My main use case for Trellix Collaboration Security involves using Policy Orchestrator, email gateway, web gateway, and Trellix sensors, Security Manager, Network Security Manager.
External reviews
41 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Centralized sensors have improved threat visibility and have reduced staffing needs
What is our primary use case?
What is most valuable?
I use Trellix Collaboration Security in my daily operations by utilizing different sites sensors and then integrating security manager, which controls network operations, traffic inspections, packet inspection, deep packet inspection, and SSL inspections.
The best features Trellix Collaboration Security offers include GTI threat intelligence and signatures upgrade database. Since I have integrated GTI and sensors along with network security manager, all sensors share information and reports effectively, allowing me to view attack reports from the dashboard easily.
I can customize dashboards in Trellix Collaboration Security to view information like top attacks, ransomware attacks, and critical high attacks. I can monitor sensor health, attacks, logs that generate, and customize these as per my needs, plus I can add emails and alerts.
I rely on Trellix Collaboration Security because the sensors are highly reliable and high-performance sensors that can handle traffic efficiently. CPU resources are effectively utilized while handling deep packet inspections and SSL inspections. Moreover, there are policies to be on networks, and there is a built-in firewall that I can use to block external attacks.
What needs improvement?
Trellix Collaboration Security can improve by addressing some zero-day attacks and enhancing VM-based protections.
I chose a nine out of ten because some improvements are required, especially concerning East-West traffic or zero-day vulnerabilities. To improve vulnerabilities, Trellix can use an automation process to check if the system is vulnerable.
For how long have I used the solution?
I have worked with Trellix Collaboration Security for over almost four and a half years.
What do I think about the stability of the solution?
Trellix Collaboration Security is very stable.
What do I think about the scalability of the solution?
Trellix Collaboration Security scalability allows me to use sensors on-cloud, on-premises, inside premises, and in a hybrid environment. I can use VM-based environments to effectively stop East-West attacks.
How are customer service and support?
I have interacted with the customer support team of Trellix Collaboration Security. The support team is good overall, though my experience with the Indian support team was not as satisfactory since they did not provide adequate support to rectify issues. I managed to identify and resolve the problem myself.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I previously tried to use the Fortinet solution, but the Fortinet solution was not providing good performance, making Trellix Collaboration Security a better choice for me.
What was our ROI?
I have seen a return on investment with Trellix Collaboration Security; specifically, money was saved and fewer employees were needed because I do not need employees on different sites. I only need a Network Security Manager deployed centrally to control all these sensors from one location.
What's my experience with pricing, setup cost, and licensing?
My experience with Trellix Collaboration Security regarding pricing, setup cost, and licensing was very good, and the setup cost was very cheap.
Which other solutions did I evaluate?
I evaluated other options, including Trend Micro-based sensors, but I found that Trellix Collaboration Security's performance is better.
What other advice do I have?
All is good with Trellix Collaboration Security.
I would rate Trellix Collaboration Security a ten out of ten.
My advice for others looking into using Trellix Collaboration Security is to ensure that data backup is performed before upgrading to the latest version, as Trellix should provide a proper plan for device upgrades and fallback options. Sometimes, if the sensors are located in different locations and the network security manager is positioned elsewhere, data may get corrupted during upgrades. Firmware files may become corrupt, leading to sensor instability, and I would have to go on-site to resolve this. Therefore, Trellix should develop options for sensors to restore firmware remotely in case of failures.
I have additional thoughts about Trellix Collaboration Security. Trellix has various security products working; however, it should improve its design and devices to effectively compete with Fortinet, which is a growing company with diverse, efficiently running products.
Real-time threat response has boosted detection accuracy and reduces manual investigation work
What is our primary use case?
In my field, I have been in the information security area for 17 years, and I am currently working in my position for a year and a half.
I have worked with Trellix Collaboration Security for several years in different outsourcing services before Johnson & Johnson. At BNP Paribas Bank, a French bank, I worked with Trellix Collaboration Security. At Santander Bank, I also worked with Trellix Collaboration Security. Before the banking sector, I worked in a security operations center with Trellix Collaboration Security since the McAfee company.
At Johnson & Johnson, I am not currently using Trellix Collaboration Security. However, before Johnson & Johnson, I worked at Santander Bank where I participated in a project to implement the endpoint in different offices of the bank, coordinating the alignment and sending of policies, tasks, update tasks, and deployment of the new versions of the products.
What is most valuable?
In my experience, the best features related to Trellix Collaboration Security concern the protection against threats. Trellix Collaboration Security has a good solution to protect based on behavior and threat intelligence, reputation, and other features. I appreciated being able to include a malicious hash in the console, and the console then disseminated this information to different databases internally to protect against threats, download of the file for web reputation, and check the malicious activities in the email according to the hashes included in the databases.
Regarding threat intelligence, it helped us with signatures, IOCs, or reports related to geolocation, where we could use it to create correlation in the XDR to block and create a campaign to block different malicious activities based on the historical data published in the threat intelligence and based on reputation. It is very important because it is integrated, so it is not necessary to contact VirusTotal or put the hash in VirusTotal. Instead, I use the database and the threat intelligence from Trellix Collaboration Security. In the past, it helped me a great deal with detecting and confirming whether something was malicious or not.
Another feature I believe is very important is the real-time response capability. It is possible to collect artifacts, run scripts, kill processes, and isolate machines all without leaving the interface. For me, this serves as a bridge between detection and reaction, and it truly makes a difference in the tool.
In my view, Trellix Collaboration Security and other XDRs can help the company elevate the trust in operations. Of course, it is necessary to create automations and integrations with pipelines with CSVs, inventory, normalization of data, and automatically raising incidents for the agents and endpoints. In my view, this reduced manual activities significantly and increased the precision of the indicators. Everything helped the operations team and the engineering team respond more quickly to malicious activities detected. It helped us reduce risks, avoid silent failures, and improve the health in general in the environment. Another important point is that we have an improved security posture because it is possible to treat the findings, adjust policies, and block malicious hashes. With that, we reduced the noise according to the detections, increasing the capacity of prevention and detection. We also improved the resilience of the security tools inside the company.
What needs improvement?
I have had challenges in the past with Trellix Collaboration Security for implementation because of issues related to compatibility. Since we worked in a global company with different operating systems, it was necessary to create different plans and different actions to implement the product.
One thing I really do not prefer in Trellix Collaboration Security is not related to the console. I am a McAfee fan since the McAfee tool, and I find the console of Trellix Collaboration Security to be very user-friendly and easy to use. However, I do not know if it is related to the architecture of the product. Of course, we have modern threats based on behaviors and zero days. We have today CrowdStrike and SentinelOne, where we have better results based on threats and behavior, where it is possible to create a simulation environment based on the file detected and based on it, confirm if it really is malicious or not. In general, I believe Trellix Collaboration Security improved the console based on the last console of McAfee, but I think it is possible to improve more. It really is a good product, but in my view, it needs to improve detection based on behaviors.
Regarding automations, I have implemented Trellix Collaboration Security here at Johnson & Johnson, and I implemented it in the same situation at Santander Bank and BNP Paribas Bank, where I created automations to export data for different metrics, including malicious detections, compliance, baselines, scans, last scans based on the seven days, and checking of patterns. I export everything to CSV files. Based on that, I create Power BI dashboards, and in these Power BI dashboards, I have a more executive view for different metrics to provide to myself, my manager, or director to create an executive view based on it. Another important point we use here at Johnson & Johnson and other companies is a data hub or a SIEM solution, such as Elastic or ArcSight, where we select some logs to be sent and use it to build reports and metrics.
What do I think about the stability of the solution?
Trellix Collaboration Security is stable in my experience, and I agree with this assessment.
What do I think about the scalability of the solution?
Regarding scalability, the strong points of scalability are related to Trellix Collaboration Security's offering and the high availability in a cloud architecture. This creates more possibility to expand without issues. The console is strong and can be used for a large quantity of machines without slowing down. It is possible to improve and create very good scalability. Integration with multiple tools such as email, collaboration platforms, security, and other SaaS solutions is possible through API. This permits the increase of new services without creating a new architecture. It is possible to integrate.
Another aspect is the unified detection and analysis of sandbox, URL, file inspection, and threat intelligence. This creates a more robust increase for a horizontal solution. It creates a good range of use because it really helps a lot. In my view, the limitation about scalability may be related to license and costs. When you include other modules and services, of course, you increase the cost, and because you need to adjust.
How are customer service and support?
Customer support for Trellix Collaboration Security has been very positive in my view. Of course, we have concerns about limitation of support. For example, in evaluations of the AWS marketplace, some users spoke about the new hub created in India and not having good support. However, in my view, I have not had issues with support. I had a great experience with my recent cases opened. My contract of support at Santander and BNP was a platinum support level, and with that, we really had a good experience.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously at Santander Bank and BNP, we were using McAfee. We continued using Trellix Collaboration Security with some improvements. At Johnson & Johnson, we are in transition from Trend Micro Vision One to CrowdStrike. I have had experiences in the past in security operation centers with different solutions. We had good results when we migrated from McAfee to Trellix Collaboration Security. Trellix Collaboration Security is more modern, and in my view, it organizes the structure of the console better.
How was the initial setup?
Another feature I believe is very important is the real-time response capability because it is possible to collect artifacts, run scripts, kill processes, and isolate machines, all without leaving the interface. For me, this serves as a bridge between detection and reaction, and it truly makes a difference in the tool.
What about the implementation team?
I implemented Trellix Collaboration Security here at Johnson & Johnson, and I implemented it in the same situation at Santander Bank and BNP Paribas Bank, where I created automations to export data for different metrics, including malicious detections, compliance, baselines, scans, last scans based on seven days, and checking of patterns. I export everything to CSV files. Based on that, I create Power BI dashboards, and in these Power BI dashboards, I have a more executive view for different metrics to provide to myself, my manager, or director to create an executive view based on it. Another important point we use here at Johnson & Johnson and other companies is a data hub or a SIEM solution, such as Elastic or ArcSight, where we select some logs to be sent and use it to build reports and metrics.
What was our ROI?
We did see a return on investment, mostly related to operational efficiency and incident reduction rather than headcount reduction. The biggest ROI came from gaining visibility and reducing manual work. With Trellix Collaboration Security's endpoint telemetry, policy automation, and faster threat correlation, our team spent around 25 to 35% less time on routine investigations. Tasks that previously required manual log collection or waiting for the user became near real-time. That alone freed up analyst time for deeper work instead of repetitive triage.
We also saw a major reduction in noise. After tuning the ENS and aligning the threat intelligence with real detections, we dropped false positives around 20 to 30%, which directly reduced the number of tickets escalated to security operations. The real-time feature is a good capability, and we had good results in the past based on it because it prevents lateral movement and avoids more expensive downstream impacts, such as re-imaging and downtime.
What's my experience with pricing, setup cost, and licensing?
We did not purchase Trellix Collaboration Security based on the AWS Marketplace.
Which other solutions did I evaluate?
I participated in a recent RFP where we evaluated Microsoft Defender, SentinelOne, CrowdStrike, and Proofpoint to check and create a comparison.
What other advice do I have?
My main advice for others about Trellix Collaboration Security is to go with a clear understanding of what you actually need. Trellix Collaboration Security really is powerful, but it is not a plug-and-play product. The value really shows up when you tune policies, integrate multiple collaboration channels, and leverage the threat intelligence and behavioral analysis model. Make sure you have the internal capacity for configuration and ongoing tuning. If your environment is complex with multiple SaaS tools, file sharing, and cross-tenant collaboration, it is necessary to create a plan for proper setup. Once configured, the detection depth and cross-layer correction are really strong. In short, it is a powerful platform, but it rewards teams that prepare, tune, and manage it well.
Regarding integrations, Trellix Collaboration Security has good integration with a large list of products, and it is possible to integrate. Performance and integration are good, and support in my experience has provided good results during telephone calls and email requests. For public and private cloud, we had good results, but I prefer to work with the console of Trellix Collaboration Security as a SaaS solution, and it helped in the deployment for cloud, hybrid, or on-premises environments. It depends on the internet link, but in my last experience with Trellix Collaboration Security, I did not have issues related to deployment using the security solution in a cloud environment. We reached a good result during the deployment of new versions and new products without creating a saturation of the link.
Regarding deployment, we used AWS as the main solution here and at Santander Bank. It is the same at BNP Paribas. In the last three experiences I have had, we used AWS.
My review rating for Trellix Collaboration Security is an 8 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Email protection solidifies threat coverage and fulfills customer needs
What is our primary use case?
I have worked on Email Security both on-premises and in the cloud, Web Security, and also on MDR, which is called HX endpoint security for Trellix Collaboration Security. I am familiar with the File Analysis system as well. It actually depends on the use case and whether the email system is on the cloud or on-premises. Our focus is on what is required for the customer based on security policies. Most of the time, it's not dependent on one factor but rather a package.
What is most valuable?
The entire system is stable and delivers what the customer needs. Trellix Collaboration Security is valued for being a stable and comprehensive solution that fulfills customer needs. Despite not being able to use it for complete on-premises email security, it is effective for sandboxing and new threat coverage, working as a standalone solution without needing to integrate with other systems.
What needs improvement?
I would like to see the addition of email digital protection features, such as anti-spam and antivirus, not just sandboxing, in the on-premises solution.
For how long have I used the solution?
I have been working with the Email Security product for more than ten years, about fourteen to fifteen years. In Trellix Collaboration Security in general, I have been involved for about twelve years.
What was my experience with deployment of the solution?
There were no deployment issues.
What do I think about the stability of the solution?
Trellix Collaboration Security is very stable. There were no stability issues for me recently.
What do I think about the scalability of the solution?
I do not find it limited for the technology. There’s an area not limited for the vendors, and there is nothing new in terms of limitations.
How are customer service and support?
I would rate them as a 1.5. The new hub created in India is not good.
How would you rate customer service and support?
Negative
Which solution did I use previously and why did I switch?
I worked with Forcepoint and Cisco IronPort. Trellix Collaboration Security cannot be used for full security on-premises for email security unlike other products, but it does meet the needs.
How was the initial setup?
The setup is straightforward.
What about the implementation team?
I am involved in the implementation and troubleshooting as well as in sales and presales, making opportunities for my account manager colleagues.
Which other solutions did I evaluate?
I worked with Forcepoint and Cisco IronPort.
What other advice do I have?
Trellix Collaboration Security came to fill a gap in areas not filled before. Multiple security layers are needed to protect email and web security, like firewall, web security, and email security. Some gaps needed filling, like new threats covered by Trellix Collaboration Security, which works as a standalone and doesn’t need integration with other solutions. I would rate it as nine out of ten.
Provides strong data protection with virtual patching and vulnerability assessments
What is our primary use case?
I primarily use it to monitor database access, particularly in banking and similar environments. It ensures that IT personnel and others do not create unauthorized accounts or users. Collaboration security assists in tracking database access and alerts in case of suspicious activity.
What is most valuable?
One of the most valuable features is the protection against vulnerabilities, particularly through virtual patching. This ensures that I am safe from potential threats affecting database security.
Another significant feature is the vulnerability assessment, which is effective for overall data protection.
What needs improvement?
There is a need for improved integration with totally different products, such as a rapid server. This is currently challenging since the management console becomes overloaded with logs, which complicates troubleshooting.
For how long have I used the solution?
I have been working with Trellix Collaboration Security for ten years.
What do I think about the stability of the solution?
Sometimes, integration can be challenging, impacting its stability, which is why I rate it a five out of ten.
What do I think about the scalability of the solution?
I rate it an eight out of ten. Scalability benefits me by allowing for growth, although sometimes adding users can be difficult due to licensing.
How are customer service and support?
The support isn't bad, but there is room for improvement in response time. Initially, I must generate a ticket, and then it gets escalated through tiers if the issue isn't resolved.
How would you rate customer service and support?
Neutral
How was the initial setup?
For me, setup is easy because of my extensive experience. I rate it ten out of ten.
What's my experience with pricing, setup cost, and licensing?
The price is high at eight out of ten. It is quite expensive and should be reconsidered.
What other advice do I have?
Before installing, consider potential challenges with system performance, especially when integrating multiple tools, which could slow down performance. Overall, I rate the solution with an eight due to its impressive performance, however, integration with other systems needs improvement. My overall product rating is an eight out fo ten.
Out of data and hard to manage
What do you like best about the product?
This tool was hard to manage, and we are glad that we no longer have to support it in our environment.
What do you dislike about the product?
Hard to manage. No parsers ever available for new products we would wish to send logs for. Every feature request or parser request turned into a Pay to uprgade instance. The interface is from the 80s, and hard to find everything.
What problems is the product solving and how is that benefiting you?
None at all
Trellix Enterprise Security Manager helps us to detect the malwares and Threats and help mitigate
What do you like best about the product?
Trellix Enterprise Security Manager helps us to detect the malwares and threats and helps us to mitigate them promptly with mininal efforts
What do you dislike about the product?
Sometimes it responds very slow. Due to slowness, sometimes we stuck to responds to threats promptly
What problems is the product solving and how is that benefiting you?
Trellix Enterprise Security Manager detects threats based on the rule engine and alerts us for any kind of threats. It can help detect the ongoing threats and mitigate them.
McAfee Enterprise Log review
What do you like best about the product?
McAfee Enterprise Log search is best security tool
It is having instant access to log data from various sources
And it is filtering options to quickly identify specific events or patterns
It can able to handle large volume of log data from diverse sources
It integrates with other McAfee solutions and third party tools
It is having features enabling security teams to monitor investigate and respond to the security incident
It is having instant access to log data from various sources
And it is filtering options to quickly identify specific events or patterns
It can able to handle large volume of log data from diverse sources
It integrates with other McAfee solutions and third party tools
It is having features enabling security teams to monitor investigate and respond to the security incident
What do you dislike about the product?
McAfee enterprise log search can be costly solution especially for large scale deployments organisation with the limited budgets
It is difficult to effectively communicate insights to the non technical stakeholders
It requires significant training and expertise for new users
Large volume of lock data can impact search performance leading to slower query results
Integration with diverse log sources and customization of dashboards and reports can be time consuming and require technical expertise
It is difficult to effectively communicate insights to the non technical stakeholders
It requires significant training and expertise for new users
Large volume of lock data can impact search performance leading to slower query results
Integration with diverse log sources and customization of dashboards and reports can be time consuming and require technical expertise
What problems is the product solving and how is that benefiting you?
Helping to prevent data beaches by identifying suspicious activity and vulnerability
Offering centralised flat form for law collection analysis and reporting improving security teams
Identifying potential security threats in real time
It is giving incidence response enabling rapid investigation and analysis of security incident
Offering centralised flat form for law collection analysis and reporting improving security teams
Identifying potential security threats in real time
It is giving incidence response enabling rapid investigation and analysis of security incident
Has an easy implementation phase to deal with for users
What is our primary use case?
Ideally, I don't manage the installation, but I do manage the security part. I am responsible for defining security-based best practices and implementing them in our company's environment.
I know about Trellix (formerly FireEye) Endpoint Security HX. I use Trellix Network Security (NX) for network security and devices, while Trellix (formerly FireEye) Endpoint Security HX is used for email security requirements.
What is most valuable?
My experience with the product is good. One of the valuable features of the product stems from the fact that it is easy to implement the tool in our environment.
What needs improvement?
Technology is an area that is evolving every day. As changes are introduced on a day-to-day basis, I feel that my company should evaluate the products we use. In general, our company should make the tool more robust to protect our systems.
For how long have I used the solution?
I have been using Trellix Collaboration Security for more than three years.
What do I think about the stability of the solution?
Stability-wise, I rate the solution a nine out of ten.
What do I think about the scalability of the solution?
Considering the number of people on my team, which is huge, I feel the scalability part is good.
Around 2,00,000 people use the product in my company.
The product is extensively used in my company.
Whether my company plans to increase the number of users of the product or not is something that depends on the growth of the organization.
How are customer service and support?
The solution's technical support is good and supportive when it comes to my interactions with them.
Which solution did I use previously and why did I switch?
I also use Office 365 and Exchange Online Protection (EOP).
How was the initial setup?
The product's implementation phase is easy. When it comes to the implementation part, it is always better to go with some kind of automation process. Automation process can ensure a 100 percent implementation success rate in our company's environment.
The solution is deployed on an on-premises model.
What's my experience with pricing, setup cost, and licensing?
When it comes to the licensing model, my company mostly purchases the five-year license model. I rate the product price as nine out of ten, where ten is the most expensive, and one is the cheapest. There is no need to pay any extra charges apart from the licensing costs.
What other advice do I have?
I primarily use the product in our daily security operations since it is implemented in all of our company's systems and is used in our environment.
Normally, email security tools like FireEye or Trellix help to protect ourselves from spam, malware, and other email-oriented threats. The tool is used extensively in our company's environment. It is more like a collaboration email security that is used in our company.
Whether my company plans to increase the number of users of the product or not is something that depends on the growth of the organization.
I recommend the product to those who plan to use it.
The product is stable and reliable, considering the results my company gets out of it.
When it comes to Trellix or FireEye Endpoint Security (HX), the tools offer antivirus as well as the modern real-time security feature, which is used to automate the detection and protection of the endpoints against all the security threats that are currently there in the industry.
I don't see any challenges with the integration part of the product, but since a different team manages it, I don't have visibility into it.
In terms of the value offered by the product, the solution does help our company protect data and the complete infrastructure.
I rate the tool a nine out of ten.
One of the best endpoint protection in the Market!
What do you like best about the product?
The thing that I like best about MVISION ePO is how it helps me managed my McAfee Solutions in our organization. It helps me automate our organization workflows thus reducing the time and task that is needed for the investigation and triaging.
What do you dislike about the product?
The only downside that I dont like about mvision ePO is how complicated it is to configure especially if you don't have any necessary training with regards to this solution.
What problems is the product solving and how is that benefiting you?
MVISION ePO's ability to address these cybersecurity challenges helps enhance our organization's security posture, minimize risks, and safeguard sensitive data and assets, ultimately contributing to our business continuity and reputation.
Nice product
What do you like best about the product?
Minute logs allows to manage and troubleshooting issues at less time
What do you dislike about the product?
It consume some space but it's worthy. Really recommend
What problems is the product solving and how is that benefiting you?
Whenever we face issue we Checks logs and do analysis what is the root cause for the issue
showing 1 - 10