Sold by: Trellix
Deployed on AWS
Free Trial
AWS Free Tier
Trellix NDR delivers unified, intelligence-driven visibility, detection, investigation, and response across your network using advanced analytics, machine learning, and GenAI. It analyzes traffic across data centers, multicloud, branch, and campus environments correlating signals, identifying anomalies, and accelerating response. Trellix Wise GenAI reduces alert fatigue, closes talent gaps, and automates deep investigations mapped to MITRE ATT&CK. Trellix NDR detects advanced threats across hybrid architectures, provides real-time visibility, and automates evidence gathering and response actions to reduce MTTR and prevent lateral movement.
4.2
Overview
Disrupt Attackers at Every Stage
Trellix NDR delivers extended visibility, multilayered threat detection and accelerated investigation and response into network traffic across each stage of the MITRE ATT&CK framework spanning data centers, hybrid cloud environments, branch offices, and corporate campuses.
Product Options
Trellix Network Security: Automatically spot suspicious network behavior and prevent attacks that elude traditional signature and policy based security. Combine multiple AI, machine learning, and correlation engines to detect and respond to advanced threats and lateral movements in minutes.
Trellix Network Forensics: pairs the industrys fastest lossless data capture and retrieval solution with centralized analysis and visualization. Determine the scope and impact of threats and resecure your network faster.
Trellix Intrusion Prevention System: Trellix IPS is a NDR ready, next generation IPS that detects and blocks sophisticated malware threats across the network. It uses advanced detection and emulation techniques, moving beyond traditional pattern matching to defend against stealthy attacks with a high degree of accuracy and performance.
Please contact aws@trellix.com before purchasing. Your account team will provide an AWS Private Offer with the correct product mix, quantities, and applicable discounts. Multiple product choices and deployment options are possible using part numbers not listed here.
Highlights
- Adapt to new threats automatically
- Protect across your network to the cloud
- Connect to Trellix Helix to enable GenAI insights
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
NDRT0-T | Use Request Private Offer (To Be Removed - Do Not Use) | $105,193.00 |
NDRT1-T | Use Request Private Offer (To Be Removed - Do Not Use) | $142,010.55 |
NDRT2-T | Use Request Private Offer (To Be Removed - Do Not Use) | $173,568.45 |
DODE1E-AA | To Be Removed - Do Not Use | $9,999.00 |
Vendor refund policy
Please contact aws@trellix.com for refund requests
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Standard support and customer success programs available support@trellix.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Trellix
By Sophos
By Trend Micro
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Advanced Threat Detection
Combines multiple AI, machine learning, and correlation engines to detect advanced threats and lateral movements across network traffic
Behavioral Analysis
Automatically identifies suspicious network behavior and anomalies using advanced analytics to detect threats that elude traditional signature and policy-based security
Network Forensics and Investigation
Provides lossless data capture and retrieval with centralized analysis and visualization to determine scope and impact of threats
Intrusion Prevention
Next-generation IPS that uses advanced detection and emulation techniques to detect and block sophisticated malware threats across the network
GenAI-Powered Automation
Integrates with Trellix Helix to leverage GenAI for reducing alert fatigue, automating deep investigations mapped to MITRE ATT&CK framework, and accelerating response actions
Endpoint Detection and Response
Sophisticated EDR capabilities enabling detection, investigation, and response to multi-stage threats across all key attack vectors
Extended Detection and Response
Unified XDR platform detecting and responding to multi-stage threats across network, cloud, endpoint, identity, and email data sources
Managed Detection and Response
24/7 ransomware and breach prevention services delivered as a managed service with breach warranty and integration capabilities
Threat Prevention Technology
Prevention-first approach using sophisticated technologies to block a broad range of attacks across multiple vectors
Security Posture Management
Deployment capabilities with default-enabled strong protection and drift identification for security posture assessment
Extended Detection and Response
Managed XDR capabilities for detecting and responding to threats across multiple security domains
AI-Driven Threat Analytics
Artificial intelligence-powered analytics for threat detection and analysis across enterprise environments
Unified Security Platform
Centralized platform providing single source of truth for security operations across workloads, identities, endpoints, and networks
Threat Intelligence Integration
Deep threat intelligence capabilities integrated into security operations for enhanced threat context and decision-making
Multi-Domain Protection
Security coverage spanning AI, cloud, networks, endpoints, and devices within complex enterprise environments
Standard contract
No
No
No
Customer reviews
Vikram Chakravarthy
Improved network visibility has strengthened investigations and detects internal lateral movement
Reviewed on May 20, 2026
Review from a verified AWS customer
What is our primary use case?
Our main use cases for Trellix Network Detection and Response are centered around network visibility, which allows us to detect suspicious activity. I generally use Trellix Network Detection and Response as a complementary visibility tool instead of standalone dependencies. This is because our team usually combines endpoint SIEM and cloud telemetry with network visibility, making Trellix Network Detection and Response more useful when correlated with other security tools.
What is most valuable?
The strong feature of Trellix Network Detection and Response, in my opinion, is network visibility, as it provides a deeper understanding of traffic behavior and suspicious communication patterns. Another strong point is that we can detect lateral movement, which is crucial since many advanced attacks move internally inside networks, helping us identify unusual behavior that may otherwise go unnoticed.
In day-to-day operations, Trellix Network Detection and Response helps improve investigation quality because analysts gain another visibility layer apart from endpoint solutions. We rely not only on endpoint detection but also validate suspicious traffic behavior, internal communication, and unusual network activity, which aids our investigations and sometimes reduces our investigation time.
One useful aspect of Trellix Network Detection and Response is its integration value because it works better when data can be correlated across security systems. The network telemetry adds important context to investigations, making responses more informed.
The biggest impact Trellix Network Detection and Response has had on our organization is improved visibility across our environment and better confidence during investigations, as security analysts can understand suspicious behavior more clearly instead of depending solely on isolated alerts. It supports our detection team by strengthening their capabilities to detect internal movement and abnormal traffic behavior.
What needs improvement?
Improvement-wise, the initial setup, fine-tuning, and learning can take effort. Tuning is important for reducing noise and improving detection capabilities. Trellix Network Detection and Response could improve with UI simplification and a better reporting experience. A better out-of-the-box dashboard, easier reporting, and smoother third-party integration workflows would enhance analyst efficiency. Better simplification, smoother onboarding, and more analyst-friendly workflows would improve usability.
For how long have I used the solution?
We have been evaluating and using Trellix Network Detection and Response within our SOC and visibility workflow for around three years.
What do I think about the scalability of the solution?
Trellix Network Detection and Response is designed to scale based on our workloads, and it performs well when we scale.
How are customer service and support?
My experience with Trellix Network Detection and Response customer support has been good, as it depends on the complexity of the issue. They respond in a timely manner, and the technical guidance during calls is significant. Working with the Trellix support team has been positive due to their supportive nature and adherence to SLAs.
What other advice do I have?
We have integrated Trellix Network Detection and Response with multiple routers and switches, and for some devices, we have integrated with the protocols in our environment.
We have certain rules in place for handling false positives, and Trellix has built-in rules as well. We occasionally receive false positives, but we have our own point for analyzing alerts to determine if they are false positives or true positives, verifying with the tools and taking action accordingly.
Trellix Network Detection and Response definitely supports our compliance requirements because we have a lot of logs, which helps our compliance efforts. We store logs for up to three years in our environment, with archives as well, which is crucial for compliance and audit purposes.
When we receive a zero-day from third-party sites, Trellix Network Detection and Response utilizes its threat intelligence platform, which continuously monitors network traffic to identify suspicious patterns.
Trellix Network Detection and Response performs faster compared to other detection solutions we have used in the past, as it has its own rules that help us focus on alerts we need to work on. Unlike many other tools that generate numerous incidents, Trellix Network Detection and Response allows us to find anomalies more easily within our enterprise network, improving our visibility and enabling us to investigate threats effectively.
My advice to others looking into using Trellix Network Detection and Response is to first understand the visibility gap in your organization. If your organization already has strong endpoint visibility but lacks internal network monitoring, then Trellix Network Detection and Response becomes more valuable, allowing for better planning, tuning, and onboarding of the solution. I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
reviewer2843139
Advanced detection has provided full network visibility and supports proactive threat response
Reviewed on May 19, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for Trellix Network Detection and Response is to detect anomalies within the network to ensure that the NDR functionality is delivering what is expected, so primarily the NDR functionality.
A specific example of how I have used Trellix Network Detection and Response in a project is that it provides visibility for clients, allowing them to see all the traffic within their network infrastructure, detect any security triggers that need to be investigated, and take action to protect the network, ensuring there is no unusual or unwanted behavior or traffic.
What is most valuable?
The main aspect of Trellix Network Detection and Response regarding visibility is that visibility is very important as it empowers users to understand what is happening; therefore, detection is one of the strongest features of Trellix Network Detection and Response. Based on what we can see or the events we can observe and how the traffic flows, we can take the next action, investigate incidents, have a proper workflow, and assign the right person or agent to take action and prevent threats before jeopardizing the network or data. Visibility is the top feature that needs to be addressed when it comes to detection and response.
The best features that Trellix Network Detection and Response offers are visibility, threat detection, and immediate response, which allows us to take action almost instantly while keeping proof through proper data capture and maintaining logs for future analysis to prevent attacks and ensure that we have the right policies and controls. Having historical data and integrating with other security stack tools also helps; therefore, proper integration with other security tools is also essential.
Trellix Network Detection and Response positively impacts my organization by enhancing our security posture and helping us cover several controls for compliance, as we need to fulfill various security frameworks to maintain our business operations. The presence of Trellix Network Detection and Response assists us in meeting compliance expectations, which is crucial.
Regarding specific outcomes after using Trellix Network Detection and Response, compliance is vital; having Trellix Network Detection and Response implemented is mandatory for several security frameworks, including local and industry-specific ones, making it a crucial component of our cybersecurity strategy.
What needs improvement?
Regarding needed improvements for Trellix Network Detection and Response, there is always room for enhancement in terms of AI capability to include proactive triggers based on historical data, enabling AI to learn patterns and detect threats before they manifest; this is a significant point to address.
To improve Trellix Network Detection and Response, adapting more AI use cases is essential, such as creating automated incidents for anomalies in traffic that assign themselves to security agents. Automation is vital, and I envision the potential for ready out-of-the-box playbooks for known scenarios to be executed without complex configurations, enhancing automation of known incidents.
For how long have I used the solution?
I have been managing several projects that include Trellix Network Detection and Response for the last five years, with the most recent project being in the last quarter of 2025.
What do I think about the stability of the solution?
Trellix Network Detection and Response is stable but occasionally encounters performance issues, which we can fix quickly.
What do I think about the scalability of the solution?
I find Trellix Network Detection and Response to be quite scalable; it depends on the number of users, and we have accounted for that ahead of deployment, which leads me to believe scalability will not be an issue.
How are customer service and support?
Customer support for Trellix Network Detection and Response is excellent, with almost immediate responses to our inquiries.
Which solution did I use previously and why did I switch?
I have not previously used a different solution, as no system was deployed before.
How was the initial setup?
My experience with pricing, setup costs, and licensing has been satisfactory, although I believe the pricing could be better.
What about the implementation team?
My company does not have any business relationship with this vendor beyond being a customer.
What was our ROI?
While the return on investment from Trellix Network Detection and Response is not immediately tangible, I feel the benefits concerning an enhanced security posture create a sense of confidence in our security; however, I do not see immediate savings linked to the system.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup costs, and licensing has been satisfactory, although I believe the pricing could be better.
Which other solutions did I evaluate?
Before choosing Trellix Network Detection and Response, I evaluated other options, specifically exploring Get Watcher.
What other advice do I have?
I would give Trellix Network Detection and Response a rating of ten out of ten.
I give it a ten because it delivers what it promises by providing network detection and response, maintaining logs, offering detailed analytics, and enhancing the system's learning capabilities over time, particularly with the introduction of AI in current and future releases, leading to an ideal NDR deployment expected by customers.
I advise others looking into using Trellix Network Detection and Response to proceed with implementation immediately, as it is one of the best and most trusted brands that deliver on its promises; Trellix Network Detection and Response has been in the market for a long time and is well-known for its customer support and technical capabilities, and those without an NDR should definitely aim for implementation as soon as possible. I would recommend this product with a rating of ten.
Hassan Sheikh
Integrated sensors have improved traffic inspection and now provide resilient east-west threat control
Reviewed on May 19, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for Trellix Network Detection and Response is utilizing an integrated network IDS and IPS, Network Security Manager, and Network Endpoint Security in infrastructure for enterprise network solutions in enterprise organizations.
A specific example of how I use Trellix Network Detection and Response in my organization is that we have a similar solution to ArcSight HP with an IDS IPS solution and Network Security Manager. We place the sensors in the network's in-out traffic detection path, and all traffic in and out from the sensor is monitored. The sensor responds and produces reports and generates alerts on threats and incidents on Network Security Manager. We categorize alerts into categories such as high, low, critical, and medium. Additionally, Network Security Manager has a built-in firewall, which we use to block attacks and threats.
Regarding how I use Trellix Network Detection and Response, we utilize next-generation firewalls, but the problem was that the firewall could not explore packets or scan the network's anomalies and network traffic, which resulted in a heavy load. Therefore, we placed the sensors on the data center network traffic path, and these sensors perform in-depth inspections, including SSL inspections and network detection response. They possess high-performance CPU capabilities, reducing the load on the firewall by 50 percent while performing detections and scans on traffic, leaving the firewall to handle only packet inspections, packet blocking, and URL blocking policies.
What is most valuable?
The best features Trellix Network Detection and Response offers are its handling of east-west traffic and east-west attacks inside the internal network and outside the organization. Additionally, there is a built-in firewall, an isolation option, automation alerts via email, sensor health updates, and network traffic segregation. We have different categories and can utilize customized signatures. A standout feature for me is that we can implement policies on different segments and sites independently, ensuring they do not interfere with other policies or sites.
The automation alerts in Trellix Network Detection and Response help us identify vulnerable systems on the network and vulnerable servers that require patches to remove vulnerabilities in our day-to-day operations.
Isolation in Trellix Network Detection and Response works effectively. If an incident occurs, we immediately isolate the system by putting that host in isolation, clean the host, and then perform operations to return the system to normal functionality.
Trellix Network Detection and Response has positively impacted my organization by addressing performance issues, specifically by offloading heavy traffic inspection and SSL inspection through sensors due to the limitations of the firewall. To minimize downtime or outages, we must also use built-in kits for backup ports and failover integrated with the ports.
Minimizing downtime with Trellix Network Detection and Response has resulted in enhanced productivity in our organization because we have deployed these sensors in high availability. In case of one device failure, traffic switches to an alternative path. The sensors provide exceptional performance, capable of performing SSL inspections at high throughput rates with low CPU usage, enabling them to handle significant traffic loads promptly.
What needs improvement?
I believe Trellix Network Detection and Response can be improved by integrating machine learning into its detection response capabilities. Additionally, incorporating failover kits integrated into the sensors could be beneficial. It would be best if Trellix Network Detection and Response sensors were converted into a next-generation firewall with built-in capabilities for routing, switching, and Layer 7 functionality, as most next-generation firewalls today include these features. While Trellix Network Detection and Response sensors are highly capable, I think it would be advantageous to include features such as Layer 7 profiles, application profile filters, web filters, IDx, IP feature sets, signature detection features, and routing and switching capabilities all in one device.
While the user interface of Trellix Network Detection and Response is very good, I suggest implementing a customizable dashboard. Additionally, there should be report generation for critical attacks and high alert severities, displayed graphically on the dashboard, and providing options to extract files in Excel format for better visibility.
For how long have I used the solution?
I have used Trellix Network Detection and Response for almost three to four years.
What do I think about the stability of the solution?
Trellix Network Detection and Response is stable.
What do I think about the scalability of the solution?
Trellix Network Detection and Response is scalable. We can add more sensors and can incorporate VM-based IPS sensors into the environment.
How are customer service and support?
The customer support for Trellix Network Detection and Response is very good. They help and support us promptly, allowing us to resolve issues immediately. I would rate customer support an 8 on a scale of 1 to 10.
Which solution did I use previously and why did I switch?
We are moving towards next-generation firewalls focusing on performance and features.
What was our ROI?
I have seen a good return on investment with Trellix Network Detection and Response. It has saved us money and time, and the overall investment has been profitable.
What's my experience with pricing, setup cost, and licensing?
My experience with the pricing, setup cost, and licensing of Trellix Network Detection and Response is that they are very good and affordable for the customer range. However, it would help significantly to have all features packaged together, including firewall, policy implementation, routing and switching, and IDS/IPS functionalities in one device, as customers today prefer having a single device to reduce power consumption, device failure, and outages.
Which other solutions did I evaluate?
I evaluated other options before choosing Trellix Network Detection and Response, specifically Trend Micro IDS and IPS. That solution did not meet our needs, making Trellix Network Detection and Response the best choice.
What other advice do I have?
My advice for others looking into using Trellix Network Detection and Response is that it provides hardened security in enterprise networks and supports a zero-trust model. They can use Trellix Network Detection and Response sensors separately and address performance issues by handling SSL inspections and packet detections on the sensors while keeping other firewalls focused on policy management.
I would rate Trellix Network Detection and Response a 10 out of 10. It is very good, but I suggest having the sensor equipped with a built-in firewall. I gave this rating because of its performance, operational efficiency, and impressive traffic analysis and detection response capabilities. The standout feature is its handling of east-west attacks within the organization, alongside effective vulnerability patch management.
reviewer2840397
Threat detection has improved for zero‑day attacks but alert noise and support still need work
Reviewed on May 13, 2026
Review provided by PeerSpot
What is our primary use case?
I mainly use Trellix Network Detection and Response to find zero-day threats, malware, or anything malicious on our clients' endpoint devices.
I can give you a specific example of how I used Trellix Network Detection and Response to spot something malicious. Such a scenario is when a user using a client device logs in to a Tor browser and is using the Tor browser to surf something malicious. On the dashboard, we used to get the alert for the same and we used to investigate from there by looking at the IP, the source IP, the destination IP, and how it is landing on the Tor browser and what the user is doing. We could do all of this with that.
What is most valuable?
Trellix Network Detection and Response offers threat detection and prevention ability, the ability to find zero-day threats and malware, and anything malicious which has affected an organization. It is very easy to detect. Trellix Network Detection and Response has an MVX engine which is the most effective in handling scenarios such as APTs. Trellix Network Detection and Response also provides essential defense by automatically responding to network incidents that the firewall may not catch. There is also real-time visibility into network traffic and it integrates well with other security tools. It offers automated response features that significantly reduce the incident response time.
The MVX engine helped me in my day-to-day work. We recently gotten used to the workflows for the known false positive alerts. It definitely helped us reduce a lot of time with the auto-closing alerts and the detections that we had. It directly helped in reducing the SOC fatigue.
Trellix Network Detection and Response has positively impacted my organization by significantly reducing the time to detect as we also were experimenting with the automation systems. There were zero detection things and then there was better monitoring. The application filtering as well surpasses the firewall. It increased our ROI for the company from a sales perspective.
I can share specific outcomes or metrics regarding Trellix Network Detection and Response. Per day we used to have 70 to 80 alerts and those could be reduced up to 40 to 30 a day. This is almost a 40 to 50% decrease.
What needs improvement?
There are many ways Trellix Network Detection and Response can be improved. Trellix Network Detection and Response needs to reduce the alert noise because even after a lot of filtering, there is still a lot of noise which needs to be tuned by the industry vertical. Trellix Network Detection and Response needs to deepen the cloud-native support with parity between on-premises and cloud deployments. Trellix Network Detection and Response needs to improve threat intelligence depth as Trellix Network Detection and Response is not known to have the best signatures or the AI-supported intelligence that competitors may have.
Trellix Network Detection and Response also needs revamped documentation because we had a lot of issues trying to find the syntaxes for all the rule-making. We had to search a lot and Trellix Network Detection and Response does not really help with their documentation, as it only covers basic information. The customer service is not that good. Trellix Network Detection and Response needs accelerated customer support to reach out to the top-level heads. Most of the time we are just stuck at the ground level talking to their customer support team, and they are not able to help us because we usually need to connect with the engineering team to help us out with the specifics.
For how long have I used the solution?
I have been using Trellix Network Detection and Response for around 1.5 years.
What do I think about the stability of the solution?
Trellix Network Detection and Response is somewhat stable but there is a bit of downtime sometimes during the off-hours which definitely impacts our night shift. Other than that, there is nothing.
What do I think about the scalability of the solution?
Trellix Network Detection and Response has good scalability, but since it is a legacy system, it was a bit difficult to pair with the other systems. The connectors were always out of sync and we have had multiple noise floods from these connectors which were not configured well. This was from the Trellix Network Detection and Response developer side and we could not get them to fix it on time. That is why our analysts were suffering with the noise.
How are customer service and support?
Customer support for Trellix Network Detection and Response is not that good. We were trying to connect to the engineering team of Trellix Network Detection and Response while we were just stuck on a loop with the customer support team who were not basically helping us. They were constantly relaying our message to the engineering team and the engineering team was looping that back to them and then to us. It was a big hodgepodge basically.
Which solution did I use previously and why did I switch?
We previously used Defender before Trellix Network Detection and Response and we switched because the client actually wanted to switch to something more affordable.
What was our ROI?
I have seen a return on investment with Trellix Network Detection and Response. There was definitely a good ROI involved with this. Not from the people side because there was still a lot of alert noise from Trellix Network Detection and Response, but definitely the time was reduced because of the automated detections plus the money factor as I believe Trellix Network Detection and Response offered a much cheaper plan compared to others.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response was fine. This is above my pay grade as I am just an associate and I deal with the alerts and detections and the fine-tuning of the rules. This is more towards the sales perspective of it which I was not involved with. But I am sure the ROI was definitely fine for this because we were using this tool for three years.
Which other solutions did I evaluate?
Before choosing Trellix Network Detection and Response, we evaluated Palo Alto and CrowdStrike.
What other advice do I have?
I do not have any advice as such about Trellix Network Detection and Response, just would suggest it to those who are looking for an affordable option because there are a lot of things that other tools do better, but Trellix Network Detection and Response is a bit cost-effective, definitely. My overall rating for this product is seven out of ten.
PankajKumar24
Centralized threat insights have improved investigations and now automate tailored response playbooks
Reviewed on May 11, 2026
Review provided by PeerSpot
What is our primary use case?
I am working with Trellix Network Detection and Response as part of my overall experience with these products today.
Trellix Network Detection and Response is used for threat and response use cases for my clients. The solution correlates telemetry data from the endpoint or security solution, providing a single click of workbook and workbenches in the console for best visibility of root cause. After reviewing the workbenches and workbook, I create the playbooks accordingly, severity-wise.
The threat intelligence feature is helpful for full threat investigation. When I receive major detections from Trellix Network Detection and Response, I initiate some queries from the threat intel, and the threat intel shares with me the verdict and threat severity, which can be critical or high.
Forensic analysis is helpful because I need to collect some infections from infected machines. I first need to determine what the initial root impact machine is and the impacted network. It helps determine where the threats are coming from, and the forensic insights assist in this investigation.
What is most valuable?
As a partner of Trellix, I believe the biggest advantage of this NDR solution is that it integrates with the network side. After that, it collects all traffic for the threat capability of Trellix Network Detection and Response, such as lateral movement and C&C callbacks. Ransomware detection allows me to initiate and analyze the logs for the threat model of Trellix Network Detection and Response, then it will respond.
I am working with the threat intelligence feature for threat intelligence and threat queries, and I review through the threat intelligence.
It is effective for Trellix Network Detection and Response to integrate with other security products. ePO integrates for some security solutions such as Microsoft. There is the capability of third-party integration and ingesting the telemetry from the security solution, showing me the workbench workbooks.
Automated responses help me minimize security threats with the playbook creation and automation.
Detailed forensic analysis helps me understand network threats in general.
Trellix Network Detection and Response solution is easy to scale. I need to integrate with the main core switch, and after that, it helps with the port mirroring for threat detection.
What needs improvement?
The negative aspect is support. When I need urgent support from Trellix, there is a response after four hours or three hours, which is my main concern regarding the negative point of Trellix Network Detection and Response. Support is the only disadvantage I see.
For how long have I used the solution?
I have been dealing with this product for around six years or more.
What do I think about the stability of the solution?
I am not facing any challenges of downtime at this time.
How are customer service and support?
For support, I would rate it seven.
Which solution did I use previously and why did I switch?
There is a difference when comparing Trellix Network Detection and Response with other competitors. For instance, Trend AI is not capable of the APT security provided, but Trellix Network Detection and Response gives us the APT solution.
How was the initial setup?
I would say deployment is easy.
What was our ROI?
It is a money-saving solution, and I see ROI here.
What's my experience with pricing, setup cost, and licensing?
The price for Trellix Network Detection and Response is reasonable. The pricing is reasonable, and I do not need to bargain with Trellix or customers.
What other advice do I have?
I am dealing with two major vendors today, and I am still working with all of them. I work with Trellix Network Detection and Response as a reseller, and I am both a partner and a reseller selling it. It shows me the threat vector. I am not sure which feature should be added at this time. I am working on both solutions, on-premises and on cloud. I deploy on Trellix Cloud Workload Security . I have not worked with anything from AWS Marketplace right now. My review rating for this product is nine out of ten.