Sold by: Trellix
Deployed on AWS
Free Trial
AWS Free Tier
Trellix NDR delivers unified, intelligence-driven visibility, detection, investigation, and response across your network using advanced analytics, machine learning, and GenAI. It analyzes traffic across data centers, multicloud, branch, and campus environments correlating signals, identifying anomalies, and accelerating response. Trellix Wise GenAI reduces alert fatigue, closes talent gaps, and automates deep investigations mapped to MITRE ATT&CK. Trellix NDR detects advanced threats across hybrid architectures, provides real-time visibility, and automates evidence gathering and response actions to reduce MTTR and prevent lateral movement.
4.2
Overview
Disrupt Attackers at Every Stage
Trellix NDR delivers extended visibility, multilayered threat detection and accelerated investigation and response into network traffic across each stage of the MITRE ATT&CK framework spanning data centers, hybrid cloud environments, branch offices, and corporate campuses.
Product Options
Trellix Network Security: Automatically spot suspicious network behavior and prevent attacks that elude traditional signature and policy based security. Combine multiple AI, machine learning, and correlation engines to detect and respond to advanced threats and lateral movements in minutes.
Trellix Network Forensics: pairs the industrys fastest lossless data capture and retrieval solution with centralized analysis and visualization. Determine the scope and impact of threats and resecure your network faster.
Trellix Intrusion Prevention System: Trellix IPS is a NDR ready, next generation IPS that detects and blocks sophisticated malware threats across the network. It uses advanced detection and emulation techniques, moving beyond traditional pattern matching to defend against stealthy attacks with a high degree of accuracy and performance.
Please contact aws@trellix.com before purchasing. Your account team will provide an AWS Private Offer with the correct product mix, quantities, and applicable discounts. Multiple product choices and deployment options are possible using part numbers not listed here.
Highlights
- Adapt to new threats automatically
- Protect across your network to the cloud
- Connect to Trellix Helix to enable GenAI insights
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
NDRT0-T | Use Request Private Offer (To Be Removed - Do Not Use) | $105,193.00 |
NDRT1-T | Use Request Private Offer (To Be Removed - Do Not Use) | $142,010.55 |
NDRT2-T | Use Request Private Offer (To Be Removed - Do Not Use) | $173,568.45 |
DODE1E-AA | To Be Removed - Do Not Use | $9,999.00 |
Vendor refund policy
Please contact aws@trellix.com for refund requests
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Standard support and customer success programs available support@trellix.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Trellix
By Sophos
By Trend Micro
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Advanced Threat Detection
Combines multiple AI, machine learning, and correlation engines to detect advanced threats and lateral movements across network traffic
Behavioral Analysis
Automatically identifies suspicious network behavior and anomalies using advanced analytics to detect threats that elude traditional signature and policy-based security
Network Forensics and Investigation
Provides lossless data capture and retrieval with centralized analysis and visualization to determine scope and impact of threats
Intrusion Prevention
Next-generation IPS that uses advanced detection and emulation techniques to detect and block sophisticated malware threats across the network
GenAI-Powered Automation
Integrates with Trellix Helix to leverage GenAI for reducing alert fatigue, automating deep investigations mapped to MITRE ATT&CK framework, and accelerating response actions
Endpoint Detection and Response
Sophisticated EDR capabilities enabling detection, investigation, and response to multi-stage threats across all key attack vectors
Extended Detection and Response
Unified XDR platform detecting and responding to multi-stage threats across network, cloud, endpoint, identity, and email data sources
Managed Detection and Response
24/7 ransomware and breach prevention services delivered as a managed service with breach warranty and integration capabilities
Threat Prevention Technology
Prevention-first approach using sophisticated technologies to block a broad range of attacks across multiple vectors
Security Posture Management
Deployment capabilities with default-enabled strong protection and drift identification for security posture assessment
Extended Detection and Response
Managed XDR capabilities for detecting and responding to threats across multiple security domains
AI-Driven Threat Analytics
Artificial intelligence-powered analytics for threat detection and analysis across enterprise environments
Unified Security Platform
Centralized platform providing single source of truth for security operations across workloads, identities, endpoints, and networks
Threat Intelligence Integration
Deep threat intelligence capabilities integrated into security operations for enhanced threat context and decision-making
Multi-Domain Protection
Security coverage spanning AI, cloud, networks, endpoints, and devices within complex enterprise environments
Standard contract
No
No
No
Customer reviews
Twinkle Solanki
Continuous network insight has improved early threat detection and streamlined investigations
Reviewed on Jun 18, 2026
Review from a verified AWS customer
What is our primary use case?
Our primary use case for Trellix Network Detection and Response is to enhance network visibility and strengthen our threat detection capacity. We use it mainly for monitoring network traffic in real-time, identifying suspicious activity, and detecting advanced threats that may bypass traditional security controls. One of the key benefits for us is the ability to leverage behavior and machine learning for identifying abnormal activity, which helps to detect potential malware attacks and movement, command and control conversations, and other indicators of compromise at an earlier stage.
One specific example was when Trellix Network Detection and Response identified unusually outbound network traffic originating from an employee's workstation. This activity did not trigger our traditional signature-based security tool because it was using legitimate protocols and appeared normal at first glance. However, Trellix Network Detection and Response detected the behavior and flagged the communication as suspicious. Our security team investigation and alert discovered that our endpoint had been compromised through phishing emails, and the attackers were attempting to establish command and control conversations and leverage across the network.
What is most valuable?
A few features of Trellix Network Detection and Response stand out for their particular value. First is the advanced threat detection capacity, which is very important. This platform uses behavioral analytics, machine learning, and threat detection to identify suspicious activity that traditional signature-based tools might miss. This is particularly useful for detecting zero-day threats, insider trading, and suspicious attacks. Secondly, I really appreciate the deep network visibility it provides.
Deep network visibility has been one of the most valuable aspects of Trellix Network Detection and Response for our team because it allows us to see what is happening across the network in much greater detail than traditional monitoring tools. For example, we had a situation where there was unusual communication between an internal endpoint and an external server IP address. At first, the activity did not appear malicious because there were no adverse malware signatures or policy violations. However, using the network visibility provided by Trellix Network Detection and Response, we were able to communicate with partners, identify the affected device, review the timeline of events, and understand exactly how the traffic was moving through the environment.
We have seen several positive impacts since implementing Trellix Network Detection and Response, particularly in the areas of threat detection, intelligence, response, and operational efficiency. One of the biggest improvements has been our ability to detect threats earlier. Previously, some suspicious activity might go unnoticed until it triggered an alert from other security tools or we discovered it during a manual investigation. With Trellix Network Detection and Response continuously analyzing network behavior, we can identify potential threats sooner and more effectively, which reduces the overall risk to our organization. We have also seen a noticeable improvement in incident response times because Trellix Network Detection and Response provides detailed context around alerts.
Measurable improvements have been observed since implementing Trellix Network Detection and Response. For example, our mean time to detect and investigate security incidents has improved significantly. Before implementing the solution, analysts often had to gather data manually from multiple tools to understand the scope of the impact of an alert. The visibility and context provided by Trellix Network Detection and Response have made that process much faster. Specifically, we have seen investigation times reduced by around thirty to forty percent for many security events.
What needs improvement?
Overall, we have a positive experience with Trellix Network Detection and Response, but like any enterprise security solution, there are areas where it can continue to improve. One area would be user interface and dashboard customization. While the platform provides a lot of valuable information, new users can sometimes face a learning curve when navigating and investigating and creating customized views. More intuitive dashboards would simplify workflows and help analysts access critical information even faster. Another area for improvement is reporting and analytics. The existing reporting capabilities are useful, but more flexibility and customizable reporting options would make it easier to generate executive-level summaries, compliance reports, and operational metrics for different audiences.
For how long have I used the solution?
I have been working in my current field for six months.
What do I think about the stability of the solution?
Overall, I would describe Trellix Network Detection and Response as a stable and reliable platform. In our experience, it has had a positive impact on our production environment and has proven to be a dependable part of our security operations. We have not experienced any major outages that significantly impacted our security monitoring capacity. As with any enterprise platform, there have been occasional maintenance windows, software updates, or minor performance issues, but these have been infrequent and generally resolved quickly without causing major operational disruptions.
What do I think about the scalability of the solution?
Scalability has been one of the strengths of Trellix Network Detection and Response in our experience. As our organization has grown and the environment has become more complex, the platform has scaled effectively without requiring major changes in our security operations. We have added more users, devices, cloud workloads, and network segments, which have naturally increased the volume of network traffic and security events. Trellix Network Detection and Response has handled that growth while continuing to provide consistency, visibility, threat detection, and investigation capabilities. Particularly, scalability has been valuable in our hybrid environment, which has expanded with our cloud footprint and introduction of new applications and services. The platform continues to offer centralized monitoring and security insight across both on-premises and cloud environments, allowing our security teams to maintain a comprehensive view without significantly increasing operational complexity.
How are customer service and support?
Overall, our experience with Trellix customer support has been positive. We have not needed customer support very frequently because the platform has been stable, but when we have reached out, the assessment has been generally good. Most of our integrations have involved resolving implementation guidance, configuration questions, product updates, and troubleshooting specific issues. In those situations, the support team was responsive and knowledgeable, and they were able to help resolve our problems within a reasonable time frame.
Which solution did I use previously and why did I switch?
Before implementing Trellix Network Detection and Response, we used a combination of traditional network monitoring tools, which were signature-based in alerting and security controls but lacked the capabilities of a dedicated NDR platform.
How was the initial setup?
Our experience with pricing, setup costs, and licensing has been positive. Trellix Network Detection and Response is an enterprise-grade security solution, so it represents a significant investment, but we believe that the value it provides in terms of threat detection, network visibility, and incident response justifies the cost. From a licensing perspective, the model was straightforward and aligned well with our organizational requirements. We were able to scale the deployment based on our environment and security needs, which gave us some flexibility based on the infrastructure involved. The initial setup required planning and coordination between our security and network infrastructure teams, but overall, it has delivered good value as part of our security product stack.
What about the implementation team?
Our experience with pricing, setup costs, and licensing has been positive. Trellix Network Detection and Response is an enterprise-grade security solution, so it represents a significant investment, but we believe that the value it provides in terms of threat detection, network visibility, and incident response justifies the cost. From a licensing perspective, the model was straightforward and aligned well with our organizational requirements.
What was our ROI?
We have seen a positive return on investment, although it is sometimes easier to measure in terms of operational efficiency and risk reduction rather than direct cost savings. From an efficiency perspective, we have seen investigation and incident response times improve by thirty to forty percent within our operational team.
What's my experience with pricing, setup cost, and licensing?
Our experience with pricing, setup costs, and licensing has been positive. Trellix Network Detection and Response is an enterprise-grade security solution, so it represents a significant investment, but we believe that the value it provides in terms of threat detection, network visibility, and incident response justifies the cost. From a licensing perspective, the model was straightforward and aligned well with our organizational requirements.
Which other solutions did I evaluate?
We evaluated several network detection and response solutions before selecting Trellix Network Detection and Response as part of our assessment process. We looked at platforms such as Cisco, Secure Network, and others that offered network visibility and threat detection. We wanted to compare their detection capacities, network visibility, investigation workflows, and the overall operational value. While all the solutions had strengths and positive aspects, Trellix Network Detection and Response stood out the most.
What other advice do I have?
Trellix Network Detection and Response has become an integral part of our day-to-day security operations rather than just a tool we are using for major incidents. On a daily basis, our security team relies on it for continuous network monitoring, threat hunting, visibility, and security alerts. It provides valuable visibility into network activity across our environment, helping us identify unusual behavior that may indicate potential security risks. This proactive approach allows us to investigate and address issues before they develop into serious incidents.
Another important aspect is integrating with our border security ecosystem. The alerts generated by Trellix Network Detection and Response complement data from our endpoints, SIEM , and other security platforms, giving us a more complete view of potential threats. This improves investigation efficiency and helps reduce the time required for detecting, responding to, and managing security events.
I would rate Trellix Network Detection and Response as nine out of ten overall.
I choose nine out of ten because it delivers very strong value in areas that matter most to security operation teams, such as threat detection, network visibility, and investigation support. What stands out the most is its ability to detect suspicious threats that might not be identified by traditional security tools alone. Its behavioral analytics and machine learning capabilities, along with its network-level visibility, help uncover suspicious activity earlier, which is critical in today's threat landscape. Another reason for the high rating is the depth of context it provides during investigations when an alert is triggered. It also helps with a quick understanding of what happened in a system involved in suspicious activity across the network, thus reducing investigation time and enabling teams to respond more effectively.
From a governance and security perspective, I think Trellix Network Detection and Response handles AI capabilities quite well. One thing I appreciate is that AI is used to enhance operations rather than replace human decision-making. The platform provides risk scoring and behavioral analytics, enabling abnormal detection and reconciliation while still allowing security teams to validate findings or make decisions. From a security standpoint, the AI helps identify threats that might otherwise be missed by traditional rule-based detection methods by analyzing network behavior and activity. It can uncover suspicious behavior earlier in the attack life cycle, which strengthens overall security posture and improves threat detection capabilities.
Overall, the AI capabilities in Trellix Network Detection and Response have been both secure and reliable. In our experience, the platform consistently identifies suspicious behavior and potential malware attacks that warrant investigation. One of the strengths of the AI is its ability to analyze behavior patterns rather than relying solely on signatures or predefined rules. This helps it identify unusual activity that may indicate a compromise, even when the threat is new or previously unseen. We have found that many high-priority alerts generated by the platform have also been related to actionable items with increased confidence. In terms of reliability, the platform has provided accurate insights during investigations. The AI's detection capabilities generally include context that supports the identification of suspicious activity.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Dhanesan Sridhar
Real-time threat analytics have reduced investigation time and support rapid lateral movement detection
Reviewed on Jun 16, 2026
Review provided by PeerSpot
What is our primary use case?
A situation where I used Trellix Network Detection and Response is malware detection, where Trellix Network Detection and Response generated alerts for unusual outbound traffic from a user workstation. The investigation showed malware attempting to communicate with a known malicious IP. I isolated the endpoint and coordinated remediation with the endpoint security team. This is one of the major things that I worked on recently.
Another use case would be lateral movement investigation. During a security incident, I used Trellix Network Detection and Response to analyze internal network traffic and identify suspicious RDP connections between multiple servers, which helped determine the scope of lateral movement. This helped me investigate further in detail using Trellix Network Detection and Response for lateral movement investigation.
What is most valuable?
Based on the scenarios I recently mentioned, one valuable feature is the real-time threat detection of Trellix Network Detection and Response. It detects advanced threats, malware, and lateral movement using AI, ML, and behavior analytics. This is where I used it in two different scenarios that I have mentioned earlier. Another feature would be the network visibility where it provides deep visibility across on-premises, cloud, branch, and hybrid environments. The last feature would be the lateral movement detection, which is particularly useful for identifying attackers moving between internal systems after initial compromise.
Regarding business impact, the real-time threat detection successfully reduced our mean time to detect and response time. Instead of discovering threats during periodic reviews, Trellix Network Detection and Response alerts us immediately when it detects suspicious network behavior such as lateral movement or unusual outbound traffic. This allows the SOC team to investigate and contain incidents faster, reducing potential business impact and minimizing downtime. The key workflow benefits include faster threat detection, reduced manual monitoring, and better alert prioritization, which helps in quicker incident response and lower risk of business disruption. Both I and the organization have benefited from this.
The real-time alerts from Trellix Network Detection and Response reduced our average incident detection time from several hours to under thirty minutes, allowing the team to contain threats much faster. Improved alert prioritization reduced manual triage effort by around thirty to forty percent, allowing analysts to focus on genuine threats. Each detection of lateral movement enabled containment before additional systems were affected, reducing the scope and cost of investigation.
What needs improvement?
When considering Trellix Network Detection and Response's accuracy and reliability of output, this means how correct, consistent, and trustworthy the results of the system, tools, or analysis are. Accuracy refers to whether the output is correct, and reliability means whether it gives a correct response consistently over time. In the data or analytics context, accuracy ensures the output reflects the true data without errors or bias, while reliability ensures the system produces consistent results even when done multiple times or under different conditions. In simple terms, accuracy and reliability means ensuring the alerts or outputs are both correct and consistent in a secure system. For Trellix Network Detection and Response, high accuracy reduces false positives, and high reliability ensures threats are consistently detected across environments and time.
For how long have I used the solution?
I have been using Trellix Network Detection and Response for around two years.
What do I think about the stability of the solution?
Trellix Network Detection and Response has experienced no downtime and is working well.
What do I think about the scalability of the solution?
Trellix Network Detection and Response is scalable and has been able to grow with my organization's needs.
How are customer service and support?
Customer support for Trellix Network Detection and Response works as the first point of contact for users, and the support team handles technical issues and escalation to ensure problems are resolved efficiently.
Which solution did I use previously and why did I switch?
When I joined this organization, we worked with Trellix Network Detection and Response only. I am not sure what they used before this, but I know why we switched. We switched because the existing system had poor visibility, high false positives, and limited ability to detect advanced or unknown threats, which slowed down detection and response. That is why we switched to Trellix Network Detection and Response.
How was the initial setup?
We purchased and deployed Trellix Network Detection and Response through Azure Marketplace by selecting the product and configuring the subscription and network settings, then deploying it into a resource group. After deployment, we integrated it with our environment for monitoring and security operations. This is the current approach we are following.
What was our ROI?
If I consider the return on investment concerning Trellix Network Detection and Response, I mostly measure it by our time saving. Faster detection of threats, reduced mean time to detect and response time, and faster investigation using Trellix Network Detection and Response alerts have resulted in time savings. Analysts no longer need to perform extensive manual log analysis, so they can handle more incidents in less time. Regarding security cost, a reduction in security cost occurs because early detection prevents major breaches and avoids data loss, downtime, and recovery costs. Fewer false positives provide better alert accuracy, which reduces analyzing time.
Which other solutions did I evaluate?
The other options that were used before Trellix Network Detection and Response are not something I am aware of in detail because I have only worked with Trellix Network Detection and Response closely. I understand that tools such as Splunk and firewall logs are different tools that are in the market, but I am not sure which ones they followed previously.
What other advice do I have?
Instead of relying only on signatures, Trellix Network Detection and Response baselines normal network behavior and alerts on deviations such as unusual outbound connections, lateral movement, or command and control traffic. The specific feature impact would be behavior analysis to detect unknown threats and insider activity, and threat intelligence integration to identify communication with known malicious IPs or domains. The threat hunting tools help us find hidden or low and slow attacks missed by traditional tools. I recommend putting in reduction with tuning behavior analysis policies, leveraging threat intelligence feeds, and monitoring east-west traffic. This reduces false positives and helps identify suspicious activities such as lateral movement communications.
My main advice regarding Trellix Network Detection and Response is to properly tune the system during initial deployment. Without tuning, you may get many false positives. It is also important to integrate threat intelligence feeds and align detection with MITRE ATT&CK so alerts are meaningful and easy to investigate. I have rated this product an eight out of ten.
Karan Pichlangia
Continuous traffic analysis has improved threat visibility and reduced investigation time
Reviewed on Jun 13, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for Trellix Network Detection and Response is to continuously analyze network traffic and identify suspicious activity that may indicate security threats. It helps us gain deeper visibility into network behavior and improve our overall threat detection capability.
During routine monitoring with Trellix Network Detection and Response , the platform identified unusual communication between internal systems and external destinations. The activity appeared normal at first glance, but Trellix Network Detection and Response highlighted it as anomalous, allowing us to investigate and address the issue before it escalated.
How has it helped my organization?
Trellix Network Detection and Response has positively impacted our organization by improving our ability to identify threats earlier in the attack lifecycle and providing better visibility into network activity across the organization.
Since using Trellix Network Detection and Response, we have estimated that security analysts spend approximately 25% less time gathering information during the investigation because the platform provides detailed context and visibility in a single location.
Trellix Network Detection and Response has streamlined threat investigation by reducing the amount of manual correlation required between different security tools and log sources.
What is most valuable?
The best features I found most valuable in Trellix Network Detection and Response are anomaly detection, network traffic analysis, threat prioritization, and centralized visibility into security events.
The most valuable feature for me in Trellix Network Detection and Response is network traffic analysis because it provides detailed insight into how devices communicate across the environment and helps identify abnormal patterns quickly.
What needs improvement?
I would like to see additional reporting flexibility and more customization options for the dashboard in Trellix Network Detection and Response. Apart from that, the platform performs very well.
For how long have I used the solution?
I have been using Trellix Network Detection and Response for more than one year.
What do I think about the stability of the solution?
Trellix Network Detection and Response has been stable in our environment and has consistently delivered reliable performance.
What do I think about the scalability of the solution?
Trellix Network Detection and Response has scaled effectively as our network footprint and monitoring requirements have increased.
How are customer service and support?
Customer support for Trellix Network Detection and Response has been responsive and technically knowledgeable whenever we require assistance.
Which solution did I use previously and why did I switch?
Before Trellix Network Detection and Response, we relied mainly on traditional monitoring tools and security logs for network visibility. We switched because we wanted more advanced analytics, better visibility into network behavior, and stronger capability for identifying unknown threats.
How was the initial setup?
The experience with Trellix Network Detection and Response regarding pricing, setup cost, and licensing was that the implementation process was manageable, and the licensing model aligned well with our operational requirements. Overall, the value provided by the solution justifies the investment.
What was our ROI?
We have seen a positive return on investment with Trellix Network Detection and Response through the improved investigation efficiency, reduced manual effort, and faster threat identification.
Which other solutions did I evaluate?
What other advice do I have?
Organizations should integrate Trellix Network Detection and Response with their existing security ecosystem and establish a clear investigation workflow to maximize the value of the platform.
Trellix Network Detection and Response applies advanced analytics within a controlled security framework, helping organizations maintain visibility and governance while improving threat detection capability. In our experience with Trellix Network Detection and Response, the analytics and threat detection have been consistent and reliable. The alerts are generally meaningful and help us focus on high-priority security events.
I would rate this product a 9 out of 10.
Dhanaji Mali
Continuous monitoring has strengthened our threat detection and improved response to network risks
Reviewed on Jun 09, 2026
Review provided by PeerSpot
What is our primary use case?
Our main use case for Trellix Network Detection and Response is to maintain oversight of our network traffic and catch any threats or unusual activity as early as possible.
Trellix Network Detection and Response runs in the background monitoring all network traffic, and whenever something unusual comes up, it sends us an alert and we look into it straight away without any delay.
What is most valuable?
The best features Trellix Network Detection and Response offers are real-time threat detection, traffic analysis, and the way it breaks down alerts in a clear and simple way.
The feature we rely on the most day-to-day is real-time threat detection because catching a threat early makes a huge difference, and this product does that very well.
Trellix Network Detection and Response has positively impacted our organization by making our security team more confident and responsible, knowing that the network is being watched all the time, allowing us to respond to threats much faster than we used to.
Our team now responds to network threats much quicker than before, and we have managed to stop a few suspicious activities early that could have caused bigger problems.
What needs improvement?
Based on my experience with the solution, I do not see any improvements needed for Trellix Network Detection and Response at present; it might be required in the future, but there is no space to improve it currently.
If I had to imagine an area where Trellix Network Detection and Response could be enhanced in the future, I would say that more AI-based alerting could be improved so that more customized and advanced reporting could be generated.
For how long have I used the solution?
I have been using Trellix Network Detection and Response for three years.
What do I think about the stability of the solution?
Trellix Network Detection and Response is quite stable and performs well overall.
What do I think about the scalability of the solution?
Trellix Network Detection and Response's scalability has been really good; it has handled our growing network well, and as we have added more systems, it has kept up without any issue.
How are customer service and support?
Customer support for Trellix Network Detection and Response is very excellent, as they provide thorough troubleshooting steps to overcome any technical issues.
Which solution did I use previously and why did I switch?
We are using this type of solution for the first time, so we have not switched from other solutions.
How was the initial setup?
My advice for others looking into using Trellix Network Detection and Response is to take some time to set it up properly, fine-tune the alerts to suit your environment, and once that is done, it runs very smoothly and gives your security team a much stronger grip on what is happening across the network.
Which other solutions did I evaluate?
We did not evaluate other options before selecting Trellix Network Detection and Response; we chose it based on its advanced threat detection capabilities and integration with our existing security ecosystem.
What other advice do I have?
Regarding Trellix Network Detection and Response's AI capabilities, I think the governance side is well thought out, keeping everything in check and ensuring that detection is handled in a controlled and secure manner.
As for Trellix Network Detection and Response's accuracy and reliability of output, it has been quite accurate in the detection of real threats, and we have not seen any false alarms, so the alerts have been mostly relevant and actionable.
I would rate this product overall as a 9.
Jatin Sharma
Improved real-time threat detection has cut investigation time and strengthens network security
Reviewed on Jun 08, 2026
Review provided by PeerSpot
What is our primary use case?
My primary use case for Trellix Network Detection and Response is real-time threat detection, network traffic monitoring, and rapid incident response. I use it to identify malicious activity, prevent unauthorized access, and improve overall network security visibility across the organization.
A practical example of how I have used Trellix Network Detection and Response in my daily work was detecting unusual outbound traffic from a user endpoint. The solution quickly identified the suspicious behavior, generated an alert, and helped us isolate the affected device before any data loss occurred. This significantly reduced investigation time and minimized the security risk.
What is most valuable?
Trellix Network Detection and Response offers several best features including real-time threat detection, behavioral analytics, network visibility, automated incident response, and threat hunting and investigation.
I find myself relying the most on real-time detection from Trellix Network Detection and Response, which has made the biggest impact for me. It provides immediate visibility into suspicious activity, allowing the security team to investigate and respond quickly before an issue escalates. This significantly reduced detection time and improved our overall security posture.
Trellix Network Detection and Response has positively impacted our organization by improving our security visibility and threat detection capabilities. It has helped us identify suspicious network behavior faster, reduce the time required for investigations, and respond to incidents more effectively. As a result, we strengthened our overall security posture while reducing the manual effort needed for threat monitoring and analysis.
After deploying Trellix Network Detection and Response, we saw a noticeable improvement in our security operations. Threat detection and incident times were reduced by 40 to 50 percent, and the security team spent significantly less time manually analyzing network traffic. We were also able to identify suspicious activity that previously went unnoticed, leading to faster containment of potential incidents. It improved overall response efficiency.
What needs improvement?
I think the UI of Trellix Network Detection and Response can be improved for a first-time user.
I do not think there is anything else that could be improved with Trellix Network Detection and Response; I am currently happy with the solution.
For how long have I used the solution?
I have been using Trellix Network Detection and Response for more than one year.
What do I think about the stability of the solution?
Trellix Network Detection and Response is very stable.
What do I think about the scalability of the solution?
The scalability of Trellix Network Detection and Response is very high.
How are customer service and support?
Customer support for Trellix Network Detection and Response is good, providing me with accurate results or accurate troubleshooting.
I would rate the customer support of Trellix Network Detection and Response an eight out of ten.
What was our ROI?
From a business point of view, while deploying Trellix Network Detection and Response, we can improve our security posture, which indirectly leads to time saved as well as money saved. If a threat can enter any endpoint that is exposed to the internal network, there is a potential gateway for hackers, leading to a loss of production or significant financial impact to the network.
What other advice do I have?
Currently, I am happy with Trellix Network Detection and Response, so if I see any modifications or needed improvements in the future, I will definitely update my review.
Currently, Trellix Network Detection and Response is not using AI, so I have no comments on its governance and security.
Since Trellix Network Detection and Response is not using AI, I do not have any experience with its accuracy and reliability of output, and I mostly rely on other features.
I would rate this review an eight out of ten.