XDR · Cybersecurity · Enterprise
Trellix (Formerly FireEye) XDR Review
Trellix is a privately held extended detection and response (XDR) company formed in January 2022 through the merger of McAfee Enterprise and FireEye, under the ownership of Symphony Technology Group. Headquartered in Plano, Texas, Trellix delivers an open, native XDR platform covering endpoint, email, network, cloud, and data security. Unlike point-solution vendors, Trellix's architecture is designed to correlate telemetry across all of these layers simultaneously, with AI and machine learning built into the detection engine rather than layered on top.
Quick Facts — Trellix
| Category | Detail |
|---|---|
| Full company name | Trellix (a Symphony Technology Group company) |
| Headquarters | Plano, Texas, USA |
| Founded | 2022 (as Trellix; FireEye origins trace to 2004) |
| Primary product | Trellix XDR Platform |
| Architecture | Cloud-native (SaaS); on-premises and hybrid options available |
| Global PoPs | Not publicly disclosed — verify with Trellix channel contact |
| UK presence | UK subsidiary registered in Manchester (Trellix Ltd, Companies House No. 13743906) |
| SASE capability | None — SASE/SSE products moved to sister company Skyhigh Security |
| SD-WAN capability | None |
| Target market | Mid-market and Enterprise (SMB via AWS competency) |
| UK channel | Both (direct and partner — BT is a global services partner) |
| Gartner position | Niche Player — 2025 Gartner Magic Quadrant for Network Detection and Response |
What Netify Thinks
Trellix brings genuine depth in threat intelligence — its Advanced Research Center tracks nation-state activity at scale, and the Wise platform processes data from over 100 million endpoints daily. This is meaningful coverage that smaller XDR vendors cannot replicate.
Strengths
- Threat intelligence depth: The Advanced Research Center tracks nation-state activity at scale, and the Wise platform processes data from over 100 million endpoints daily.
- FireEye heritage in sandboxing and NDR: The vendor's background in network detection gives it a credible pedigree for organisations in critical infrastructure, government, and industrial environments. Its 2025 inclusion in Gartner's inaugural NDR Magic Quadrant reflects this.
- Integration breadth: Trellix Helix connects to over 650 third-party tools and data sources, which matters for organisations with existing security stacks that need a consolidation layer rather than a rip-and-replace.
Weaknesses
- Customer experience concerns: Reviews on Gartner Peer Insights and independent forums flag high resource consumption, support response delays, and SLA misses. These are operational risks prospective buyers should pressure-test during a proof of concept.
- No SASE or SD-WAN capability: The SSE product line was spun out to sister company Skyhigh Security in 2022. Organisations looking for a converged SASE architecture must use both vendors separately, which adds procurement and integration complexity.
- Gartner Niche Player position: Gartner placed Trellix as a Niche Player in the inaugural NDR Magic Quadrant (May 2025), noting that recent updates have largely kept pace with the market rather than leading it.
Verdict: Trellix is best suited to large enterprise and public sector organisations that already run a multi-vendor security stack and need a powerful correlation and detection layer with deep threat intelligence — particularly those with OT, industrial, or government compliance requirements. It is less well suited to organisations seeking a single-vendor SASE or lean XDR deployment.
Pros & Cons
Pros
- Deep threat intelligence — Advanced Research Center tracks nation-state activity at scale
- Trellix Wise platform processes data from 100 million+ endpoints daily
- Trellix Helix integrates with 650+ third-party tools and data sources
- FireEye heritage in sandboxing and NDR — strong for critical infrastructure and government
- ISO 27001:2013, ISO 27017, ISO 27018, and ISO 27701 certifications
- UK legal entity (Trellix Ltd, Manchester) with BT as global services partner
Cons
- High resource consumption and support response delays flagged by Gartner Peer Insights reviewers
- No SASE or SD-WAN — SSE spun out to sister company Skyhigh Security (adds vendor complexity)
- Gartner Niche Player in inaugural NDR Magic Quadrant (May 2025) — not a Leader position
- Customer count updated to 40,000+ (original 53,000 figure was overstated)
Frequently Asked Questions
What is Trellix?
Trellix is a global cybersecurity company formed in January 2022 through the merger of McAfee Enterprise and FireEye, owned by Symphony Technology Group. The company specialises in extended detection and response (XDR), delivering an open, AI-powered platform that correlates threat data across endpoint, network, email, cloud, and data environments to detect and respond to advanced cyber threats.
How much does Trellix cost?
Trellix pricing is modular and varies significantly by product, deployment size, and contract length. Based on published list pricing (12-month contracts), indicative figures for UK buyers include: Trellix XDR at approximately $60.00 per user/year; Trellix EDR at approximately $54.54 per user/year; Trellix EDR Premium at approximately $145.98 per user/year; Trellix Advanced (endpoint) at approximately $118.44 per user/year; Trellix Complete (endpoint) at approximately $366.08 per user/year. Volume discounts apply for deployments of 250 to 10,000+ endpoints. Trellix Thrive Essential support is included at no additional cost with all software subscriptions. Note: pricing is USD list — UK buyers should request GBP pricing directly from Trellix or a UK reseller such as BT.
Is Trellix suitable for UK deployments?
Trellix has a UK legal entity (Trellix Ltd, registered in Manchester) and operates through UK channel partners including BT. On data residency, Trellix supports flexible deployment options including on-premises, private cloud, and hybrid configurations, which can assist organisations with UK GDPR data localisation requirements. Trellix also holds ISO 27001:2013, ISO 27017, ISO 27018, and ISO 27701 certifications. UK buyers should note that Trellix does not offer native SASE or SD-WAN — those capabilities sit with sister company Skyhigh Security.
How does Trellix compare to CrowdStrike?
Trellix and CrowdStrike represent different approaches to XDR. Trellix focuses on broad telemetry correlation across endpoint, network, email, cloud, and data layers with strong OT/ICS coverage, while CrowdStrike is cloud-native and primarily endpoint-first. Note: comparative claims about system impact and false positive rates originate from Trellix-published data and should be treated as vendor claims rather than independently verified figures.
| Category | Trellix | CrowdStrike |
|---|---|---|
| Platform focus | XDR across endpoint, network, email, cloud | Cloud-native EDR / XDR (endpoint-first) |
| SASE capability | None (SSE via sister company Skyhigh Security) | None (integrates with third-party SASE vendors) |
| Threat intelligence | 4,400+ tracked campaigns; OT/ICS coverage | Strong; primarily IT-focused |
| Industrial / OT security | Strong — validated for SCADA/ICS environments | Limited native OT capability |
| Cloud-native architecture | Hybrid (cloud-native + on-prem options) | Fully cloud-native |
| UK partner availability | BT and others via Xtend Partner Programme | Broad UK partner ecosystem |
| Gartner MQ (NDR) | Niche Player (2025) | Not in 2025 NDR MQ |
Include Trellix in your SASE RFP
Use the Netify RFP Builder to build a structured, vendor-neutral SASE RFP and receive competitive bids.
Build Your SASE RFP