We performed a comparison between CrowdStrike Falcon and Trend Micro Deep Security based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: CrowdStrike Falcon is the clear winner in this comparison. It is stable, easy to use, and high performing. In addition, it is easier to deploy and less expensive than Trend Micro Deep Security.
"The integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful."
"The most valuable feature is signature-based malware detection."
"The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"I'm only using the AMP (advanced malware protection) which is protecting my file system from all the malicious things that might happen. It should protect all kinds of things that might happen on the servers, things that I cannot see."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."
"appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us."
"I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution."
"The most valuable feature of CrowdStrike Falcon is its accuracy."
"I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good."
"It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably."
"There are two things which customers really like about CrowdStrike. If they buy managed services from CrowdStrike, it offers them detection of security issues in one minute. If you buy their professional services, they offer insurance where you can claim up to $5 million if there's a breach. This is a huge upsell for customers."
"The features we showcase to potential customers are prevention, malware protection, zero-day protection, and application scripting. Vulnerability assessment is another valuable feature."
"The CS falcon agent is a lightweight agent compared with other agents of EDR products."
"The most valuable features in CrowdStrike Falcon are the full EDR with antivirus, hunting, reporting, and RTR remote control."
"Deep Security is a good product for managing a few servers."
"Patch management is most valuable. The major selling point of Deep Security is that it is based on the cloud. Deep Security is for the servers and databases of data centers, and generally, for patch management, you have to shut down the machines, and then you have to restart them. So, they need shutdown time, which is a cost. Big enterprises don't want to shut down their database or their data center for any kind of patch. Deep Security creates a wall and downloads all patches. You install it on the cloud. So, it saves your server from any kind of intrusion or any kind of penetration, and whenever you get a chance or time, in six, eight, or nine months, you can physically download or install all those patches in one go. So, it saves you time. It also saves your shutdown time and keeps your data center safe."
"Deep Security provides us with a lot of reassurance about security threats. You don't have to worry about a patch not being there in the software. You're confident that all the patches and vulnerabilities are taken care of."
"It serves its purpose and works well."
"You can scale the solution to different versions."
"Deep Security's most valuable features are antivirus and host intrusion detection."
"The initial setup was straightforward."
"Support and threat prevention are the most valuable features of this solution."
"It could be improved in connection with artificial intelligence and IoT."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"In terms of the user experience, if the UX design could be much simpler [that would improve things]... if they could make it more intuitive for someone who is not an engineer so that they still can read what's going on in their webpage and understand, that would be something."
"They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need."
"The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product."
"An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"This product has issues with the number of false positives that it reports."
"I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup."
"On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."
"For CrowdStrike to work, all the machines need to have an internet connection. This makes it challenging to assist customers without an internet connection. We would like to have a mechanism or relay to make this possible."
"In a future release, I would like to see more integrations for data breaches and security features."
"The overall cost of CrowdStrike Falcon could be reduced."
"I would like to see a more accurate integration and an option to check the local machine."
"We'd like to see extended capacity in the on-premises versions."
"We want to see improved authentication."
"Trend Micro Deep Security security and scalability could be improved."
"Pricing is on the expensive side and could be more affordable. The technical support for Trend Micro Deep Security also needs improvement."
"I would like to see better pricing. The pricing could be lower."
"I think more work could be done on Deep Security's ability to handle dynamic threat scenarios."
"The price could be reduced."
"Trend Micro is scalable if you have the budget for it."
More Crowdstrike Falcon Endpoint Security and XDR Pricing and Cost Advice →
Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.
Crowdstrike Falcon Endpoint Security and XDR is ranked 2nd in EDR (Endpoint Detection and Response) with 56 reviews while Trend Micro Deep Security is ranked 1st in Virtualization Security with 27 reviews. Crowdstrike Falcon Endpoint Security and XDR is rated 8.6, while Trend Micro Deep Security is rated 8.2. The top reviewer of Crowdstrike Falcon Endpoint Security and XDR writes "Speeds up the data collection for our phishing playbooks dramatically". On the other hand, the top reviewer of Trend Micro Deep Security writes "Scalable and secure with an easy initial setup". Crowdstrike Falcon Endpoint Security and XDR is most compared with Microsoft Defender for Endpoint, SentinelOne, Darktrace, Cortex XDR by Palo Alto Networks and Trend Micro XDR, whereas Trend Micro Deep Security is most compared with Trend Micro Apex One, Microsoft Defender for Endpoint, Carbon Black CB Defense, SentinelOne and Symantec Endpoint Security.
We monitor all EDR (Endpoint Detection and Response) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I like that Crowdstrike allows me to easily correlate data between my firewalls. What’s most useful for my needs is the intelligence modules feature. I also find that Crowdstrike Falcon’s dashboard is very user-friendly; Information is easy to find because of how it is presented and everything is linkable, which is a big win for me. Stability is fantastic and so is the scalability. I was able to do so many endpoints so easily, and without any issues. In terms of pricing, Crowdstrike Falcon is reasonable for all that it has to offer. As far as technical support, that has been great too.
Trend Micro Deep Security offers a lot of features. It guarantees security for your data center, cloud, and containers - all with a unified and comprehensive SaaS solution and without compromising performance. Although that might make it sound appealing, every time there are new features released, they have to be paid for separately, which I am not thrilled about.
Trend Micro Deep Security offers powerful protection, an all-in-one workload security option (which may help with eliminating the cost of deploying multiple point solutions), and flexible integration. They also offer a “pay-for-what-you-use” pricing model which is hard to come by. While their pricing model seems enticing, a big downside for me is that it does not support versions prior to Windows 7. It has a good intrusion prevention feature that I like. However, that is not enough for me to settle for Trend Micro Deep instead of Crowdstrike.
Conclusion:
I much prefer Crowdstrike Falcon over Trend Micro Deep Security because I feel that it is much more reliable. While Trend Micro Deep Security may be represented as a classic antivirus solution, I am satisfied with the overall performance of Crowdstrike Falcon and happy with my purchase of the product.
Having previously run a penetration testing company, I can tell you that the general feedback I have from professional hackers is that CrowdStrike Falcon does make their job a lot more difficult.
The "traditional" players in the endpoint protection market e.g. Trend Micro, Symantec and McAfee they generally view as trivial to bypass.