Sold by: Trellix
Deployed on AWS
Free Trial
AWS Free Tier
Trellix NDR delivers unified, intelligence-driven visibility, detection, investigation, and response across your network using advanced analytics, machine learning, and GenAI. It analyzes traffic across data centers, multicloud, branch, and campus environments correlating signals, identifying anomalies, and accelerating response. Trellix Wise GenAI reduces alert fatigue, closes talent gaps, and automates deep investigations mapped to MITRE ATT&CK. Trellix NDR detects advanced threats across hybrid architectures, provides real-time visibility, and automates evidence gathering and response actions to reduce MTTR and prevent lateral movement.
4.2
Overview
Disrupt Attackers at Every Stage
Trellix NDR delivers extended visibility, multilayered threat detection and accelerated investigation and response into network traffic across each stage of the MITRE ATT&CK framework spanning data centers, hybrid cloud environments, branch offices, and corporate campuses.
Product Options
Trellix Network Security: Automatically spot suspicious network behavior and prevent attacks that elude traditional signature and policy based security. Combine multiple AI, machine learning, and correlation engines to detect and respond to advanced threats and lateral movements in minutes.
Trellix Network Forensics: pairs the industrys fastest lossless data capture and retrieval solution with centralized analysis and visualization. Determine the scope and impact of threats and resecure your network faster.
Trellix Intrusion Prevention System: Trellix IPS is a NDR ready, next generation IPS that detects and blocks sophisticated malware threats across the network. It uses advanced detection and emulation techniques, moving beyond traditional pattern matching to defend against stealthy attacks with a high degree of accuracy and performance.
Please contact aws@trellix.com before purchasing. Your account team will provide an AWS Private Offer with the correct product mix, quantities, and applicable discounts. Multiple product choices and deployment options are possible using part numbers not listed here.
Highlights
- Adapt to new threats automatically
- Protect across your network to the cloud
- Connect to Trellix Helix to enable GenAI insights
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
NDRT0-T | Use Request Private Offer (To Be Removed - Do Not Use) | $105,193.00 |
NDRT1-T | Use Request Private Offer (To Be Removed - Do Not Use) | $142,010.55 |
NDRT2-T | Use Request Private Offer (To Be Removed - Do Not Use) | $173,568.45 |
DODE1E-AA | To Be Removed - Do Not Use | $9,999.00 |
Vendor refund policy
Please contact aws@trellix.com for refund requests
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Standard support and customer success programs available support@trellix.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Trellix
By Sophos
By Trend Micro
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Advanced Threat Detection
Combines multiple AI, machine learning, and correlation engines to detect advanced threats and lateral movements across network traffic
Behavioral Analysis
Automatically identifies suspicious network behavior and anomalies using advanced analytics to detect threats that elude traditional signature and policy-based security
Network Forensics and Investigation
Provides lossless data capture and retrieval with centralized analysis and visualization to determine scope and impact of threats
Intrusion Prevention
Next-generation IPS that uses advanced detection and emulation techniques to detect and block sophisticated malware threats across the network
GenAI-Powered Automation
Integrates with Trellix Helix to leverage GenAI for reducing alert fatigue, automating deep investigations mapped to MITRE ATT&CK framework, and accelerating response actions
Endpoint Detection and Response
Sophisticated EDR capabilities enabling detection, investigation, and response to multi-stage threats across all key attack vectors
Extended Detection and Response
Unified XDR platform detecting and responding to multi-stage threats across network, cloud, endpoint, identity, and email data sources
Managed Detection and Response
24/7 ransomware and breach prevention services delivered as a managed service with breach warranty and integration capabilities
Threat Prevention Technology
Prevention-first approach using sophisticated technologies to block a broad range of attacks across multiple vectors
Security Posture Management
Deployment capabilities with default-enabled strong protection and drift identification for security posture assessment
Extended Detection and Response
Managed XDR capabilities for detecting and responding to threats across multiple security domains
AI-Driven Threat Analytics
Artificial intelligence-powered analytics for threat detection and analysis across enterprise environments
Unified Security Platform
Centralized platform providing single source of truth for security operations across workloads, identities, endpoints, and networks
Threat Intelligence Integration
Deep threat intelligence capabilities integrated into security operations for enhanced threat context and decision-making
Multi-Domain Protection
Security coverage spanning AI, cloud, networks, endpoints, and devices within complex enterprise environments
Standard contract
No
No
No
Customer reviews
Dhanaji Mali
Continuous monitoring has strengthened our threat detection and improved response to network risks
Reviewed on Jun 09, 2026
Review provided by PeerSpot
What is our primary use case?
Our main use case for Trellix Network Detection and Response is to maintain oversight of our network traffic and catch any threats or unusual activity as early as possible.
Trellix Network Detection and Response runs in the background monitoring all network traffic, and whenever something unusual comes up, it sends us an alert and we look into it straight away without any delay.
What is most valuable?
The best features Trellix Network Detection and Response offers are real-time threat detection, traffic analysis, and the way it breaks down alerts in a clear and simple way.
The feature we rely on the most day-to-day is real-time threat detection because catching a threat early makes a huge difference, and this product does that very well.
Trellix Network Detection and Response has positively impacted our organization by making our security team more confident and responsible, knowing that the network is being watched all the time, allowing us to respond to threats much faster than we used to.
Our team now responds to network threats much quicker than before, and we have managed to stop a few suspicious activities early that could have caused bigger problems.
What needs improvement?
Based on my experience with the solution, I do not see any improvements needed for Trellix Network Detection and Response at present; it might be required in the future, but there is no space to improve it currently.
If I had to imagine an area where Trellix Network Detection and Response could be enhanced in the future, I would say that more AI-based alerting could be improved so that more customized and advanced reporting could be generated.
For how long have I used the solution?
I have been using Trellix Network Detection and Response for three years.
What do I think about the stability of the solution?
Trellix Network Detection and Response is quite stable and performs well overall.
What do I think about the scalability of the solution?
Trellix Network Detection and Response's scalability has been really good; it has handled our growing network well, and as we have added more systems, it has kept up without any issue.
How are customer service and support?
Customer support for Trellix Network Detection and Response is very excellent, as they provide thorough troubleshooting steps to overcome any technical issues.
Which solution did I use previously and why did I switch?
We are using this type of solution for the first time, so we have not switched from other solutions.
How was the initial setup?
My advice for others looking into using Trellix Network Detection and Response is to take some time to set it up properly, fine-tune the alerts to suit your environment, and once that is done, it runs very smoothly and gives your security team a much stronger grip on what is happening across the network.
Which other solutions did I evaluate?
We did not evaluate other options before selecting Trellix Network Detection and Response; we chose it based on its advanced threat detection capabilities and integration with our existing security ecosystem.
What other advice do I have?
Regarding Trellix Network Detection and Response's AI capabilities, I think the governance side is well thought out, keeping everything in check and ensuring that detection is handled in a controlled and secure manner.
As for Trellix Network Detection and Response's accuracy and reliability of output, it has been quite accurate in the detection of real threats, and we have not seen any false alarms, so the alerts have been mostly relevant and actionable.
I would rate this product overall as a 9.
Jatin Sharma
Improved real-time threat detection has cut investigation time and strengthens network security
Reviewed on Jun 08, 2026
Review provided by PeerSpot
What is our primary use case?
My primary use case for Trellix Network Detection and Response is real-time threat detection, network traffic monitoring, and rapid incident response. I use it to identify malicious activity, prevent unauthorized access, and improve overall network security visibility across the organization.
A practical example of how I have used Trellix Network Detection and Response in my daily work was detecting unusual outbound traffic from a user endpoint. The solution quickly identified the suspicious behavior, generated an alert, and helped us isolate the affected device before any data loss occurred. This significantly reduced investigation time and minimized the security risk.
What is most valuable?
Trellix Network Detection and Response offers several best features including real-time threat detection, behavioral analytics, network visibility, automated incident response, and threat hunting and investigation.
I find myself relying the most on real-time detection from Trellix Network Detection and Response, which has made the biggest impact for me. It provides immediate visibility into suspicious activity, allowing the security team to investigate and respond quickly before an issue escalates. This significantly reduced detection time and improved our overall security posture.
Trellix Network Detection and Response has positively impacted our organization by improving our security visibility and threat detection capabilities. It has helped us identify suspicious network behavior faster, reduce the time required for investigations, and respond to incidents more effectively. As a result, we strengthened our overall security posture while reducing the manual effort needed for threat monitoring and analysis.
After deploying Trellix Network Detection and Response, we saw a noticeable improvement in our security operations. Threat detection and incident times were reduced by 40 to 50 percent, and the security team spent significantly less time manually analyzing network traffic. We were also able to identify suspicious activity that previously went unnoticed, leading to faster containment of potential incidents. It improved overall response efficiency.
What needs improvement?
I think the UI of Trellix Network Detection and Response can be improved for a first-time user.
I do not think there is anything else that could be improved with Trellix Network Detection and Response; I am currently happy with the solution.
For how long have I used the solution?
I have been using Trellix Network Detection and Response for more than one year.
What do I think about the stability of the solution?
Trellix Network Detection and Response is very stable.
What do I think about the scalability of the solution?
The scalability of Trellix Network Detection and Response is very high.
How are customer service and support?
Customer support for Trellix Network Detection and Response is good, providing me with accurate results or accurate troubleshooting.
I would rate the customer support of Trellix Network Detection and Response an eight out of ten.
What was our ROI?
From a business point of view, while deploying Trellix Network Detection and Response, we can improve our security posture, which indirectly leads to time saved as well as money saved. If a threat can enter any endpoint that is exposed to the internal network, there is a potential gateway for hackers, leading to a loss of production or significant financial impact to the network.
What other advice do I have?
Currently, I am happy with Trellix Network Detection and Response, so if I see any modifications or needed improvements in the future, I will definitely update my review.
Currently, Trellix Network Detection and Response is not using AI, so I have no comments on its governance and security.
Since Trellix Network Detection and Response is not using AI, I do not have any experience with its accuracy and reliability of output, and I mostly rely on other features.
I would rate this review an eight out of ten.
Hitesh Singh Thakur
Advanced threat visibility has transformed how we detect unusual behavior and respond faster
Reviewed on Jun 08, 2026
Review provided by PeerSpot
What is our primary use case?
Trellix Network Detection and Response is used for monitoring network traffic, detecting advanced threats, identifying suspicious behavior, and improving incident response capability across the organization.
What is most valuable?
Trellix Network Detection and Response offers network visibility and behavior analysis combined with real-time threat detection as its most valuable capabilities. Traditional security tools are very effective at detecting known threats, but Trellix Network Detection and Response stands out because it can identify unusual network behavior and potential threats that do not match known signatures. In our environment, this has helped us detect suspicious activity much earlier and prioritize investigation more effectively.
Other features such as network visibility and threat detection are also beneficial.
Trellix Network Detection and Response has positively impacted our organization by improving threat visibility, accelerating investigation, and strengthening our ability to detect advanced threats across the network.
What needs improvement?
Trellix Network Detection and Response is a powerful tool with areas that need improvement, such as dashboard customization options and reporting flexibility. Additionally, I find that third-party integrations are somewhat complex and need to be more user-friendly. Everything else is reliable and meets our security requirements well.
For how long have I used the solution?
I have been using Trellix Network Detection and Response for more than two years.
What do I think about the stability of the solution?
Trellix Network Detection and Response is stable in our environment, with no downtime issues.
What do I think about the scalability of the solution?
Trellix Network Detection and Response has excellent scalability, as the platform has scaled well as our environment has grown and continues to provide consistent visibility and performance.
How are customer service and support?
Customer support for Trellix Network Detection and Response is knowledgeable, responsive, and helpful during troubleshooting and recommendations.
Which solution did I use previously and why did I switch?
Before Trellix Network Detection and Response, we were using traditional network monitoring security tools.
What was our ROI?
I have seen a return on investment with Trellix Network Detection and Response through improvements in operational efficiency, faster threat investigation, and reduced manual monitoring effort. Overall, security operations are approximately 30 to 40 percent more efficient, and we can save time because everything automatically analyzes, resulting in approximately 40 to 50 percent time savings.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response is positive, as the setup process was straightforward, licensing was flexible, and the value delivered by the platform justified the investment.
Which other solutions did I evaluate?
Before choosing Trellix Network Detection and Response, I evaluated other options as alternatives.
What other advice do I have?
A specific example of how Trellix Network Detection and Response helped me detect and respond to a real threat was when it detected an unusual communication pattern from an internal device to an unknown external destination. Traditional security controls did not flag the activity, but Trellix Network Detection and Response behavior analysis identified it as suspicious, allowing me to investigate and mitigate the risk quickly.
Threat investigation and incident response activities are approximately 30 to 40 percent faster than before due to centralized visibility and automated analysis, which demonstrates how much investigation time has improved.
I advise others looking into Trellix Network Detection and Response to integrate it with existing security ecosystems and establish clear incident response workflows, as organizations that improve their visibility capability will gain significant value from the platform. I would rate this product a 9 out of 10.
reviewer2849463
Stronger threat detection has reduced incidents and now simplifies daily incident response
Reviewed on Jun 06, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for Trellix Network Detection and Response is for threat detection and response across our workstations and servers.
What is most valuable?
The best features Trellix Network Detection and Response offers are its threat intelligence, which is quite good, along with endpoint isolation; I can simply isolate the endpoint. The incident response part is also good, and I have not faced any issue until now.
The features that stand out to me about Trellix Network Detection and Response also include its easy implementation and integration; I can simply push the agent, and integration is quite straightforward.
Trellix Network Detection and Response has positively impacted my organization by creating a better safeguard and protecting us from threats. Although it can be improved in some areas, for now it is working fine and well. The number of threats detected is also decreasing, and from a cybersecurity engineer's point of view, the threats are becoming much easier to resolve with the help of these EDR tools. I do not have to log in daily as I can simply see the reports in my email and work on them.
What needs improvement?
To improve Trellix Network Detection and Response, I suggest enhancing reporting customization; the reports can be much better, and I should have the ability to customize them much more freely. Policy management is good, but I find it a bit complex compared to other tools I have worked with. The support response could also be better; support does respond, but it takes some time.
Regarding needed improvements, the dashboard of Trellix Network Detection and Response is quite simple to understand, but the only complex area is policy management. I have to open each policy and divide the number of users, which made the initial implementation lengthy. It took us around two to three months to adopt it, but after installation, I did not have to change many policies. The dashboard could be improved.
For how long have I used the solution?
I have been using Trellix Network Detection and Response for almost one year.
What do I think about the stability of the solution?
Trellix Network Detection and Response is quite stable.
What do I think about the scalability of the solution?
The scalability of Trellix Network Detection and Response is easy; I just have to add another license in the same cloud, and I can easily increase the number of endpoints.
How are customer service and support?
Customer support for Trellix Network Detection and Response is good, but it can be improved; response could be much sooner.
Which solution did I use previously and why did I switch?
Before Trellix Network Detection and Response, I used a different solution called SecureIT because I was getting many active attacks from there, including a ransomware attack, so I looked for a change.
How was the initial setup?
Regarding my day-to-day work with Trellix Network Detection and Response, it is simple; the implementation part has been completed, and now I just monitor the logs and check for any recent alerts or any critical threats that are detected, and I work on them.
What was our ROI?
I have seen a return on investment with Trellix Network Detection and Response, particularly in terms of time saved; since I manage the solution, I spend significantly less time on it.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response was in the middle range of endpoints, well within what I was looking for; I wanted something that was not too price-heavy like SentinelOne but also not much cheaper like Kaspersky, so it needed to suit my budget while providing proper security.
Which other solutions did I evaluate?
Prior to choosing Trellix Network Detection and Response, I evaluated other options such as SonicWall and Check Point.
What other advice do I have?
A quick specific example of how I use Trellix Network Detection and Response for threat detection and response is that I received a malicious file; some of my teammates downloaded a malicious file that contained a Trojan horse from a malicious website. Trellix endpoint was successfully able to detect it and also remove it, and it is installed in each person's systems across the organization.
When I say the number of threats detected is getting less, I can share that around five to six months back, I was regularly getting a specific type of threat from the same zip file, which was spreading across the organization. The tool helped me find the root cause, which was an infected file stored in the server, and whenever someone accessed it, it used to spread to that system.
I rated Trellix Network Detection and Response eight out of ten because the two areas where it can be improved are reporting, as the reports can be much better and easier to understand, and second, the support could be better. Due to these two areas, I deducted two points from the overall score.
Regarding Trellix Network Detection and Response's AI capabilities, I think its governance and security are quite good; the AI is working fine, and I receive its logs and analysis, which makes me quite happy with this new AI and ML integration. It helps me in governance as well.
The accuracy of Trellix Network Detection and Response is quite good.
My advice for others looking into using Trellix Network Detection and Response is to be aware that the implementation part can be a lengthy process; endpoints are not installed in a day or a week, and it will take some time. Getting used to it takes around one to two months for the cybersecurity engineers managing the solution. I also recommend setting up logs and alerts on your emails so you do not have to open the dashboard daily, which helps save a lot of time.
Trellix Network Detection and Response is a good mid-budget product that provides quite good security, and I have positive reviews about it.
Vikram Chakravarthy
Improved network visibility has strengthened investigations and detects internal lateral movement
Reviewed on May 20, 2026
Review from a verified AWS customer
What is our primary use case?
Our main use cases for Trellix Network Detection and Response are centered around network visibility, which allows us to detect suspicious activity. I generally use Trellix Network Detection and Response as a complementary visibility tool instead of standalone dependencies. This is because our team usually combines endpoint SIEM and cloud telemetry with network visibility, making Trellix Network Detection and Response more useful when correlated with other security tools.
What is most valuable?
The strong feature of Trellix Network Detection and Response, in my opinion, is network visibility, as it provides a deeper understanding of traffic behavior and suspicious communication patterns. Another strong point is that we can detect lateral movement, which is crucial since many advanced attacks move internally inside networks, helping us identify unusual behavior that may otherwise go unnoticed.
In day-to-day operations, Trellix Network Detection and Response helps improve investigation quality because analysts gain another visibility layer apart from endpoint solutions. We rely not only on endpoint detection but also validate suspicious traffic behavior, internal communication, and unusual network activity, which aids our investigations and sometimes reduces our investigation time.
One useful aspect of Trellix Network Detection and Response is its integration value because it works better when data can be correlated across security systems. The network telemetry adds important context to investigations, making responses more informed.
The biggest impact Trellix Network Detection and Response has had on our organization is improved visibility across our environment and better confidence during investigations, as security analysts can understand suspicious behavior more clearly instead of depending solely on isolated alerts. It supports our detection team by strengthening their capabilities to detect internal movement and abnormal traffic behavior.
What needs improvement?
Improvement-wise, the initial setup, fine-tuning, and learning can take effort. Tuning is important for reducing noise and improving detection capabilities. Trellix Network Detection and Response could improve with UI simplification and a better reporting experience. A better out-of-the-box dashboard, easier reporting, and smoother third-party integration workflows would enhance analyst efficiency. Better simplification, smoother onboarding, and more analyst-friendly workflows would improve usability.
For how long have I used the solution?
We have been evaluating and using Trellix Network Detection and Response within our SOC and visibility workflow for around three years.
What do I think about the scalability of the solution?
Trellix Network Detection and Response is designed to scale based on our workloads, and it performs well when we scale.
How are customer service and support?
My experience with Trellix Network Detection and Response customer support has been good, as it depends on the complexity of the issue. They respond in a timely manner, and the technical guidance during calls is significant. Working with the Trellix support team has been positive due to their supportive nature and adherence to SLAs.
What other advice do I have?
We have integrated Trellix Network Detection and Response with multiple routers and switches, and for some devices, we have integrated with the protocols in our environment.
We have certain rules in place for handling false positives, and Trellix has built-in rules as well. We occasionally receive false positives, but we have our own point for analyzing alerts to determine if they are false positives or true positives, verifying with the tools and taking action accordingly.
Trellix Network Detection and Response definitely supports our compliance requirements because we have a lot of logs, which helps our compliance efforts. We store logs for up to three years in our environment, with archives as well, which is crucial for compliance and audit purposes.
When we receive a zero-day from third-party sites, Trellix Network Detection and Response utilizes its threat intelligence platform, which continuously monitors network traffic to identify suspicious patterns.
Trellix Network Detection and Response performs faster compared to other detection solutions we have used in the past, as it has its own rules that help us focus on alerts we need to work on. Unlike many other tools that generate numerous incidents, Trellix Network Detection and Response allows us to find anomalies more easily within our enterprise network, improving our visibility and enabling us to investigate threats effectively.
My advice to others looking into using Trellix Network Detection and Response is to first understand the visibility gap in your organization. If your organization already has strong endpoint visibility but lacks internal network monitoring, then Trellix Network Detection and Response becomes more valuable, allowing for better planning, tuning, and onboarding of the solution. I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud