I mainly use Trellix Network Detection and Response to find zero-day threats, malware, or anything malicious on our clients' endpoint devices.

I can give you a specific example of how I used Trellix Network Detection and Response to spot something malicious. Such a scenario is when a user using a client device logs in to a Tor browser and is using the Tor browser to surf something malicious. On the dashboard, we used to get the alert for the same and we used to investigate from there by looking at the IP, the source IP, the destination IP, and how it is landing on the Tor browser and what the user is doing. We could do all of this with that.

Trellix Network Detection and Response offers threat detection and prevention ability, the ability to find zero-day threats and malware, and anything malicious which has affected an organization. It is very easy to detect. Trellix Network Detection and Response has an MVX engine which is the most effective in handling scenarios such as APTs. Trellix Network Detection and Response also provides essential defense by automatically responding to network incidents that the firewall may not catch. There is also real-time visibility into network traffic and it integrates well with other security tools. It offers automated response features that significantly reduce the incident response time.

The MVX engine helped me in my day-to-day work. We recently gotten used to the workflows for the known false positive alerts. It definitely helped us reduce a lot of time with the auto-closing alerts and the detections that we had. It directly helped in reducing the SOC fatigue.

Trellix Network Detection and Response has positively impacted my organization by significantly reducing the time to detect as we also were experimenting with the automation systems. There were zero detection things and then there was better monitoring. The application filtering as well surpasses the firewall. It increased our ROI for the company from a sales perspective.

I can share specific outcomes or metrics regarding Trellix Network Detection and Response. Per day we used to have 70 to 80 alerts and those could be reduced up to 40 to 30 a day. This is almost a 40 to 50% decrease.

There are many ways Trellix Network Detection and Response can be improved. Trellix Network Detection and Response needs to reduce the alert noise because even after a lot of filtering, there is still a lot of noise which needs to be tuned by the industry vertical. Trellix Network Detection and Response needs to deepen the cloud-native support with parity between on-premises and cloud deployments. Trellix Network Detection and Response needs to improve threat intelligence depth as Trellix Network Detection and Response is not known to have the best signatures or the AI-supported intelligence that competitors may have.

Trellix Network Detection and Response also needs revamped documentation because we had a lot of issues trying to find the syntaxes for all the rule-making. We had to search a lot and Trellix Network Detection and Response does not really help with their documentation, as it only covers basic information. The customer service is not that good. Trellix Network Detection and Response needs accelerated customer support to reach out to the top-level heads. Most of the time we are just stuck at the ground level talking to their customer support team, and they are not able to help us because we usually need to connect with the engineering team to help us out with the specifics.

I have been using Trellix Network Detection and Response for around 1.5 years.

Trellix Network Detection and Response is somewhat stable but there is a bit of downtime sometimes during the off-hours which definitely impacts our night shift. Other than that, there is nothing.

Trellix Network Detection and Response has good scalability, but since it is a legacy system, it was a bit difficult to pair with the other systems. The connectors were always out of sync and we have had multiple noise floods from these connectors which were not configured well. This was from the Trellix Network Detection and Response developer side and we could not get them to fix it on time. That is why our analysts were suffering with the noise.

Customer support for Trellix Network Detection and Response is not that good. We were trying to connect to the engineering team of Trellix Network Detection and Response while we were just stuck on a loop with the customer support team who were not basically helping us. They were constantly relaying our message to the engineering team and the engineering team was looping that back to them and then to us. It was a big hodgepodge basically.

We previously used Defender before Trellix Network Detection and Response and we switched because the client actually wanted to switch to something more affordable.

I have seen a return on investment with Trellix Network Detection and Response. There was definitely a good ROI involved with this. Not from the people side because there was still a lot of alert noise from Trellix Network Detection and Response, but definitely the time was reduced because of the automated detections plus the money factor as I believe Trellix Network Detection and Response offered a much cheaper plan compared to others.

My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response was fine. This is above my pay grade as I am just an associate and I deal with the alerts and detections and the fine-tuning of the rules. This is more towards the sales perspective of it which I was not involved with. But I am sure the ROI was definitely fine for this because we were using this tool for three years.

Before choosing Trellix Network Detection and Response, we evaluated Palo Alto and CrowdStrike.

I do not have any advice as such about Trellix Network Detection and Response, just would suggest it to those who are looking for an affordable option because there are a lot of things that other tools do better, but Trellix Network Detection and Response is a bit cost-effective, definitely. My overall rating for this product is seven out of ten.

I am working with Trellix Network Detection and Response as part of my overall experience with these products today.

Trellix Network Detection and Response is used for threat and response use cases for my clients. The solution correlates telemetry data from the endpoint or security solution, providing a single click of workbook and workbenches in the console for best visibility of root cause. After reviewing the workbenches and workbook, I create the playbooks accordingly, severity-wise.

The threat intelligence feature is helpful for full threat investigation. When I receive major detections from Trellix Network Detection and Response, I initiate some queries from the threat intel, and the threat intel shares with me the verdict and threat severity, which can be critical or high.

Forensic analysis is helpful because I need to collect some infections from infected machines. I first need to determine what the initial root impact machine is and the impacted network. It helps determine where the threats are coming from, and the forensic insights assist in this investigation.

As a partner of Trellix, I believe the biggest advantage of this NDR solution is that it integrates with the network side. After that, it collects all traffic for the threat capability of Trellix Network Detection and Response, such as lateral movement and C&C callbacks. Ransomware detection allows me to initiate and analyze the logs for the threat model of Trellix Network Detection and Response, then it will respond.

I am working with the threat intelligence feature for threat intelligence and threat queries, and I review through the threat intelligence.

It is effective for Trellix Network Detection and Response to integrate with other security products. ePO integrates for some security solutions such as Microsoft. There is the capability of third-party integration and ingesting the telemetry from the security solution, showing me the workbench workbooks.

Automated responses help me minimize security threats with the playbook creation and automation.

Detailed forensic analysis helps me understand network threats in general.

Trellix Network Detection and Response solution is easy to scale. I need to integrate with the main core switch, and after that, it helps with the port mirroring for threat detection.

The negative aspect is support. When I need urgent support from Trellix, there is a response after four hours or three hours, which is my main concern regarding the negative point of Trellix Network Detection and Response. Support is the only disadvantage I see.

I have been dealing with this product for around six years or more.

I am not facing any challenges of downtime at this time.

For support, I would rate it seven.

There is a difference when comparing Trellix Network Detection and Response with other competitors. For instance, Trend AI is not capable of the APT security provided, but Trellix Network Detection and Response gives us the APT solution.

I would say deployment is easy.

It is a money-saving solution, and I see ROI here.

The price for Trellix Network Detection and Response is reasonable. The pricing is reasonable, and I do not need to bargain with Trellix or customers.

I am dealing with two major vendors today, and I am still working with all of them. I work with Trellix Network Detection and Response as a reseller, and I am both a partner and a reseller selling it. It shows me the threat vector. I am not sure which feature should be added at this time. I am working on both solutions, on-premises and on cloud. I deploy on Trellix Cloud Workload Security. I have not worked with anything from AWS Marketplace right now. My review rating for this product is nine out of ten.

My main use case for Trellix Network Detection and Response is providing support for our customers, and one of our customers has Trellix, so we had to provide monitoring or specific XDR tools for that customer, including Trellix, Crowdstrike, and many others.

A typical task or incident I have handled using Trellix Network Detection and Response demonstrates that it is a very good tool for XDR, very comfortable to use, and extremely easy to use, making it one of the best XDR tools.

The best features Trellix Network Detection and Response offers include very good threat detection, and I believe that it is one of the best XDR tools. For example, ePO and XDR components are very comfortable and similar to many other tools for this type of monitoring, and I have received very good feedback for this tool.

What makes Trellix Network Detection and Response stand out for me compared to other tools is the way you can detect threats. It is very easy and comfortable to use, and the detection shows clearly on the screen, which is very easy to understand.

Regarding the features, I think that the integration with other platforms is very comfortable with the customer because we can integrate it with any switch or firewall, and it is comfortable to add this tool.

Trellix Network Detection and Response has positively impacted my organization as I have improved my knowledge about detection and response. I have already used some other tools such as CrowdStrike and Umbrella, but Trellix is one of the best that I have tested.

I believe that for my organization, Trellix has helped a lot with detection and supported our customers effectively.

Trellix Network Detection and Response is a great tool that integrates with a lot of security tools such as Palo Alto, which is a good firewall. If you have these types of tools, your organization would benefit greatly.

I would like to see in Trellix Network Detection and Response more explanation about some details of the threat, and I wish it had more actions that you can take to contain the host or move it somewhere else.

I have been using Trellix Network Detection and Response for a couple of months, possibly around six months, and I believe that it is a good tool and a very good XDR tool.

Trellix Network Detection and Response is stable in my experience.

The scalability of Trellix Network Detection and Response is very great.

The customer support for Trellix Network Detection and Response is great.

I previously used another solution, but Trellix was my first XDR tool. Then, I used CrowdStrike and Umbrella.

I think my comments about the return on investment are the same that the customers think.

My experience with pricing, setup cost, and licensing for Trellix Network Detection and Response is very great.

I did not evaluate other options before choosing Trellix Network Detection and Response.

My advice for others looking into using Trellix Network Detection and Response is to remember the actions that can be added for the SOC team. I would rate this review as a nine out of ten.

The primary use case for Trellix Network Detection and Response is network intrusion detection, which is crucial for protecting environments. It helps secure networks and defend against phishing and other attacks created by the networking sector. We use the solution for detection and forensics investigation, reporting incidents such as the source and network path of attacks.

Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch. When users break firewall rules, the solution identifies affected areas for immediate action, helping determine the actual reason for attacks. Its ability to report incidents like network paths makes it invaluable in securing the environment. With eight years of experience, I can attest that Trellix NDR is effective in detecting and protecting networks.

The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would help in network detection response. Networking often involves complexity that could be simplified. More visibility in the dashboard would help in quickly identifying and responding to incidents. Additionally, there should be improvements in AI intelligence, faster decision-making, and a more responsive technical support team.

I have been using Trellix NDR for approximately eight and a half years.

Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents. There is a need for technical expertise, specifically in device control and DLP issues.

The initial setup of Trellix NDR has some complexities, particularly when dealing with big organizations' network design and path.

While I do not handle pricing directly, it is known that there is a variety of customers with different licensing needs, which depends on the organization's size and policy.

Currently, I would rate Trellix NDR as an eight out of ten. There are various opportunities for improving its response capabilities and dashboard visibility to quickly address incidents, which could improve the overall effectiveness of the solution.

The tool helps to reduce client risks.

Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days.

The solution's support needs to improve their support.

I have been working with the product for two years.

The tool is stable. However, it has some monthly limitations.

Trellix Network Detection and Response differs from other products due to its integration.

Trellix Network Detection and Response's deployment is easy and can be completed in a minute.

My team helps with the tool's deployment.

I would recommend the product to others. I rate it a nine out of ten.

I use the solution in my company's daily operations to conduct threat investigations.

The most valuable feature of the solution stems from how it allows users to do the investigation part. Another important part of the product that is valuable is associated with how it gives information to users in the form of a storyline.

In Trellix Network Detection and Response, I suggest having Trellix EDR like features as it currently does not have the feature to add multiple IOCs to search an environment. If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job. In my company, we have to use IOCs daily to search for hashes in our environment, and then we have to put in the IOCs one by one. My company had spoken to Trellix's team to look into the matter concerning IOCs and was told by Trellix that the tool doesn't have a search feature that allows the use of IOCs in one go. The aforementioned area needs improvement in Trellix.

I have been using Trellix Network Detection and Response for two years. I am a user of Trellix.

The product sometimes crashes, but it is up and working most of the time. In general, there is some downtime and certain issues with the product.

I use the product daily in my company.

Multiple people in my company use the product.

In my company, if you face issues with Trellix Network Detection and Response or Trellix EDR, there is a separate team in my organization that offers technical support.

I have almost four years of experience in the area of cybersecurity, and I have used many EDR solutions before Trellix, like Kaspersky and Cybereason. My company decided to use Trellix Network Detection and Response.

I rate the product's initial setup phase a seven on a scale of one to ten, where one is difficult, and ten is easy.

The solution is deployed on an on-premises model.

The product's response capabilities were good. In general, I can say that the solution's response capabilities are neither too good nor very bad, so I can place it somewhere in the medium range.

I rate the tool a five out of ten.

The solution has been in place for quite some time – three or four years. We've renewed it several times, and we upgraded from Gen 3 to Gen 4 hardware at one point as well.

Currently, it's integrated with our firewall and McAfee IPS. We also have network-based sandboxing deployed. It uses static and dynamic analysis engines, so we get alerts if malicious traffic is detected or harmful objects are downloaded.

We've been using their PX solution for packet capture, which is the core of their NDR functionality. But we haven't fully adopted the combined product – NX and PX – yet because they are still separate.

The storage requirements for raw packet capture, especially with our traffic levels, make it quite expensive. And that's true for many security products. I feel like NDR is pretty expensive.

However, this is especially true about raw packet capture for network telemetry – the storage requirements with RAID 0 become quite expensive, regardless of the solution.

We had a serious incident where an attacker attempted a web shell attack on one of our web servers [DevOps server]. We were able to identify that the hackers used a malicious script and tried to target specific files. The hacker also tried to make a copy of some files.

We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. With Trellix, we easily confirmed that there was no lateral network involvement and that nothing else was infected. It helped us correlate the events and feel confident in our containment.

Trellix NDR was effective in that situation.

Morevoer, we've integrated this solution with our SIEM. There's a degree of integration provided by Trellix with their solution, and we're satisfied with that. However, without the SIEM, that's the extent of our integrations at the moment.

We're exploring further options due to organizational shifts towards the cloud, potentially moving away from a hybrid environment. We're assessing SaaS-based SIEM solutions. Trellix has its own offering, Helix, which we've evaluated and even purchased in the past. Ultimately, we discontinued its use. To summarize, our primary integration right now is with our SIEM.

The SIEM integrates well with our threat intelligence sources. We also have some secondary integrations in place. Overall, things are running smoothly.

The in-depth investigation capabilities are a major advantage. When the system flags something as malicious, it provides a packet capture of that activity within the environment.

That helps my team quickly identify additional context that most other tools wouldn't offer – like source IP or base64 encoded data. We can also see DNS requests and other details that aren't readily available in solutions like Check Point or others that we've tried.

The detection itself is solid, and their sandboxing is powerful.

There's a learning curve – you need a strong grasp of OS-level changes, process forking, registry changes, and the potential impact of those. But with that knowledge, the level of information Trellix provides is far greater than what we've seen elsewhere.

The real-time response capability of Trellix has been quite effective, although it's not very fast. The key is this solution's concept of 'preference zero.' They don't immediately act on a zero-day. For example, the solution has seen a piece of malware for the first time. It'll let it in, then do sandboxing. Maybe after four or five minutes, it identifies that specific file's DNX Secure Store as malicious. At that point, they update the static analysis engine, and it gets detected if anything else tries to download the same file.

There is that initial 'preference zero' concept, like with Panda. You may not hold traffic in the network. That's standard in the industry; we don't do much about it. To address that, we also have endpoint solutions. We use SentinelOne in our environment, which helps us identify threats like Western Bureaus and others.

The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless.

STG needs to... I'm not sure what their roadmap is; they've mentioned full integration, but it hasn't materialized yet. Both the McAfee and FireEye engineering teams need to accelerate the process, as it would definitely benefit customers. The integration between Nextiva and Trellix could also use some work.

I have been using it for seven years. I have been involved since the FireEye days. That's when I started working with it.

We're on version 9.1.5.

I would rate the stability an eight out of ten. It's quite stable.

We've upgraded without any major hiccups – I'd rate scalability a nine out of ten. We've smoothly transitioned from a lower-capacity appliance to a higher one. The current appliance supports 2.5 Gbps of traffic, and we're currently handling around 300-500 Mbps without issue. Scalability is definitely there, we've never faced any problems in that regard.

We have approximately 500+ users. However, we also have applications hosted here, along with multiple IPC tunnels. We're using Netskope's Zero Trust Web DNA as well. So, 500+ users, but typical traffic averages around 300 to 400 Mbps.

The customer service and support are really good. Trellix offer multiple contact options – you can call and get immediate assistance from someone in Israel, Singapore, Japan, or even India. Plus, they offer chat support through Teams or Webex.

Trellix's documentation portal is also good.

We've used Forcepoint, NetFlow, SentinelOne, Trellix, Arista…some Splunk, and some Elastic as well. It's a mix of tools across different security domains.

These are all security-focused products. Security is my primary focus.

The initial setup was really straightforward. It took maybe a day to complete the upgrade.

We spent some time getting the prerequisites ready, which took a bit longer, but the actual deployment was very fast.

So you just identify the network where you want to connect it and just plug it in. It only took half a day.

Therefore, the preparation took some time, but the deployment itself was quick.

Handling upgrades:

We have a practice where network device upgrades take priority - starting with the App Firewall and working our way through Web Proxy and so on. We avoid parallel endpoint upgrades as we've had challenges with those.

Trellix releases sandbox system updates yearly, which are fine. Those don't require downtime. However, operating system upgrades are a factor.

We review KBR details thoroughly. Three or four months ago, we went from 9.1.4 to 9.1.5, and we're evaluating a possible upgrade to version 10, perhaps next month.

Generally, we follow the n-1 version strategy. But if there are significant new features in a release, we might upgrade sooner. Overall, it's manageable – we upgrade frequently, and this particular solution hasn't caused downtime issues. Plus, we use DNS-based global [settings/configuration?], so downtime isn't a major concern.

For the deployment process, we needed two or three engineers. The physical appliance mounting and setup require multiple people. Trellix's appliances are very heavy.

The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced. It's a bit on the expensive side, but we don't want to compromise with cheap, less reliable solutions.

We want quality. It's like... you might not opt for the top-of-the-line Apple product, but Samsung is a good choice. We wouldn't go for an Oppo, VIVO or ASUS type of device.

Overall, I would rate the pricing an eight out of ten, with one being expensive and ten being very cheap.

Overall, I would rate the solution a nine out of ten.

Potential customers should definitely evaluate their specific use cases, budget, and commercial considerations. The product itself is good, there's no doubt. But it's essential to understand your use cases – then I'd definitely recommend it.

We use the solution in our servers and workstations for Endpoint Detection and Response.

Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats. The IP devices played a crucial role in blocking and reducing the amount of malicious traffic entering our company. Its endpoint security, EDR, and insights are valuable. The automation functionality, particularly the ability to automatically handle and mitigate detected threats, has proven to be immensely beneficial for our security operations.

Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use.

I have been using the product for 13 years.

I rate the product’s stability a nine out of ten.

We are using Trellix Network Detection and Response on approximately 3,500 servers and 33,000 workstations. I rate its scalability a ten out of ten.

We handle the first-line support for Trellix Network Detection and Response on our own, performing troubleshooting and maintenance. For more advanced issues, we rely on Trellix Network Detection and Response's classic support as the third-line support.

The tool's integration with our existing security infrastructure was not difficult. Following the provided processes made the integration relatively straightforward. Its deployment was not difficult for us. We received support from Trellix professional services, which made the process smoother. The process took two months to complete.

I rate the tool a nine out of ten.

In my company, the solution is used for our endpoints.

The product's integration capabilities are an area of concern where improvements are required.

I have been using Trellix Network Detection and Response for two to three years. I use the solution's latest version.

Stability-wise, I rate the solution an eight out of ten.

Around 1,000 people in my company use the product.

I have not worked with other solutions before Trellix Network Detection and Response.

The installation phase was easy.

The solution is deployed on an on-premises model.

The solution can be deployed in a couple of days.

There are around 15 engineers in my company to take care of the product's deployment and maintenance areas.

Trellix Network Detection and Response has enhanced our organization's in-house capability in the area of threat detection.

Trellix Network Detection and Response worked very well in a scenario where it was used to help my company respond to a network incident efficiently.

The network detection and response capabilities of the product are the most valuable for our company's security operations.

The operation of the dashboards is not problematic in the product.

The network analytics feature of the product helps me in my daily tasks.

The product is user-friendly.

The product did improve my company's time to detect and respond to threats.

My company takes care of the maintenance of the product.

I rate the overall tool a seven out of ten.

We use the product because our customers want to fix a web gateway and NDR so that they can watch the incoming traffic.

The product is very easy to configure. Most of it is automated. We don’t have to configure it manually. It does not have any issues so far.

It is not a very secure product. It doesn’t provide 100% protection. The security must be improved. The tool must provide more integrations with different platforms.

I have been using the solution for about a year.

I have no issue with the solution’s stability.

I have no issue with the tool’s scalability.

The initial setup is straightforward. The deployment took 30 minutes.

To deploy the product, we just need to know the customer network and put it as a gateway or bridge. We just need an IP.

The tool is a bit pricey.

I was involved in the proof of concept. If someone requires the tool for their environment, they can use it. Overall, I rate the solution a ten out of ten.