Tuesday, September 26, 2023

Trellix ePolicy Orchestrator review

Trellix was formed in 2022 from a merger between cybersecurity titans FireEye and McAfee Enterprise. The company offers a number of network solutions and has been involved with detecting and preventing major hacks.

Trellix ePolicy Orchestrator (ePO) describes it as "A centralized security management platform that helps orchestrate and manage your endpoints, from a single console."

One point of note is that Trellix ePO (hereafter referred to as 'ePO') shouldn't be confused with Trellix Endpoint Security (ENS) or the Trellix Endpoint Security Suite. We e-mailed Trellix twice to request a trial version of ENS but received no response, so decided to review the trial version of ePO instead.

The question still remains though: is ePO one of the best endpoint software platforms out there? Read on to find out more.

Trellix ePolicy Orchestrator: Plans and pricing

(Image credit: Trellix)

Trellix ePolicy Orchestrator: Plans and pricing

Trellix offers a very generous 60-day free trial of all ePO features. Interested parties only need to provide their contact information to receive a confirmation link automatically. 

Unfortunately if you're looking for a per-device cost breakdown, you'll be disappointed as the main product page only suggests you speak to an 'expert'. We felt this was a shame, as we imagine IT Managers would not only like to gain a rough guide to pricing as well as understand payment models e.g. monthly vs annually.

This is all the more confusing, given that Trellix actually does have its own online store, listing prices for various products including Trellix Complete Endpoint Protection for Business for $112.57 per license. This price allows you to use the product indefinitely plus one year of support but it's unclear if the same is true for Trellix ePO.

Although we didn't avail of this option, you can also fill in a contact form to request a demo of Trellix ePO in action.  

Trellix ePolicy Orchestrator: Features

(Image credit: Trellix)

Trellix ePolicy Orchestrator: Features

Having distinguished between Trellix ENS and Trellix ePO, we should explain that while ePO is a managed endpoint security solution, it isn't an EPP (Endpoint Protection Platforms) per se. In other words it doesn't contain its own NGAV (Next Generation Antivirus) or standalone firewall

We've encountered endpoint security solutions like these before and the best way to describe them is that they're based on the premise of "prevention is better than cure." In other words through regular updates and granular policies, combined with strict application controls threats can't gain a foothold in the first place.

That said, the helpful datasheet on the Trellix website points out that ePO can be used to easily manage the native controls of Windows Defender, so endpoints aren't left helpless in case of infection.

Trellix describes the platform as a "single pane of glass", from which you can view data from multiple sources in a simple interface. Despite the flowery language, it's clear that Trellix have gone to some lengths to display a broad summary of risks, policies and other key data for endpoints.

The platform also boasts "unrivalled threat intel." Specifically it uses Threat Intelligence Exchange (TIE) and Advanced Threat Defense (ATP) integrations to sandbox threats to prevent attacks before they occur. 

The main website also claims that ePO can integrate both Trellix and third-party products. The platform does indeed have a list of other Trellix products and from research online we found users who claimed to have integrated it with Microsoft 365 Defender.

From reviewing the 'main repository' on the ePO platform, we saw agent software was available for Windows, macOS and Linux.

Trellix ePolicy Orchestrator: Setup

(Image credit: Trellix)

Trellix ePolicy Orchestrator: Setup

After registering a for a trial account with Trellix, users are asked to create a strong password (over 10 characters, using numbers, upper and lowercase letters and at least one symbol.)

After login you're taken to the 'XConsole' , which began by showing us some of the latest new features. This included the ability to switch between a 'light' and 'dark' theme, an upgraded notifications area and a dedicated Favorites bar.

As impressive as this was, we were unable to go any further. Each time we chose the 'Product Deployment' or 'System Tree' options we saw a message saying, "An unexpected error has occurred". 

This is a concern, as were keen to check how quick and easy it is to deploy agent software on endpoints on behalf of TechRadar readers. We tried to check Trellix's online documentation to make sure we were in the right place to install the agent software and wee directed once again to the 'System Tree' but it failed to load. 

We assumed there must be a glitch on our end, so tried disabling our VPN connection and trying with a different device, only to see the same message. We can only assume that the issue was on the Trellix end, though we encourage readers to register for a trial and try the platform for themselves, as this may well have been a temporary issue. 

Trellix ePolicy Orchestrator: Interface

(Image credit: Trellix)

Trellix ePolicy Orchestrator: Interface

Despite being unable to set up any managed endpoints, we were still able to gain a good feel for the 'XConsole' interface. We aren't entirely sure why it's not named the 'ePOConsole' but still the main dashboard provides a number of useful infographics of key information such as product deployment incompatibility.

We were especially impressed by the 'Protection Workspace', which displays clear indicators of vital numbers like the number of data protection incidents, resolved threats and escalated devices. This workspace was logically divided between 'Data Protection Overview' and 'Compliance Overview'. From here you can also access other options like the 'Policy' and 'Tag' catalogs, as well as the 'Dashboards'.

We've already mentioned the welcome inclusion of a Favorites bar. This is because the menu option at the top left contains a huge number of other options. Still these are grouped sensibly into categories. For instance the 'Reporting' category lists options to access the Dashboard, Server Log and Audit Task Log.

We particularly enjoyed the 'Trellix Marketplace'. While not integral to the running of ePO itself, it's an excellent way to navigate the various solutions offered by Trellix. The company's "Insights" program caught our eye, as it details real-time threat intelligence. Various extensions like 'Gateway' were also listed, though there didn't seem to be any simple way to integrate them with the ePO platform. 

Trellix ePolicy Orchestrator: Performance

(Image credit: Trellix)

Trellix ePolicy Orchestrator: Performance

At TechRadar we like to subject products we review to rigorous testing, so that readers can benefit from an unbiased opinion instead of just what you can read in online brochures. Given our difficulties with deployment, we were unable run our usual tests but even if this had gone ahead, it's unlikely that our standard tests would be fair.

This is because when we review endpoint security platforms, we deliberately introduce a fake computer virus and a real one to our test machine to check if the agent software detects and quarantines it.

For endpoint security solutions like ePO this isn't a fair test, as they don't claim to have malware scanning capabilities per se. Still, through careful policy management and application control, it's possible to prevent malware from running in the first place. This particular platform can also apparently integrate functionality from other Trellix/third-party products, though we couldn't see a way to get this working during our (admittedly brief) tests.

We can only suggest that readers take advantage of the 60-day free trial to see if they can set up and deploy ePO on their own endpoints in a safe way.

Trellix ePolicy Orchestrator: Final verdict

Given the difficulties we had setting up endpoint devices, it's difficult for us to cast judgement about how effective a platform Trellix ePO is for managing your organization's own devices. It's certainly a far cry from McAfee MVISION, which by all accounts was a breeze to set up and deploy.

We do know that Trellix has a wide range of endpoint security solutions such Trellix ENS, which do contain features for detecting and preventing threats like malware, ransomware and fileless attacks. 

These products also feature policy control. With all due respect to those security solutions that do use policy controls to prevent threats, we can't help but feel your endpoints are safest when this is coupled by scheduled scans, machine learning and correct firewall configuration. 

This said, Trelli ePO is ostensibly compatible with other products like Windows Defender, so it may be possible to integrate malware detection into the platform. When viewing the online store, we also spied 'Trellix Protect Standard' which can also detect malware threats. Given that Trellix claim ePO can integrate other products, it may be able to scan for threats in-house too.

If, your IT Managers are willing to take the time and trouble to set up Trellix ePO in the this way, it may offer a less resource-intensive solution than traditional EPPs. 

We've listed the best patch management software.

0 comments:

Post a Comment

!!!!!!!!!!

Popular Posts

Categories

Blog Archive