I have just released this solution to the market, and my customers' response has been great. While Trellix Wise is seen as a top vendor with its AI implementation for accelerating incident investigation, there have been some support issues due to a recent fusion and merger in the company, which could be improved.

I have been working with Trellix Helix for two months.

The stability of Trellix Helix is really good. Although there have been some incidents, these were related to support issues rather than product instability. My solutions need to be highly available because they are critical for my customers.

The scalability of Trellix Helix is impressive. I support the largest companies in the world, and the solution is not just restricted to small or medium businesses. It can scale to support large environments.

The technical support for Trellix Helix is rated four out of five. Despite the ongoing transformation due to a fusion and merger of the company, the support could be better as there have been some challenges with staffing and information.

Positive

The initial setup of Trellix Helix was rated nine and a half out of ten. Although no software is ever one hundred percent, my experience was good and easy to use. The installation process is simple with straightforward configuration.

The price of Trellix Helix is competitive in the market. It is not the cheapest but also not the most expensive. As for additional costs beyond standard licensing fees, there are none.

I advise moving quickly to adopt Trellix Helix to improve operations and get faster response times for incidents. I rate Trellix Helix overall ten out of ten.

Hybrid Cloud

Other

It helps prevent web security threats and other things.

We use Trellix ePO. We also use Trellix Endpoint Security and DLP encryption.

We are currently integrated with fewer security devices. It helps us understand deductions and analysis and provides collaborative input as a first priority. 

We are able to block some advanced malware and other things. I think we use the appliance-based Helix.

It helps us detect some advanced malware. That's one of the major advantages. We also have some automated collaborations enabled internally. So, if there's a new attack or alert, we have visibility on it.

However, we are not experts in automation, but we do get some automation in the Trellix product. We want to test it further.

Trellix needs to address the price for the product to be more appealing to customers. 

It has been anywhere between six months to a year. 

I would rate the stability a nine out of ten. 

I would rate the scalability a nine out of ten. The scalability is good. 

It's proper support. So no delays. They always respond on time and the responses are informative.

Positive

We chose Trellix among the variety of products on the market because other vendors support cloud-based threat intelligence, requiring us to interact with the cloud. 

With Trellix Helix, we have on-premises offerings and we are able to collaborate on our logs within our premises. We don't want to send data outside our organization because we support banking customers. We can maintain everything internally.

If you understand the concept of Trellix Helix, it's easy to deploy.

It took a couple of days. We haven't integrated it with any solutions yet. We just have some minimal solutions that need to be integrated. If we have any issues in the future, we'll let you know.pen_spark

There could be some financial benefits, but we are focused on security and threat prevention, not the financial aspect.

It could be a bit expensive. I would give it an eight out of ten, with ten being expensive. 

I recommend Helix. I have a good experience with it. If I get a POC, I can easily give it to the customer and evaluate it.

The solution is stable and addresses advanced malware. It's also easy to access support in India.

Overall, I would rate it a nine out of ten. 

On-premises

We work for a company that provides secret services related to XDR and NSS. We offer the Helix solution to many companies in Brazil. We manage the implementation and provide solutions to our customers. We are a Helix service provider for ten companies in Brazil.

We have started working with various customers, one of whom is particularly concerned about adjacency. We have identified several use cases where automation is possible. However, we face challenges with FSO tools, regarding integration versions. For example, our platform uses API V2, while Cisco uses V3 in some integrations. This has caused issues with professional services.

We are currently working with a provider where I need to send a lot of reports and queries to my customers. Instead, I create reports manually and provide customers with information about the solution.

We often rely on Martins to create logs and provide professional threat services rather than basic support. However, accessing these services can be inconsistent. Sometimes, responses are quick and valuable, but other times, they are delayed. For example, I've waited up to seven months for Martins to resolve an issue with Azure WAF in Helix. It can also be challenging to get timely responses from partners regarding updates and new features

When we undertake projects to install Helix, initially, our company had all the logistical information needed from the installation guide. However, there are details not included in the manuals that we sometimes discover only through direct communication with Trelix experts. This process has become more manageable over time, but initially, we encountered significant challenges, such as issues with connectors, which handle different log formats. These discrepancies weren't clearly outlined in the manuals and caused delays.

For instance, it took about a month to deploy components like SSO and group collection for our customer's infrastructure. Each deployment involves specialized roles—one focusing on connections and another on development and automation with CFA. With these two roles, we can effectively implement Helix.

When the merge of the companies start to use some about the price of the issue. We are using the FSO and security administrator.

I have some case of sources with some customer that returned with some a big security and and can resolve with some attacks.

I have numerous advantages with ten client customers who use our services. We have a dedicated team working directly with the Helix system at PeerSpot within our company, providing maintenance and generating reports for our customers.

The solution offers extensive platform visibility, event tracking, and integrations. While we explore other integration possibilities like CNA, we haven't found a comparable solution yet. Integrating with other vendors and multi-platform environments presents challenges, especially in ensuring API compatibility and staying current with integrations.

I strongly recommend Helix to our new customers for its capabilities and reliability.

Overall, I rate the solution a nine out of ten.

We use Helix in a very restrictive environment that doesn't allow solutions to be connected to the cloud. Some solutions, like CrowdStrike and some XDR solutions, need to be connected to an external cloud. The same goes for Trellix, but with Helix, we have one option. 

If we need DDI feeds or IOC feeds from vendors or customers, Helix will provide these IOCs via DDI push from Trellix to our side, even if we haven't faced any incidents.

It's very easy to integrate Helix into IT workflows in general, especially if you have the original system. If you have the full portfolio from Trellix or solutions that integrate easily, like XSOAR or some buckets of vendor flow or vendors like Kaspersky, then we won't be facing many problems. 

I have worked on implementations with Huawei and IBM QRadar. Now, when it's a Helix operation. Sometimes, I remember that IBM told me to open a request for enhancement from both sides, Huawei and IBM, which, until now, hasn't happened. These tickets have been open for about three years. That caused the customer to replace Huawei with a Cisco engine to make the integration very easy. 

I am aware that Helix is investing in the development to enhance its solutions. I already attended multiple webinars regarding cybersecurity solutions from Trellix's cybersecurity solutions. 

However, I’m not sure if it can integrate with other vendors like IBM’s EDR or cloud-based solutions. But as far as its core functionality goes, it’s spot-on.

Enrichments. It's all about enrichments. Helix is a robust solution.

Helix, it's a good solution. Since management, I've been working with the team; I like the Helix ecosystem.

There is room for improvement in the integration capabilities of third-party tools.

It has no problem connecting all solutions to Helix. Right now, we only connect one of Trellix's appliances to the Helix solution, the EDR solution. That's it.

We faced many problems regarding integrating some with Helix or integrating the ITSM with Helix; the system refused that. 

So, it depends on the customer's environment and regulations. 

I have been using it for one and a half years. 

In terms of stability, I’d rate it a strong nine out of ten, where ten is the most stable. Very reliable overall.

Since I haven’t worked with Helix extensively, I can’t give it a perfect ten, but I’d rate the scalability of this solution an eight out of ten. 

For small businesses, they might not initially opt for Helix. Instead, they often choose solutions like Kaspersky antivirus or EDR SIP. 

However, for medium and large enterprises, Helix is a solid choice. I’ve also heard that big customers tend to prefer CrowdStrike and Fidelis.

The customer service and support are very fast. Trellix’s vendor support is excellent. They have responsive experts who can assist us without delay. We don’t need to go through lengthy processes; our local support team handles Helix cases efficiently. For critical issues, they usually respond within thirty minutes to an hour. Overall, their professionalism stands out.

I worked with a customer that had a McAfee EDR from Kaspersky and another vendor's NDR. They faced many issues, and eventually, they paid much money for little value.

The main competitors are CrowdStrike and Fidelis. In terms of customers, they don't have a problem with cloud connection. We will put CrowdStrike as the first competitor because of customers' worries about the cloud connection. Most of the POCs I saw were Fidelis and Trellix, or Cortex, against Linux. I see these two at customers all the time.

The initial setup is very simple. Before we bought Trellix, we had some other competitors like Kaspersky and Fidelis. During the proof of concept (POC), we found it very hard to integrate in that situation. 

And capability-wise, Fidelis is also big for enterprises, but the main issue was integration and management, especially that the appliance management of services is not that good.

On the other hand, Trellix has the SIEM appliance, which can create custom rules and make your EDR and NDR talk to each other and provide more enrichments and more insights into incidents, whether it is a true positive or false positive. But it's good to have, especially when we talk about EDR and NDR, it is very recommended to have both solutions from the same vendor to avoid any integration and configuration issues.

We primarily manage Helix software for API cloud. The appliances are physical and managed in the data centre. 

The pricing is reasonable compared to its competitors. 

Overall, I would rate the product a nine out of ten. I would recommend it to other users. 

We use Trellix Helix for protection against network attacks, TLS, and SSL attacks. We also use the solution for user behaviour accesses.

Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks.

Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains.

Backup capturing should be included in the solution's next release.

I have been working with Trellix Helix for two years.

I rate Trellix Helix a ten out of ten for stability.

I rate Trellix Helix an eight out of ten for scalability.

Trellix Helix's technical support is great.

Positive

Before Trellix Helix, we used a different solution named Fidelity.

Trellix Helix's initial setup is pretty straightforward, and I rate it a nine out of ten. Trellix Helix's deployment takes four to five hours.

I rate Trellix Helix a five out of ten for pricing.

Overall, I rate Trellix Helix a nine out of ten.

On-premises