Trellix Network Detection and Response

My primary use case for Trellix Network Detection and Response is network threat monitoring and incident investigation. I use it to identify suspicious network activities, detect potential threats, and gain visibility into traffic patterns across the environment. On a day-to-day basis, I review alerts generated by the platform, investigate unusual communications, analyze indicators of compromise, and validate whether an alert represents a genuine security risk or a false positive.

Trellix Network Detection and Response definitely helps make investigations faster and more efficient. One of the biggest advantages is the visibility it provides into network activity, which allows me to quickly understand what happened and determine whether an alert requires immediate action. Instead of manually collecting data from multiple sources, I can use the platform to view relevant network communications, identify suspicious connections, and trace activity associated with a particular host or user. This significantly reduces the time needed for initial triage and investigations.

Trellix Network Detection and Response has become a regular part of my daily security monitoring workflow, not just a tool I use when there is an incident. Beyond investigating alerts, I use it to maintain visibility into network activity, validate suspicious events identified by other security tools, and proactively look for unusual behavior that could indicate emerging threats. I also appreciate the context it provides during investigations. Having access to detailed network insights helps me make more informed decisions and collaborate more effectively with other teams when an issue needs to be escalated or remediated.

The features I find most valuable in Trellix Network Detection and Response are the network visibility, threat detection capabilities, and the investigation tools that provide context around security events. One of the biggest strengths of Trellix Network Detection and Response is the ability to analyze network traffic and identify suspicious behavior that may not be obvious through traditional security monitoring. The alerting and detection capabilities help surface potential threats early, which allows us to investigate and respond more quickly. I also appreciate the level of detail available during investigations. Being able to view communication patterns, affected systems, and related activity in one place makes it much easier to understand the full scope of an incident. This saves time and reduces the effort required to manually correlate information from multiple sources.

I have had a positive experience with Trellix Network Detection and Response, but there are areas where it could be improved. One area would be further enhancement of alert prioritization and noise reduction. While the platform provides valuable detections, having even more intelligent correlation and risk-based prioritization could help analysts focus on the most critical threats more quickly.

From an integration perspective, broader and more seamless integration with third-party security tools can always add value. Most organizations operate in multi-vendor environments, so simplifying data sharing and workflow automation across different security platforms would help improve operational efficiency. In terms of user experience, the interface is functional, but there is always room to make investigations more intuitive. Enhancements such as more customizable dashboards, streamlined navigation, and easier access to frequently used investigation data could help analysts work more efficiently, especially in fast-paced incident response situations.

I have been using Trellix Network Detection and Response for approximately two years.

I would consider Trellix Network Detection and Response to be a stable and reliable platform. In my day-to-day use, it has consistently provided the visibility and detection capabilities we rely on for security monitoring and investigations. Enterprise security solutions can occasionally have minor issues related to updates, integrations, or environmental factors, but I have not experienced any significant reliability problems that have had a major impact on our security operations. The platform has generally performed as expected and has been available when needed for monitoring and incident investigations.

Based on my experience, Trellix Network Detection and Response has scaled well within our environment. As the organization has grown and network activity has increased, the platform has continued to provide the visibility and detection capabilities needed to support security operations. From a day-to-day perspective, I have not noticed any significant issues related to growth or increased workload.

We previously relied on a different solution for network monitoring and threat detection before Trellix Network Detection and Response. One of the reasons for moving to Trellix Network Detection and Response was the need for improved visibility, stronger investigation capabilities, and better integration with our overall security operations workflow. From my experience, Trellix Network Detection and Response provides valuable context around alerts and helps streamline investigations, which has improved efficiency for the security team.

I do not have official ROI metrics, but from what I have seen, the biggest return has been in time-saving and operational efficiency. Investigations are generally faster because analysts have immediate access to relevant network context instead of manually piecing together information from multiple sources. I also think there is a value in detecting and understanding threats earlier. It is difficult to quantify exactly, but faster detection and response can help reduce the potential impact of incidents. While I cannot point to a specific dollar amount or reduction in staffing, the platform has helped the team work more efficiently and strengthen our overall security operation.

I was not directly involved in the formal evaluation and procurement process, so I cannot say with certainty which products were shortlisted or compared in detail before selecting Trellix Network Detection and Response. By the time I started working with the solution, Trellix Network Detection and Response had already been selected and deployed. From a user perspective, I have found it effective for network visibility, threat detection, and investigation support. While I am aware there are several strong solutions in the NDR market, I was not personally part of the product evaluation process.

My main use case for Trellix Network Detection and Response is to give us network visibility and detect intrusions, which I use day-to-day.

Trellix Network Detection and Response offers excellent diversity and support for different capabilities because it is built and composed of different services. Trellix Network Detection and Response provides an all-in-one package with services such as Yara detection, Zeek detections, IPS, and IDS capabilities, all presented not as lazily implemented features but as standalone services that could be sold individually. The service that stands out the most for us is detecting and applying Riskwhere capabilities to see how our environment complies with standards, making it the full package for us. It supports compliance, security, and detection capabilities.

Trellix Network Detection and Response allows for configuration of sandboxes, known as MVXes, which are separate standalone services that can be scaled up or down depending on your workload. For example, a smaller environment might only need one sandbox, while a larger one can set up a cluster of instances for sandboxing. It offers flexibility for inbound or outbound traffic by allowing you to set it inside the network to actively block or drop traffic, or simply mirror traffic for detection without prevention. The detection engine and services are powerful because they integrate different resources, enabling me to apply different integrations, such as Zeek integrations, for direct rule application.

Trellix Network Detection and Response positively impacts my organization by providing an all-in-one package rather than requiring us to buy separate products from companies like FireEye or McAfee, which support different features. Multi-tenancy is critical for us as an MSSP, and Trellix Network Detection and Response's central management allows me to manage all appliances through a single UI, which is helpful despite some intricate configurations needing to be done on the appliance itself.

Trellix Network Detection and Response can be improved because it is still maturing, having been built by acquiring other companies and integrating their services. The goal seems to be unifying these services within a central management system, but current issues indicate that it is a work in progress. Its deployment is not straightforward and often requires vendor support to set it up effectively, making it difficult to manage without direct assistance. Trellix Network Detection and Response still needs more work for better unification of service management to clarify each service provided. The network detection component tends to have the most integrated services, featuring MVX, IPS, Malware Guard, and Smart Vision.

I would suggest making central management more organized. Currently, features like IPS are shown as a large separate tab in central management, which seems counterintuitive since it is just a feature of NDR. Encapsulating every service in its appliance while standardizing central management would greatly enhance understanding of Trellix Network Detection and Response architecture for security engineers.

Regarding Trellix Network Detection and Response's AI capabilities, they depend on setup for data safety and privacy. If Trellix Network Detection and Response allows local AI setup, it can provide security and privacy, but reliance on cloud-based AI would raise privacy concerns. I see more machine learning than true AI, as it requires turning on machine learning to understand the environment before it can fire alerts.

The accuracy and reliability of Trellix Network Detection and Response output have drawbacks since it generates many false positives and is not one hundred percent accurate, necessitating further configurations, setup, and training.

The main improvements needed, beyond what we have discussed, involve architectural concerns and API usage for running commands. Using Trellix Network Detection and Response's API for configuration benchmarks has not been smooth and has resulted in errors. Fixing the API to allow for easier automation of configurations would be beneficial.

I have been using Trellix Network Detection and Response for approximately six months.

Trellix Network Detection and Response is stable for me as long as I provide the recommended specs. I encounter no issues with health or reliability when the recommended specifications are met.

Trellix Network Detection and Response demonstrates excellent scalability, allowing both the addition of more interfaces and integration of additional appliances into the central management system. You can scale services within the appliance, such as sandboxing services, as needed.

Trellix Network Detection and Response cannot be operated without customer support, especially during the first year and a half of use. Their support is helpful, providing necessary training and sessions to understand the system better.

My advice to others looking into using Trellix Network Detection and Response is to prepare for an initial time-intensive setup, as it has many features that require time to configure properly. However, once past the setup phase, operations will run smoothly with patience.

I have not seen a return on investment in terms of reducing employees, since Trellix Network Detection and Response actually necessitates more team members to operate it. However, it saves time by consolidating what would have been multiple setups with different providers. The setup was complex and time-consuming, yet once operational, daily use becomes much easier, though overall cost savings remain unclear due to their pricing lack of transparency.

My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response is confusing, given that each part requires separate management of licenses. Understanding the licensing necessitates vendor assistance, as documentation fails to clarify everything. The pricing model is not transparent, as they do not provide pricing ranges upfront, complicating the evaluation of costs across regions.

I still run Corlight in parallel alongside Trellix Network Detection and Response. While Trellix Network Detection and Response limits access and navigation through alerts, making full investigations difficult, Corlight enables such investigations with customizable components including Suricata, Zeek, Yara, and smart Pcap features.

We evaluated Corlight, which, while effective, necessitated extensive manual labor for setup, unlike Trellix Network Detection and Response.

Something unique for our environment regarding how we use Trellix Network Detection and Response is how it is implemented and managed. Because we use two appliances for network detection, one for users for everyday use and another for servers, we ensure they have separate traffic and can control and apply different controls to each appliance.

For the flexibility of sandbox configuration in Trellix Network Detection and Response, it has helped my team day-to-day by matching our exact workload. For example, in the data center environment where we have a lot of traffic needing processing, we can add three or four MVXes for sandboxing capabilities, without having to mirror those configurations for the disaster recovery center, allowing each appliance its own sandboxing configurations. For compliance, the compliance team checks network detection configurations, but there is no automation currently, though Trellix Network Detection and Response has a component called Riskwhere that performs risk assessments and covers configurations to benchmark our environment. However, it is important to note that Riskwhere still generates many false positives, requiring manual tuning to fit our environment.

Regarding specific outcomes since using Trellix Network Detection and Response, the compliance scores have not improved yet since it requires manual configuration tailored to our needs. However, incidents have decreased because both solutions operate on a static basis, whereas Trellix Network Detection and Response utilizes sandboxes for dynamic analysis. It saves us a lot of time thanks to its central management, although some configurations sometimes conflict in application between central management and the appliances themselves. Trellix Network Detection and Response still needs more work for better unification of service management to clarify each service provided. The network detection component tends to have the most integrated services, featuring MVX, IPS, Malware Guard, and Smart Vision. I would rate this solution an eight overall.

A situation where I used Trellix Network Detection and Response is malware detection, where Trellix Network Detection and Response generated alerts for unusual outbound traffic from a user workstation. The investigation showed malware attempting to communicate with a known malicious IP. I isolated the endpoint and coordinated remediation with the endpoint security team. This is one of the major things that I worked on recently.

Another use case would be lateral movement investigation. During a security incident, I used Trellix Network Detection and Response to analyze internal network traffic and identify suspicious RDP connections between multiple servers, which helped determine the scope of lateral movement. This helped me investigate further in detail using Trellix Network Detection and Response for lateral movement investigation.

Based on the scenarios I recently mentioned, one valuable feature is the real-time threat detection of Trellix Network Detection and Response. It detects advanced threats, malware, and lateral movement using AI, ML, and behavior analytics. This is where I used it in two different scenarios that I have mentioned earlier. Another feature would be the network visibility where it provides deep visibility across on-premises, cloud, branch, and hybrid environments. The last feature would be the lateral movement detection, which is particularly useful for identifying attackers moving between internal systems after initial compromise.

Regarding business impact, the real-time threat detection successfully reduced our mean time to detect and response time. Instead of discovering threats during periodic reviews, Trellix Network Detection and Response alerts us immediately when it detects suspicious network behavior such as lateral movement or unusual outbound traffic. This allows the SOC team to investigate and contain incidents faster, reducing potential business impact and minimizing downtime. The key workflow benefits include faster threat detection, reduced manual monitoring, and better alert prioritization, which helps in quicker incident response and lower risk of business disruption. Both I and the organization have benefited from this.

The real-time alerts from Trellix Network Detection and Response reduced our average incident detection time from several hours to under thirty minutes, allowing the team to contain threats much faster. Improved alert prioritization reduced manual triage effort by around thirty to forty percent, allowing analysts to focus on genuine threats. Each detection of lateral movement enabled containment before additional systems were affected, reducing the scope and cost of investigation.

When considering Trellix Network Detection and Response's accuracy and reliability of output, this means how correct, consistent, and trustworthy the results of the system, tools, or analysis are. Accuracy refers to whether the output is correct, and reliability means whether it gives a correct response consistently over time. In the data or analytics context, accuracy ensures the output reflects the true data without errors or bias, while reliability ensures the system produces consistent results even when done multiple times or under different conditions. In simple terms, accuracy and reliability means ensuring the alerts or outputs are both correct and consistent in a secure system. For Trellix Network Detection and Response, high accuracy reduces false positives, and high reliability ensures threats are consistently detected across environments and time.

I have been using Trellix Network Detection and Response for around two years.

Trellix Network Detection and Response has experienced no downtime and is working well.

Trellix Network Detection and Response is scalable and has been able to grow with my organization's needs.

Customer support for Trellix Network Detection and Response works as the first point of contact for users, and the support team handles technical issues and escalation to ensure problems are resolved efficiently.

When I joined this organization, we worked with Trellix Network Detection and Response only. I am not sure what they used before this, but I know why we switched. We switched because the existing system had poor visibility, high false positives, and limited ability to detect advanced or unknown threats, which slowed down detection and response. That is why we switched to Trellix Network Detection and Response.

We purchased and deployed Trellix Network Detection and Response through Azure Marketplace by selecting the product and configuring the subscription and network settings, then deploying it into a resource group. After deployment, we integrated it with our environment for monitoring and security operations. This is the current approach we are following.

If I consider the return on investment concerning Trellix Network Detection and Response, I mostly measure it by our time saving. Faster detection of threats, reduced mean time to detect and response time, and faster investigation using Trellix Network Detection and Response alerts have resulted in time savings. Analysts no longer need to perform extensive manual log analysis, so they can handle more incidents in less time. Regarding security cost, a reduction in security cost occurs because early detection prevents major breaches and avoids data loss, downtime, and recovery costs. Fewer false positives provide better alert accuracy, which reduces analyzing time.

The other options that were used before Trellix Network Detection and Response are not something I am aware of in detail because I have only worked with Trellix Network Detection and Response closely. I understand that tools such as Splunk and firewall logs are different tools that are in the market, but I am not sure which ones they followed previously.

Instead of relying only on signatures, Trellix Network Detection and Response baselines normal network behavior and alerts on deviations such as unusual outbound connections, lateral movement, or command and control traffic. The specific feature impact would be behavior analysis to detect unknown threats and insider activity, and threat intelligence integration to identify communication with known malicious IPs or domains. The threat hunting tools help us find hidden or low and slow attacks missed by traditional tools. I recommend putting in reduction with tuning behavior analysis policies, leveraging threat intelligence feeds, and monitoring east-west traffic. This reduces false positives and helps identify suspicious activities such as lateral movement communications.

My main advice regarding Trellix Network Detection and Response is to properly tune the system during initial deployment. Without tuning, you may get many false positives. It is also important to integrate threat intelligence feeds and align detection with MITRE ATT&CK so alerts are meaningful and easy to investigate. I have rated this product an eight out of ten.

My main use case for Trellix Network Detection and Response is to continuously analyze network traffic and identify suspicious activity that may indicate security threats. It helps us gain deeper visibility into network behavior and improve our overall threat detection capability.

During routine monitoring with Trellix Network Detection and Response, the platform identified unusual communication between internal systems and external destinations. The activity appeared normal at first glance, but Trellix Network Detection and Response highlighted it as anomalous, allowing us to investigate and address the issue before it escalated.

Trellix Network Detection and Response has positively impacted our organization by improving our ability to identify threats earlier in the attack lifecycle and providing better visibility into network activity across the organization.

Since using Trellix Network Detection and Response, we have estimated that security analysts spend approximately 25% less time gathering information during the investigation because the platform provides detailed context and visibility in a single location.

Trellix Network Detection and Response has streamlined threat investigation by reducing the amount of manual correlation required between different security tools and log sources.

The best features I found most valuable in Trellix Network Detection and Response are anomaly detection, network traffic analysis, threat prioritization, and centralized visibility into security events.

The most valuable feature for me in Trellix Network Detection and Response is network traffic analysis because it provides detailed insight into how devices communicate across the environment and helps identify abnormal patterns quickly.

I would like to see additional reporting flexibility and more customization options for the dashboard in Trellix Network Detection and Response. Apart from that, the platform performs very well.

I have been using Trellix Network Detection and Response for more than one year.

Trellix Network Detection and Response has been stable in our environment and has consistently delivered reliable performance.

Trellix Network Detection and Response has scaled effectively as our network footprint and monitoring requirements have increased.

Customer support for Trellix Network Detection and Response has been responsive and technically knowledgeable whenever we require assistance.

Before Trellix Network Detection and Response, we relied mainly on traditional monitoring tools and security logs for network visibility. We switched because we wanted more advanced analytics, better visibility into network behavior, and stronger capability for identifying unknown threats.

The experience with Trellix Network Detection and Response regarding pricing, setup cost, and licensing was that the implementation process was manageable, and the licensing model aligned well with our operational requirements. Overall, the value provided by the solution justifies the investment.

We have seen a positive return on investment with Trellix Network Detection and Response through the improved investigation efficiency, reduced manual effort, and faster threat identification.

Before choosing Trellix Network Detection and Response, we evaluated other options including Darktrace, Vectra AI, and ExtraHop before deciding on Trellix Network Detection and Response for its reliable performance.

Organizations should integrate Trellix Network Detection and Response with their existing security ecosystem and establish a clear investigation workflow to maximize the value of the platform.

Trellix Network Detection and Response applies advanced analytics within a controlled security framework, helping organizations maintain visibility and governance while improving threat detection capability. In our experience with Trellix Network Detection and Response, the analytics and threat detection have been consistent and reliable. The alerts are generally meaningful and help us focus on high-priority security events.

I would rate this product a 9 out of 10.

Our main use case for Trellix Network Detection and Response is to maintain oversight of our network traffic and catch any threats or unusual activity as early as possible.

Trellix Network Detection and Response runs in the background monitoring all network traffic, and whenever something unusual comes up, it sends us an alert and we look into it straight away without any delay.

The best features Trellix Network Detection and Response offers are real-time threat detection, traffic analysis, and the way it breaks down alerts in a clear and simple way.

The feature we rely on the most day-to-day is real-time threat detection because catching a threat early makes a huge difference, and this product does that very well.

Trellix Network Detection and Response has positively impacted our organization by making our security team more confident and responsible, knowing that the network is being watched all the time, allowing us to respond to threats much faster than we used to.

Our team now responds to network threats much quicker than before, and we have managed to stop a few suspicious activities early that could have caused bigger problems.

Based on my experience with the solution, I do not see any improvements needed for Trellix Network Detection and Response at present; it might be required in the future, but there is no space to improve it currently.

If I had to imagine an area where Trellix Network Detection and Response could be enhanced in the future, I would say that more AI-based alerting could be improved so that more customized and advanced reporting could be generated.

I have been using Trellix Network Detection and Response for three years.

Trellix Network Detection and Response is quite stable and performs well overall.

Trellix Network Detection and Response's scalability has been really good; it has handled our growing network well, and as we have added more systems, it has kept up without any issue.

Customer support for Trellix Network Detection and Response is very excellent, as they provide thorough troubleshooting steps to overcome any technical issues.

We are using this type of solution for the first time, so we have not switched from other solutions.

My advice for others looking into using Trellix Network Detection and Response is to take some time to set it up properly, fine-tune the alerts to suit your environment, and once that is done, it runs very smoothly and gives your security team a much stronger grip on what is happening across the network.

We did not evaluate other options before selecting Trellix Network Detection and Response; we chose it based on its advanced threat detection capabilities and integration with our existing security ecosystem.

Regarding Trellix Network Detection and Response's AI capabilities, I think the governance side is well thought out, keeping everything in check and ensuring that detection is handled in a controlled and secure manner.

As for Trellix Network Detection and Response's accuracy and reliability of output, it has been quite accurate in the detection of real threats, and we have not seen any false alarms, so the alerts have been mostly relevant and actionable.

I would rate this product overall as a 9.

My primary use case for Trellix Network Detection and Response is real-time threat detection, network traffic monitoring, and rapid incident response. I use it to identify malicious activity, prevent unauthorized access, and improve overall network security visibility across the organization.

A practical example of how I have used Trellix Network Detection and Response in my daily work was detecting unusual outbound traffic from a user endpoint. The solution quickly identified the suspicious behavior, generated an alert, and helped us isolate the affected device before any data loss occurred. This significantly reduced investigation time and minimized the security risk.

Trellix Network Detection and Response offers several best features including real-time threat detection, behavioral analytics, network visibility, automated incident response, and threat hunting and investigation.

I find myself relying the most on real-time detection from Trellix Network Detection and Response, which has made the biggest impact for me. It provides immediate visibility into suspicious activity, allowing the security team to investigate and respond quickly before an issue escalates. This significantly reduced detection time and improved our overall security posture.

Trellix Network Detection and Response has positively impacted our organization by improving our security visibility and threat detection capabilities. It has helped us identify suspicious network behavior faster, reduce the time required for investigations, and respond to incidents more effectively. As a result, we strengthened our overall security posture while reducing the manual effort needed for threat monitoring and analysis.

After deploying Trellix Network Detection and Response, we saw a noticeable improvement in our security operations. Threat detection and incident times were reduced by 40 to 50 percent, and the security team spent significantly less time manually analyzing network traffic. We were also able to identify suspicious activity that previously went unnoticed, leading to faster containment of potential incidents. It improved overall response efficiency.

I think the UI of Trellix Network Detection and Response can be improved for a first-time user.

I do not think there is anything else that could be improved with Trellix Network Detection and Response; I am currently happy with the solution.

I have been using Trellix Network Detection and Response for more than one year.

Trellix Network Detection and Response is very stable.

The scalability of Trellix Network Detection and Response is very high.

Customer support for Trellix Network Detection and Response is good, providing me with accurate results or accurate troubleshooting.

I would rate the customer support of Trellix Network Detection and Response an eight out of ten.

From a business point of view, while deploying Trellix Network Detection and Response, we can improve our security posture, which indirectly leads to time saved as well as money saved. If a threat can enter any endpoint that is exposed to the internal network, there is a potential gateway for hackers, leading to a loss of production or significant financial impact to the network.

Currently, I am happy with Trellix Network Detection and Response, so if I see any modifications or needed improvements in the future, I will definitely update my review.

Currently, Trellix Network Detection and Response is not using AI, so I have no comments on its governance and security.

Since Trellix Network Detection and Response is not using AI, I do not have any experience with its accuracy and reliability of output, and I mostly rely on other features.

I would rate this review an eight out of ten.

Other features such as network visibility and threat detection are also beneficial.

Trellix Network Detection and Response has positively impacted our organization by improving threat visibility, accelerating investigation, and strengthening our ability to detect advanced threats across the network.

Threat investigation and incident response activities are approximately 30 to 40 percent faster than before due to centralized visibility and automated analysis, which demonstrates how much investigation time has improved.

I advise others looking into Trellix Network Detection and Response to integrate it with existing security ecosystems and establish clear incident response workflows, as organizations that improve their visibility capability will gain significant value from the platform. I would rate this product a 9 out of 10.

My main use case for Trellix Network Detection and Response is for threat detection and response across our workstations and servers.

The best features Trellix Network Detection and Response offers are its threat intelligence, which is quite good, along with endpoint isolation; I can simply isolate the endpoint. The incident response part is also good, and I have not faced any issue until now.

The features that stand out to me about Trellix Network Detection and Response also include its easy implementation and integration; I can simply push the agent, and integration is quite straightforward.

Trellix Network Detection and Response has positively impacted my organization by creating a better safeguard and protecting us from threats. Although it can be improved in some areas, for now it is working fine and well. The number of threats detected is also decreasing, and from a cybersecurity engineer's point of view, the threats are becoming much easier to resolve with the help of these EDR tools. I do not have to log in daily as I can simply see the reports in my email and work on them.

To improve Trellix Network Detection and Response, I suggest enhancing reporting customization; the reports can be much better, and I should have the ability to customize them much more freely. Policy management is good, but I find it a bit complex compared to other tools I have worked with. The support response could also be better; support does respond, but it takes some time.

Regarding needed improvements, the dashboard of Trellix Network Detection and Response is quite simple to understand, but the only complex area is policy management. I have to open each policy and divide the number of users, which made the initial implementation lengthy. It took us around two to three months to adopt it, but after installation, I did not have to change many policies. The dashboard could be improved.

I have been using Trellix Network Detection and Response for almost one year.

Trellix Network Detection and Response is quite stable.

The scalability of Trellix Network Detection and Response is easy; I just have to add another license in the same cloud, and I can easily increase the number of endpoints.

Customer support for Trellix Network Detection and Response is good, but it can be improved; response could be much sooner.

Before Trellix Network Detection and Response, I used a different solution called SecureIT because I was getting many active attacks from there, including a ransomware attack, so I looked for a change.

Regarding my day-to-day work with Trellix Network Detection and Response, it is simple; the implementation part has been completed, and now I just monitor the logs and check for any recent alerts or any critical threats that are detected, and I work on them.

I have seen a return on investment with Trellix Network Detection and Response, particularly in terms of time saved; since I manage the solution, I spend significantly less time on it.

My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response was in the middle range of endpoints, well within what I was looking for; I wanted something that was not too price-heavy like SentinelOne but also not much cheaper like Kaspersky, so it needed to suit my budget while providing proper security.

Prior to choosing Trellix Network Detection and Response, I evaluated other options such as SonicWall and Check Point.

A quick specific example of how I use Trellix Network Detection and Response for threat detection and response is that I received a malicious file; some of my teammates downloaded a malicious file that contained a Trojan horse from a malicious website. Trellix endpoint was successfully able to detect it and also remove it, and it is installed in each person's systems across the organization.

When I say the number of threats detected is getting less, I can share that around five to six months back, I was regularly getting a specific type of threat from the same zip file, which was spreading across the organization. The tool helped me find the root cause, which was an infected file stored in the server, and whenever someone accessed it, it used to spread to that system.

I rated Trellix Network Detection and Response eight out of ten because the two areas where it can be improved are reporting, as the reports can be much better and easier to understand, and second, the support could be better. Due to these two areas, I deducted two points from the overall score.

Regarding Trellix Network Detection and Response's AI capabilities, I think its governance and security are quite good; the AI is working fine, and I receive its logs and analysis, which makes me quite happy with this new AI and ML integration. It helps me in governance as well.

The accuracy of Trellix Network Detection and Response is quite good.

My advice for others looking into using Trellix Network Detection and Response is to be aware that the implementation part can be a lengthy process; endpoints are not installed in a day or a week, and it will take some time. Getting used to it takes around one to two months for the cybersecurity engineers managing the solution. I also recommend setting up logs and alerts on your emails so you do not have to open the dashboard daily, which helps save a lot of time.

Trellix Network Detection and Response is a good mid-budget product that provides quite good security, and I have positive reviews about it.