Item: Trellix Endpoint Security ENS
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

Our University uses McAfee Endpoint Security to secure all devices across all its campuses. Each computer connected to the university’s private domain receives a mandatory McAfee client installation. This client is responsible for preventing any cases of malicious activities performed or attempted on the machine. It sends reports to the McAfee e-Policy Orchestration Management System. This console enables us (the security analysts) to remotely manage our endpoints/assets where the Endpoint Security Client is present and is connected to the internet.

Each department in our university, irrespective of their separate policies, has this client installed. The endpoint security client acts like the local antivirus on each machine and prevents malware using its virus database. This makes it easy to detect and prevent at the client level and maintain safety. Although it is a little heavy on some systems and has cases of false positives and false negatives (which is critical in this case), this does a better job than the default Windows defender. With the management console on top, we can force update, run scans, etc on all our endpoints in parallel without manually visiting the respective department. This saves a ton of time and effort.

Pros and Cons

The detection level is better than Windows defender.
The e-policy orchestration management console that comes with it enables us to oversee the devices remotely, run scans on the endpoints, and update their virus definitions forcibly.
It sends regular updates and therefore each endpoints stays safe individually.
Furthermore, it has a very easy to understand interface.

The amount of false detections especially the negative ones needed to be reduced.
It requires more optimization. It tends to make the PCs slower.
It almost doesn't have the ability to heal. This is very important as we need our sensitive data to be recoverable.
It doesn't have any free scanning functionality. Our users using personal machines cannot scan in case of an incident. This could be added like Malwarebytes.

Return on Investment

This tool helped us in delegating the asset safety responsibility to the client level by 80%, leaving 20% for the management console.
With a decent pricing, the benefits are slightly above expectations. The ROI is good.
But, considering most of the malware comes from internet, with a good email security appliance and next gen firewall in place, the online security alerts are now redundant. It could be something that can be termed as overkill on the budget.

Alternatives Considered

Cisco Advanced Malware Protection (AMP) for Endpoints, Cisco Umbrella, Malwarebytes Endpoint Protection and McAfee ePolicy Orchestrator

Compared to its competitors like Cisco, McAfee is cheaper. At the competitive pricing levels, McAfee Endpoint Security does a good job. Although it stacks up finely against decent priced solutions but it doesn't provide superior service if the price limit is scaled down or up. For a lower budget, Malwarebytes totally beats McAfee as it provides a lot of free services and very cheap subscriptions. Once scaled up, Cisco's security ecosystem outperforms McAfee by several-folds. Although it worked well, as per the current situation of our organization, with the expensive Next Gen Firewall, IPS and the Email security appliance in place, I would like to revise the software list and probably go for a cheaper solution.

Key Insights

Do you think Trellix Endpoint Security ENS delivers good value for the price?

Yes

Are you happy with Trellix Endpoint Security ENS's feature set?

Did Trellix Endpoint Security ENS live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Trellix Endpoint Security ENS go as expected?

I wasn't involved with the implementation phase

Would you buy Trellix Endpoint Security ENS again?

Other Software Used

Malwarebytes Endpoint Protection, Cisco Umbrella, McAfee ePolicy Orchestrator, Cisco Advanced Malware Protection (AMP) for Endpoints, LastPass for Business, Slack, Duo Security

Likelihood to Recommend

McAfee Endpoint Security is well suited for all kinds of organizations at different scales. Since it is per endpoint, there is no single point of failure or stress. However, considering the price/performance ratio, it is better for mid-scale, mid-budget organizations. Also, due to its cases of false negatives, it is recommended to be used where data is backed up on regular basis or data loss is highly tolerable. Not to mention, the endpoints must be equipped with enough physical memory, a recent processor and a Solid State Drive. It is little tough on outdated PCs with hard drives as the disk usage goes up and becomes the limiting factor each time a significant amount of data is processed or transferred.

Also, not much technical understanding is needed to use the tool. It is quite friendly. Good for organizations with non-technical employees as well.

Furthermore, if employees use a lot of personal machines outside the university assets, then it becomes a problem as McAfee doesn't provide any free scanning in case of an incident, like Malwarebytes. In this case McAfee doesn't suit well.

Support Rating

It does a great job of detection and prevention at the client level. With the decent pricing, it has a good ROI. However, when it comes to comparison, it doesn't stand well at the extreme ends which are low-scale, low-budget organizations and high-scale, high-budget organizations, just because its competitors are way better than them in that price/performance domain.

Anti-malware endpoint security solution by Intel

Overall Satisfaction with Trellix Endpoint Security