Datadog vs. Trellix Network Security

As per my experience, Datadog is best suited for complex, cloud-native environments where unified observability is critical, as it integrates seamlessly with AWS and Azure. Moreover, it provides deep visibility into latency and error rates. Datadog pricing is less appropriate for Startups with a tight budget and for organizations needing advanced incident management.

It’s a dedicated Network Advanced Threat Detection and
Prevention solution. Easy maintenance and low operating costs fit perfectly for
SMEs. Variety of appliance selection makes NX the perfect choice for large
enterprises. As it’s a dedicated solution with its own appliance, price is higher
compared to NGTP add on solutions. FireEye is an ecosystem therefore when you’ve
the EX or HX vice versa, you should be looking to NX. Otherwise, you’re missing
the threat intel exchange on the network side reverse is the true. Sizing is
important before the purchase, if you select a low end model for a busy network
you lose your initial investment. For multiple NX deployments I highly
recommend CMS. Without CMS you’ll lose the threat intel exchange and this will
negatively reduce the risk scores.

Incentivized

• The thing which Datadog does really well, one of them are its broad range of services integrations and features which makes it one step observability solution for all. We can monitor all types of our application, infrastructure, hosts, databases etc with Datadog.
• Its custom dashboard feature which helps us to visualize the data in a better way . It supports different types of charts through those charts we can create our dashboard more attractive.
• Its AI powered alerting capability though that we can easily identify the root cause and also it has a low noise alerting capability which means it correlated the similar type of issues.

Incentivized

• Advanced detection of targeted attacks.
• Mandiant team effort is a big plus.
• Inline mitigation capabilities particularly well.
• Different deployment models for specific needs.
• License and information sharing selection 1 way or 2 way mode.
• Frequent updates.
• Low false positive rates.
• FireEye sandboxing is immune to sandboxing attacks.
• Central management (CMS) capabilities for managing several NX's.
• Extra IPS/IDS functionality in the product.
• Smartvision specific to lateral movement detection.
• Upgrades and updates with zero down time.
• Local FireEye support is superb.
• Multiple deployment scenarios (span, inline) in the same NX for different interface pairs.
• SSL inspection support.
• No need to maintain, build or updates the images. It's highly automatic.

Incentivized

• In my experience, .NET Tracing Agent caused severe and untraceable performance issues
• In my opinion, usage and billing structures were opaque and surprising
• In my experience, documentation was incomplete, contradicting or sometimes completely wrong, even for common infrastructure (AWS Fargate)
• I feel support was unhelpful at times, and bounced us back and forth to other teams
• In my opinion, multiple methods of sample rate control were ineffective, adding to excessive usage and cost

Incentivized

• Very first detected APT sample can pass the NX even it's inline blocking mode.
• Performance optimization for busy networks is cumbersome.
• CMS does not provide all the management capabilities, CLI or local config. Should be done for advanced customization.
• Constant limitations of tcpdump/ packet capture for 10G interfaces.
• IPS functionality is a bit cumbersome, not a full feature IPS, lack of signatures and customization of IPS signatures.
• It's not a full NDR solution or a UBA solution.
• Lack of device or user mapping.
• Forensics is based on the specific APT. May not provide the whole story and need some additional tools.
• You cannot make manual submission to NX (needs AX).
• You cannot access the kernel directly for deep analy[sis] or troubleshooting (assist from FireEye Support should be taken).

Incentivized

Definitely will not revisit after our issues and, in my opinion, poor support.

Incentivized

There are so many features that it can be hard to figure out where you need to go for your own use case. For example, RUM monitoring us buried in a "Digital Experience" sidebar setting when this is one of our key use cases that I sometimes struggle to find in the application. It appears that ECS + Fargate monitoring was recently released which is great because we had to build a lambda reporting solution for ephemeral task monitoring. But this new feature was never on my radar until I starting clicking around the application.

Incentivized

The support team usually gets it right. We did have a rather complicate issue setting up monitoring on a domain controller. However, they are usually responsive and helpful over chat. The downside would be I don’t think they have any phone support. If that is important to you this might not be a good fit.

Incentivized

Documentation was difficult to work through, rollout was catastrophic (completely outage)

Incentivized

Our logs are very important, and Datadog manages them exceptionally well. We frequently use Datadog services for our investigations. Use case: Monitor your apps, infrastructure, APIs, and user experience.


Key features:


Logs, metrics, and APM (Application Performance Monitoring)


Real-time alerting and dashboards


Supports Kubernetes, AWS, GCP, and other integrations


RUM (Real User Monitoring) and Synthetics





✅ Best for backend, server, and distributed systems monitoring.

Incentivized

FireEye NX is a solid product. It gives you sustainable
security throughout the organization. NX detection engines are more capable
compared to others. Its catch rate is higher, FP rate is lower, [and] speed is
awesome. NX can work for highly regulated environments with 1 way solution.
Operation costs are much lower. Software quality is very good. It may have bugs, but these bugs do not compromise the security in general. SOC team loves the
FireEye NX for its pinpoint detection capabilities. Local and partner support
is exceptional.

Incentivized

• Saved us (time & money) from developing our own monitoring utilities that would pale in comparison
• Alerts allow us to remedy issues before our customers even know about them
• Tracking resource usage over time allows us to better plan for future needs, before it becomes a pain-point.

Incentivized

• As [a] financial company on the digital markets, we need to be safeguard for 0days and targeted attacks. FireEye NX provides the best updated protection with its enhanced capabilities.
• Security score based on detection/prevention metrics [is] very high ensuring the highest level of security.
• APTs in our region successfully detected and mitigated by the NX.
• For the ROI, in a six month period FireEye is paying off its [investment].
• One negative thing, especially with increasing network bandwidths, [is that] you need to make [the] investment every two or three years.

Incentivized