Is Trellix EDR and the wider Trellix stack still worth it?
Posted by Smooth-Path-7326@reddit | sysadmin | View on Reddit | 3 comments
I’m looking for feedback from anyone who has worked with Trellix EDR and ideally the broader Trellix stack.
A few things I’d love to hear about: * How does the EDR perform day to day compared to other platforms you’ve used? * What pitfalls or gotchas did you run into during rollout or operations? * For those managing different setups, how does on prem compare to SaaS, and has anyone run it successfully in a fully air gapped environment?
Just the practical pros and cons, war stories, and lessons learned from real deployments.
Thanks in advance.
sharkstax@reddit
We have Trellix on our air-gapped infrastructure. It was rolled out before I joined based on an evaluation of the compliance team and I hate managing it. My advice: run away from it while you still can.
MrYiff@reddit
We were using Trellix but ditched it for SentinelOne a few years ago, it was an absolutely ballache to manage sanely, constantly needing tweaks to detections or things causing apps to break or slow down.
I spent a week on a training course for Trellix and still wasn't happy managing it even after I had rebuilt our entire environment.
About the only maybe semi benefit of Trellix is if you had your own advanced Infosec team that regularly builds custom detection rules as Trellix has a lot of options for this.
SentinelOne has just been so much easier to deal with, much more manageable set of options and documentation about what they do. Occasionally we get false positives but it's like a once a month task vs multiple weekly investigations into issues with Trellix.
With S1 I think I had us onboarding test devices within a couple of hours of getting access and had it rolling out to the business pretty fast.
981flacht6@reddit
Usually trellix clients are really large customers. We used it at my last place, unfortunately I didn't get to administer it, just install clients.
They were forced to switch from Sentinelone to Trellix as their contracts team switched everyone (gov w a decentralized IT system).
All I know is my team that was using S1 def preferred that over Trellix.