We performed a comparison between Elastic Security and Trellix Active Response based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product's initial setup phase is very easy."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"The most valuable feature is the analysis, because of the beta structure."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"Impressive detection capabilities"
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"NGAV and EDR features are outstanding."
"We've found the initial setup to be quite straightforward."
"The scalability is good. It can be scaled easily in the production environment."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"It's open-source and free to use."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"It's a little lighter compared to the older version, which was mostly signature-based."
"The solution is scalable."
"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."
"I haven't seen the use of AI in the solution."
"We find the solution to be a bit expensive."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The SIEM could be improved."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"The solution does not have a UI and this is one of the reasons we are looking for another solution."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"While the product is good, we are currently facing support issues."
"There are some components on the cloud that should also reside in the on-prem deployment models but don't."
"I also expected Active Response 's user interface to be much more analytical."
Earn 20 points
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 59 reviews while Trellix Active Response is ranked 58th in Endpoint Detection and Response (EDR). Elastic Security is rated 7.6, while Trellix Active Response is rated 6.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trellix Active Response writes "Lighter with good stability and pretty good technical support". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Trellix Active Response is most compared with Trellix Endpoint Security (ENS) and Trellix Endpoint Detection and Response (EDR). See our Elastic Security vs. Trellix Active Response report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.