My main use case for Trellix Network Detection and Response is to detect anomalies within the network to ensure that the NDR functionality is delivering what is expected, so primarily the NDR functionality.

A specific example of how I have used Trellix Network Detection and Response in a project is that it provides visibility for clients, allowing them to see all the traffic within their network infrastructure, detect any security triggers that need to be investigated, and take action to protect the network, ensuring there is no unusual or unwanted behavior or traffic.

The main aspect of Trellix Network Detection and Response regarding visibility is that visibility is very important as it empowers users to understand what is happening; therefore, detection is one of the strongest features of Trellix Network Detection and Response. Based on what we can see or the events we can observe and how the traffic flows, we can take the next action, investigate incidents, have a proper workflow, and assign the right person or agent to take action and prevent threats before jeopardizing the network or data. Visibility is the top feature that needs to be addressed when it comes to detection and response.

The best features that Trellix Network Detection and Response offers are visibility, threat detection, and immediate response, which allows us to take action almost instantly while keeping proof through proper data capture and maintaining logs for future analysis to prevent attacks and ensure that we have the right policies and controls. Having historical data and integrating with other security stack tools also helps; therefore, proper integration with other security tools is also essential.

Trellix Network Detection and Response positively impacts my organization by enhancing our security posture and helping us cover several controls for compliance, as we need to fulfill various security frameworks to maintain our business operations. The presence of Trellix Network Detection and Response assists us in meeting compliance expectations, which is crucial.

Regarding specific outcomes after using Trellix Network Detection and Response, compliance is vital; having Trellix Network Detection and Response implemented is mandatory for several security frameworks, including local and industry-specific ones, making it a crucial component of our cybersecurity strategy.

Regarding needed improvements for Trellix Network Detection and Response, there is always room for enhancement in terms of AI capability to include proactive triggers based on historical data, enabling AI to learn patterns and detect threats before they manifest; this is a significant point to address.

To improve Trellix Network Detection and Response, adapting more AI use cases is essential, such as creating automated incidents for anomalies in traffic that assign themselves to security agents. Automation is vital, and I envision the potential for ready out-of-the-box playbooks for known scenarios to be executed without complex configurations, enhancing automation of known incidents.

I have been managing several projects that include Trellix Network Detection and Response for the last five years, with the most recent project being in the last quarter of 2025.

Trellix Network Detection and Response is stable but occasionally encounters performance issues, which we can fix quickly.

I find Trellix Network Detection and Response to be quite scalable; it depends on the number of users, and we have accounted for that ahead of deployment, which leads me to believe scalability will not be an issue.

Customer support for Trellix Network Detection and Response is excellent, with almost immediate responses to our inquiries.

I have not previously used a different solution, as no system was deployed before.

My experience with pricing, setup costs, and licensing has been satisfactory, although I believe the pricing could be better.

My company does not have any business relationship with this vendor beyond being a customer.

While the return on investment from Trellix Network Detection and Response is not immediately tangible, I feel the benefits concerning an enhanced security posture create a sense of confidence in our security; however, I do not see immediate savings linked to the system.

My experience with pricing, setup costs, and licensing has been satisfactory, although I believe the pricing could be better.

Before choosing Trellix Network Detection and Response, I evaluated other options, specifically exploring Get Watcher.

I would give Trellix Network Detection and Response a rating of ten out of ten.

I give it a ten because it delivers what it promises by providing network detection and response, maintaining logs, offering detailed analytics, and enhancing the system's learning capabilities over time, particularly with the introduction of AI in current and future releases, leading to an ideal NDR deployment expected by customers.

I advise others looking into using Trellix Network Detection and Response to proceed with implementation immediately, as it is one of the best and most trusted brands that deliver on its promises; Trellix Network Detection and Response has been in the market for a long time and is well-known for its customer support and technical capabilities, and those without an NDR should definitely aim for implementation as soon as possible. I would recommend this product with a rating of ten.

My main use case for Trellix Network Detection and Response is utilizing an integrated network IDS and IPS, Network Security Manager, and Network Endpoint Security in infrastructure for enterprise network solutions in enterprise organizations.

A specific example of how I use Trellix Network Detection and Response in my organization is that we have a similar solution to ArcSight HP with an IDS IPS solution and Network Security Manager. We place the sensors in the network's in-out traffic detection path, and all traffic in and out from the sensor is monitored. The sensor responds and produces reports and generates alerts on threats and incidents on Network Security Manager. We categorize alerts into categories such as high, low, critical, and medium. Additionally, Network Security Manager has a built-in firewall, which we use to block attacks and threats.

Regarding how I use Trellix Network Detection and Response, we utilize next-generation firewalls, but the problem was that the firewall could not explore packets or scan the network's anomalies and network traffic, which resulted in a heavy load. Therefore, we placed the sensors on the data center network traffic path, and these sensors perform in-depth inspections, including SSL inspections and network detection response. They possess high-performance CPU capabilities, reducing the load on the firewall by 50 percent while performing detections and scans on traffic, leaving the firewall to handle only packet inspections, packet blocking, and URL blocking policies.

The best features Trellix Network Detection and Response offers are its handling of east-west traffic and east-west attacks inside the internal network and outside the organization. Additionally, there is a built-in firewall, an isolation option, automation alerts via email, sensor health updates, and network traffic segregation. We have different categories and can utilize customized signatures. A standout feature for me is that we can implement policies on different segments and sites independently, ensuring they do not interfere with other policies or sites.

The automation alerts in Trellix Network Detection and Response help us identify vulnerable systems on the network and vulnerable servers that require patches to remove vulnerabilities in our day-to-day operations.

Isolation in Trellix Network Detection and Response works effectively. If an incident occurs, we immediately isolate the system by putting that host in isolation, clean the host, and then perform operations to return the system to normal functionality.

Trellix Network Detection and Response has positively impacted my organization by addressing performance issues, specifically by offloading heavy traffic inspection and SSL inspection through sensors due to the limitations of the firewall. To minimize downtime or outages, we must also use built-in kits for backup ports and failover integrated with the ports.

Minimizing downtime with Trellix Network Detection and Response has resulted in enhanced productivity in our organization because we have deployed these sensors in high availability. In case of one device failure, traffic switches to an alternative path. The sensors provide exceptional performance, capable of performing SSL inspections at high throughput rates with low CPU usage, enabling them to handle significant traffic loads promptly.

I believe Trellix Network Detection and Response can be improved by integrating machine learning into its detection response capabilities. Additionally, incorporating failover kits integrated into the sensors could be beneficial. It would be best if Trellix Network Detection and Response sensors were converted into a next-generation firewall with built-in capabilities for routing, switching, and Layer 7 functionality, as most next-generation firewalls today include these features. While Trellix Network Detection and Response sensors are highly capable, I think it would be advantageous to include features such as Layer 7 profiles, application profile filters, web filters, IDx, IP feature sets, signature detection features, and routing and switching capabilities all in one device.

While the user interface of Trellix Network Detection and Response is very good, I suggest implementing a customizable dashboard. Additionally, there should be report generation for critical attacks and high alert severities, displayed graphically on the dashboard, and providing options to extract files in Excel format for better visibility.

I have used Trellix Network Detection and Response for almost three to four years.

Trellix Network Detection and Response is stable.

Trellix Network Detection and Response is scalable. We can add more sensors and can incorporate VM-based IPS sensors into the environment.

The customer support for Trellix Network Detection and Response is very good. They help and support us promptly, allowing us to resolve issues immediately. I would rate customer support an 8 on a scale of 1 to 10.

We are moving towards next-generation firewalls focusing on performance and features.

I have seen a good return on investment with Trellix Network Detection and Response. It has saved us money and time, and the overall investment has been profitable.

My experience with the pricing, setup cost, and licensing of Trellix Network Detection and Response is that they are very good and affordable for the customer range. However, it would help significantly to have all features packaged together, including firewall, policy implementation, routing and switching, and IDS/IPS functionalities in one device, as customers today prefer having a single device to reduce power consumption, device failure, and outages.

I evaluated other options before choosing Trellix Network Detection and Response, specifically Trend Micro IDS and IPS. That solution did not meet our needs, making Trellix Network Detection and Response the best choice.

My advice for others looking into using Trellix Network Detection and Response is that it provides hardened security in enterprise networks and supports a zero-trust model. They can use Trellix Network Detection and Response sensors separately and address performance issues by handling SSL inspections and packet detections on the sensors while keeping other firewalls focused on policy management.

I would rate Trellix Network Detection and Response a 10 out of 10. It is very good, but I suggest having the sensor equipped with a built-in firewall. I gave this rating because of its performance, operational efficiency, and impressive traffic analysis and detection response capabilities. The standout feature is its handling of east-west attacks within the organization, alongside effective vulnerability patch management.

We use the product because our customers want to fix a web gateway and NDR so that they can watch the incoming traffic.

The product is very easy to configure. Most of it is automated. We don’t have to configure it manually. It does not have any issues so far.

It is not a very secure product. It doesn’t provide 100% protection. The security must be improved. The tool must provide more integrations with different platforms.

I have been using the solution for about a year.

I have no issue with the solution’s stability.

I have no issue with the tool’s scalability.

The initial setup is straightforward. The deployment took 30 minutes.

To deploy the product, we just need to know the customer network and put it as a gateway or bridge. We just need an IP.

The tool is a bit pricey.

I was involved in the proof of concept. If someone requires the tool for their environment, they can use it. Overall, I rate the solution a ten out of ten.