Sold by: Trellix
Deployed on AWS
Free Trial
AWS Free Tier
Trellix NDR delivers unified, intelligence-driven visibility, detection, investigation, and response across your network using advanced analytics, machine learning, and GenAI. It analyzes traffic across data centers, multicloud, branch, and campus environments correlating signals, identifying anomalies, and accelerating response. Trellix Wise GenAI reduces alert fatigue, closes talent gaps, and automates deep investigations mapped to MITRE ATT&CK. Trellix NDR detects advanced threats across hybrid architectures, provides real-time visibility, and automates evidence gathering and response actions to reduce MTTR and prevent lateral movement.
4.1
Overview
Disrupt Attackers at Every Stage
Trellix NDR delivers extended visibility, multilayered threat detection and accelerated investigation and response into network traffic across each stage of the MITRE ATT&CK framework spanning data centers, hybrid cloud environments, branch offices, and corporate campuses.
Product Options
Trellix Network Security: Automatically spot suspicious network behavior and prevent attacks that elude traditional signature and policy based security. Combine multiple AI, machine learning, and correlation engines to detect and respond to advanced threats and lateral movements in minutes.
Trellix Network Forensics: pairs the industrys fastest lossless data capture and retrieval solution with centralized analysis and visualization. Determine the scope and impact of threats and resecure your network faster.
Trellix Intrusion Prevention System: Trellix IPS is a NDR ready, next generation IPS that detects and blocks sophisticated malware threats across the network. It uses advanced detection and emulation techniques, moving beyond traditional pattern matching to defend against stealthy attacks with a high degree of accuracy and performance.
Please contact aws@trellix.com before purchasing. Your account team will provide an AWS Private Offer with the correct product mix, quantities, and applicable discounts. Multiple product choices and deployment options are possible using part numbers not listed here.
Highlights
- Adapt to new threats automatically
- Protect across your network to the cloud
- Connect to Trellix Helix to enable GenAI insights
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
NDRT0-T | Use Request Private Offer (To Be Removed - Do Not Use) | $105,193.00 |
NDRT1-T | Use Request Private Offer (To Be Removed - Do Not Use) | $142,010.55 |
NDRT2-T | Use Request Private Offer (To Be Removed - Do Not Use) | $173,568.45 |
DODE1E-AA | To Be Removed - Do Not Use | $9,999.00 |
Vendor refund policy
Please contact aws@trellix.com for refund requests
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Standard support and customer success programs available support@trellix.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Trellix
By Sophos
By Trend Micro
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Advanced Threat Detection
Combines multiple AI, machine learning, and correlation engines to detect advanced threats and lateral movements across network traffic
Behavioral Analysis
Automatically identifies suspicious network behavior and anomalies using advanced analytics to detect threats that elude traditional signature and policy-based security
Network Forensics and Investigation
Provides lossless data capture and retrieval with centralized analysis and visualization to determine scope and impact of threats
Intrusion Prevention
Next-generation IPS that uses advanced detection and emulation techniques to detect and block sophisticated malware threats across the network
GenAI-Powered Automation
Integrates with Trellix Helix to leverage GenAI for reducing alert fatigue, automating deep investigations mapped to MITRE ATT&CK framework, and accelerating response actions
Endpoint Detection and Response
Sophisticated EDR capabilities enabling detection, investigation, and response to multi-stage threats across all key attack vectors
Extended Detection and Response
Unified XDR platform detecting and responding to multi-stage threats across network, cloud, endpoint, identity, and email data sources
Managed Detection and Response
24/7 ransomware and breach prevention services delivered as a managed service with breach warranty and integration capabilities
Threat Prevention Technology
Prevention-first approach using sophisticated technologies to block a broad range of attacks across multiple vectors
Security Posture Management
Deployment capabilities with default-enabled strong protection and drift identification for security posture assessment
Extended Detection and Response
Managed XDR capabilities for detecting and responding to threats across multiple security domains
AI-Driven Threat Analytics
Artificial intelligence-powered analytics for threat detection and analysis across enterprise environments
Unified Security Platform
Centralized platform providing single source of truth for security operations across workloads, identities, endpoints, and networks
Threat Intelligence Integration
Deep threat intelligence capabilities integrated into security operations for enhanced threat context and decision-making
Multi-Domain Protection
Security coverage spanning AI, cloud, networks, endpoints, and devices within complex enterprise environments
Standard contract
No
No
No
Customer reviews
PankajKumar24
Centralized threat insights have improved investigations and now automate tailored response playbooks
Reviewed on May 11, 2026
Review provided by PeerSpot
What is our primary use case?
I am working with Trellix Network Detection and Response as part of my overall experience with these products today.
Trellix Network Detection and Response is used for threat and response use cases for my clients. The solution correlates telemetry data from the endpoint or security solution, providing a single click of workbook and workbenches in the console for best visibility of root cause. After reviewing the workbenches and workbook, I create the playbooks accordingly, severity-wise.
The threat intelligence feature is helpful for full threat investigation. When I receive major detections from Trellix Network Detection and Response, I initiate some queries from the threat intel, and the threat intel shares with me the verdict and threat severity, which can be critical or high.
Forensic analysis is helpful because I need to collect some infections from infected machines. I first need to determine what the initial root impact machine is and the impacted network. It helps determine where the threats are coming from, and the forensic insights assist in this investigation.
What is most valuable?
As a partner of Trellix, I believe the biggest advantage of this NDR solution is that it integrates with the network side. After that, it collects all traffic for the threat capability of Trellix Network Detection and Response, such as lateral movement and C&C callbacks. Ransomware detection allows me to initiate and analyze the logs for the threat model of Trellix Network Detection and Response, then it will respond.
I am working with the threat intelligence feature for threat intelligence and threat queries, and I review through the threat intelligence.
It is effective for Trellix Network Detection and Response to integrate with other security products. ePO integrates for some security solutions such as Microsoft. There is the capability of third-party integration and ingesting the telemetry from the security solution, showing me the workbench workbooks.
Automated responses help me minimize security threats with the playbook creation and automation.
Detailed forensic analysis helps me understand network threats in general.
Trellix Network Detection and Response solution is easy to scale. I need to integrate with the main core switch, and after that, it helps with the port mirroring for threat detection.
What needs improvement?
The negative aspect is support. When I need urgent support from Trellix, there is a response after four hours or three hours, which is my main concern regarding the negative point of Trellix Network Detection and Response. Support is the only disadvantage I see.
For how long have I used the solution?
I have been dealing with this product for around six years or more.
What do I think about the stability of the solution?
I am not facing any challenges of downtime at this time.
How are customer service and support?
For support, I would rate it seven.
Which solution did I use previously and why did I switch?
There is a difference when comparing Trellix Network Detection and Response with other competitors. For instance, Trend AI is not capable of the APT security provided, but Trellix Network Detection and Response gives us the APT solution.
How was the initial setup?
I would say deployment is easy.
What was our ROI?
It is a money-saving solution, and I see ROI here.
What's my experience with pricing, setup cost, and licensing?
The price for Trellix Network Detection and Response is reasonable. The pricing is reasonable, and I do not need to bargain with Trellix or customers.
What other advice do I have?
I am dealing with two major vendors today, and I am still working with all of them. I work with Trellix Network Detection and Response as a reseller, and I am both a partner and a reseller selling it. It shows me the threat vector. I am not sure which feature should be added at this time. I am working on both solutions, on-premises and on cloud. I deploy on Trellix Cloud Workload Security . I have not worked with anything from AWS Marketplace right now. My review rating for this product is nine out of ten.
Jose Vargas
Has improved threat detection workflows and supports seamless customer monitoring
Reviewed on Nov 06, 2025
Review from a verified AWS customer
What is our primary use case?
My main use case for Trellix Network Detection and Response is providing support for our customers, and one of our customers has Trellix, so we had to provide monitoring or specific XDR tools for that customer, including Trellix, Crowdstrike, and many others.
A typical task or incident I have handled using Trellix Network Detection and Response demonstrates that it is a very good tool for XDR , very comfortable to use, and extremely easy to use, making it one of the best XDR tools.
What is most valuable?
The best features Trellix Network Detection and Response offers include very good threat detection, and I believe that it is one of the best XDR tools. For example, ePO and XDR components are very comfortable and similar to many other tools for this type of monitoring, and I have received very good feedback for this tool.
What makes Trellix Network Detection and Response stand out for me compared to other tools is the way you can detect threats. It is very easy and comfortable to use, and the detection shows clearly on the screen, which is very easy to understand.
Regarding the features, I think that the integration with other platforms is very comfortable with the customer because we can integrate it with any switch or firewall, and it is comfortable to add this tool.
Trellix Network Detection and Response has positively impacted my organization as I have improved my knowledge about detection and response. I have already used some other tools such as CrowdStrike and Umbrella , but Trellix is one of the best that I have tested.
I believe that for my organization, Trellix has helped a lot with detection and supported our customers effectively.
Trellix Network Detection and Response is a great tool that integrates with a lot of security tools such as Palo Alto, which is a good firewall. If you have these types of tools, your organization would benefit greatly.
What needs improvement?
I would like to see in Trellix Network Detection and Response more explanation about some details of the threat, and I wish it had more actions that you can take to contain the host or move it somewhere else.
For how long have I used the solution?
I have been using Trellix Network Detection and Response for a couple of months, possibly around six months, and I believe that it is a good tool and a very good XDR tool.
What do I think about the stability of the solution?
Trellix Network Detection and Response is stable in my experience.
What do I think about the scalability of the solution?
The scalability of Trellix Network Detection and Response is very great.
How are customer service and support?
The customer support for Trellix Network Detection and Response is great.
Which solution did I use previously and why did I switch?
I previously used another solution, but Trellix was my first XDR tool. Then, I used CrowdStrike and Umbrella .
What was our ROI?
I think my comments about the return on investment are the same that the customers think.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response is very great.
Which other solutions did I evaluate?
I did not evaluate other options before choosing Trellix Network Detection and Response.
What other advice do I have?
My advice for others looking into using Trellix Network Detection and Response is to remember the actions that can be added for the SOC team. I would rate this review as a nine out of ten.
Abdullah Al Hadi
Network defense becomes effective with automatic responses to incidents
Reviewed on Feb 18, 2025
Review provided by PeerSpot
What is our primary use case?
The primary use case for Trellix Network Detection and Response is network intrusion detection, which is crucial for protecting environments. It helps secure networks and defend against phishing and other attacks created by the networking sector. We use the solution for detection and forensics investigation, reporting incidents such as the source and network path of attacks.
What is most valuable?
Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch. When users break firewall rules, the solution identifies affected areas for immediate action, helping determine the actual reason for attacks. Its ability to report incidents like network paths makes it invaluable in securing the environment. With eight years of experience, I can attest that Trellix NDR is effective in detecting and protecting networks.
What needs improvement?
The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would help in network detection response. Networking often involves complexity that could be simplified. More visibility in the dashboard would help in quickly identifying and responding to incidents. Additionally, there should be improvements in AI intelligence, faster decision-making, and a more responsive technical support team.
For how long have I used the solution?
I have been using Trellix NDR for approximately eight and a half years.
How are customer service and support?
Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents. There is a need for technical expertise, specifically in device control and DLP issues.
How was the initial setup?
The initial setup of Trellix NDR has some complexities, particularly when dealing with big organizations' network design and path.
What's my experience with pricing, setup cost, and licensing?
While I do not handle pricing directly, it is known that there is a variety of customers with different licensing needs, which depends on the organization's size and policy.
What other advice do I have?
Currently, I would rate Trellix NDR as an eight out of ten. There are various opportunities for improving its response capabilities and dashboard visibility to quickly address incidents, which could improve the overall effectiveness of the solution.
Daniel_Martins
Helps increase response to attacks and reduce client risks
Reviewed on Jun 10, 2024
Review provided by PeerSpot
What is our primary use case?
The tool helps to reduce client risks.
What is most valuable?
Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days.
What needs improvement?
The solution's support needs to improve their support.
For how long have I used the solution?
I have been working with the product for two years.
What do I think about the stability of the solution?
The tool is stable. However, it has some monthly limitations.
Which solution did I use previously and why did I switch?
Trellix Network Detection and Response differs from other products due to its integration.
How was the initial setup?
Trellix Network Detection and Response's deployment is easy and can be completed in a minute.
What about the implementation team?
My team helps with the tool's deployment.
What other advice do I have?
I would recommend the product to others. I rate it a nine out of ten.
reviewer2392089
Lacks to let users use multiple IOCs but helps conduct threat investigations efficiently
Reviewed on Apr 26, 2024
Review provided by PeerSpot
What is our primary use case?
I use the solution in my company's daily operations to conduct threat investigations.
What is most valuable?
The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline.
What needs improvement?
In Trellix Network Detection and Response, I suggest having Trellix EDR like features as it currently does not have the feature to add multiple IOCs to search an environment. If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job. In my company, we have to use IOCs daily to search for hashes in our environment, and then we have to put in the IOCs one by one. My company had spoken to Trellix's team to look into the matter concerning IOCs and was told by Trellix that the tool doesn't have a search feature that allows the use of IOCs in one go. The aforementioned area needs improvement in Trellix.
For how long have I used the solution?
I have been using Trellix Network Detection and Response for two years. I am a user of Trellix.
What do I think about the stability of the solution?
The product sometimes crashes, but it is up and working most of the time. In general, there is some downtime and certain issues with the product.
What do I think about the scalability of the solution?
I use the product daily in my company.
Multiple people in my company use the product.
How are customer service and support?
In my company, if you face issues with Trellix Network Detection and Response or Trellix EDR, there is a separate team in my organization that offers technical support.
Which solution did I use previously and why did I switch?
I have almost four years of experience in the area of cybersecurity, and I have used many EDR solutions before Trellix, like Kaspersky and Cybereason. My company decided to use Trellix Network Detection and Response.
How was the initial setup?
I rate the product's initial setup phase a seven on a scale of one to ten, where one is difficult, and ten is easy.
The solution is deployed on an on-premises model.
What other advice do I have?
The product's response capabilities were good. In general, I can say that the solution's response capabilities are neither too good nor very bad, so I can place it somewhere in the medium range.
I rate the tool a five out of ten.