Try our new research platform with insights from 80,000+ expert users

Elastic Security vs Trend Vision One comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
5.9
Elastic Security often delivers positive ROI within two years, though user satisfaction and views on cost-effectiveness vary.
Sentiment score
6.9
Trend Vision One enhanced ROI through cost-effective pricing, automation, improved security, increased efficiency, and reduced operational costs.
It does not require hefty security budgets and can be deployed for enterprise security effectively.
Trend Vision One has improved our ROI by 30 percent.
Thankfully, we also had cyber security insurance, and the insurance covered the incidents because, through Trend Micro and the implementation of the solution, along with the data it provided, we were able to demonstrate what had happened.
The email filtering system paid for itself within a year.
 

Customer Service

Sentiment score
6.4
Elastic Security feedback is mixed; users praise community support, yet criticize inconsistent technical support and seek faster solutions.
Sentiment score
6.9
Trend Vision One's customer service is praised for engagement but faces challenges with response times, communication, and technical proficiency.
Support is prompt and helpful.
Most of the time when my team encounters issues, they receive responses within 24 hours.
It's not just about high-level support with the chatbot; rather, when an issue occurs, we have the experts on-site and ready to respond swiftly, which is crucial.
The engineers are not readily available.
To improve support, the company should streamline communication and reduce response times.
 

Scalability Issues

Sentiment score
7.3
Elastic Security is scalable and adaptable, suitable for diverse business needs, though skilled personnel are important for effective management.
Sentiment score
7.9
Trend Vision One offers scalable, cloud-based integration for diverse organizations, supporting easy deployment and expansion with seamless system integration.
It allows us to think about specific use cases, such as gathering malicious IPs in a single view and analyzing threats based on geolocation.
I’d give scalability a 10 because nearly everything is integrated.
We found that it scales easily.
Its scalability is very good as we can work with it flexibly.
 

Stability Issues

Sentiment score
7.7
Elastic Security is stable and reliable, though challenges arise with big data and real-time usage without proper configuration.
Sentiment score
8.3
Trend Vision One is highly reliable and stable, excelling in performance with minimal compatibility and lagging issues.
In terms of stability, I would rate Elastic a solid eight out of ten.
The stability is very high.
 

Room For Improvement

Elastic Security faces challenges in setup, AI integration, permissions management, user support, and requires improved dashboards and cost-efficiency.
Trend Vision One needs better integration, user interface, support, and reporting, with enhanced automation, customization, and pricing clarity.
CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
My security testing team continuously reports vulnerabilities, and we have to fix and update the versions frequently.
Elastic Security consumes a lot of resources, requiring a substantial deployment setup.
The deployment can be complex, and we'd like an easier process, especially when integrating with on-prem and cloud environments.
For XDR threat investigation, there is not enough documentation about how to search for different keywords.
There is increasingly a blending of the traditional OT world, which requires a specific focus, as OT devices often don't use standard Ethernet protocols and similar technologies.
 

Setup Cost

Elastic Security offers a free open-source option with enterprise features based on usage, making it cost-effective for enterprises.
Trend Vision One receives mixed reviews on pricing, balancing perceived value with cost concerns, especially for smaller companies.
The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.
This is beneficial for SMEs as they do not need extensive budgets for security solutions.
Elastic Security is considered cost-effective, especially at lower EPS levels.
Trend Vision One offers a competitive price-to-value ratio.
Trend Vision One is an expensive product.
The pricing is fair and not on the higher side.
 

Valuable Features

Elastic Security is praised for fast search, scalability, machine learning, customization, integration, and user-friendly, cost-effective features.
Trend Vision One provides robust security features and easy management through AI, automation, and a centralized console.
Elastic Security offers good insight regarding alerts, reports, and cases.
Elastic Security offers advanced features such as machine learning and integration with ChatGPT.
We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data.
The most important features of Vision One include visibility, AI integration, attack pattern analysis, predictive analytics, and centralized visibility and management across protection layers.
The most critical feature of Vision One is that it gives us a single console for threat management.
Its ability to identify unmonitored endpoints and perform log inspection, which establishes operational baselines and detects anomalies, proves invaluable for threat identification.
 

Categories and Ranking

Elastic Security
Ranking in Endpoint Detection and Response (EDR)
16th
Ranking in Extended Detection and Response (XDR)
8th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
64
Ranking in other categories
Log Management (7th), Security Information and Event Management (SIEM) (5th), Security Orchestration Automation and Response (SOAR) (6th)
Trend Vision One
Ranking in Endpoint Detection and Response (EDR)
4th
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
69
Ranking in other categories
Network Detection and Response (NDR) (3rd), Attack Surface Management (ASM) (2nd), AI-Powered Cybersecurity Platforms (3rd)
 

Mindshare comparison

As of April 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Elastic Security is 2.4%, up from 2.2% compared to the previous year. The mindshare of Trend Vision One is 2.9%, down from 3.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Gajewski Marek - PeerSpot reviewer
Provides good anomaly detection and connectivity reporting
We previously used Splunk but switched to Elastic Security because Splunk was more expensive. Feature-wise, both tools are pretty much the same. They have almost the same functions. Elastic Security has a much better AI assistant that allows you to ask questions like a normal person. With Elastic Security, I can also predict the price and how much it will cost. Splunks's pricing depends on how much data we use and the different add-ons I have to add. The pricing is much better with Elastic Security.
DavidBowman - PeerSpot reviewer
It improves the detection speed, but it could be more customizable
They need to stop changing Vision One once a week. They're in a hurry to change things so badly and so fast that I can't find where stuff is half the time, which is a challenge sometimes. I've given one piece of feedback to their product guys. One thing that they're trying to make is a SIEM. It's a product where you input all the logs from your tools, and it creates additional insights into how things look. They've been kind of playing the "me too" game on that, even though that's not what I bought the product for. They have a new gateway where I can take my firewall of email logs and send it over there. In theory, it's supposed to do a more comprehensive evaluation of all my stuff to improve that risk index score. I'm not impressed with it, and I've told them as much. I feel if you're good at something, you should keep working on that and not try to be all the things to all the people. I bought a different email solution even though it would have been 10 times easier to just stay with their email solution because they aren't great at it. They are great at other things, but they're playing the "me too" game with some of their products. Their competitors do this, so they should be doing this, too. They need to pick a product and keep being good at that. If they're going to roll new things out, they should do it but do it right. They have a button to isolate an endpoint because it looks bad, but it doesn't usually work. I've had no chance to argue with the product guys to show them examples of how their button doesn't work. You think it does, but it doesn't work in a real environment. That can be a challenge sometimes. I can see in the data showing what is a false positive. But it doesn't save me time helping them figure out how to fix the problem in their engine. It can help me identify it as a false positive, but it doesn't apply that consistently. It will ignore the false positive for that device, but if they start detecting a false positive on Apple devices, I have eight thousand Apple devices and get 8,000 alerts. I can tell that specific false positive, but it doesn't learn from that particularly well. We use the executive dashboards, but I don't find them particularly useful. One is the ability to customize. That has gotten a little better, and it'll be better in the future. Most of what they have on there are data points that are generic and not particularly actionable. That's why it's called an executive dashboard. Executives want to see if we are secure, but it's hard for me to find out why our attack surface risk went down by x percentage. I don't know. It says that on the dashboard, but it doesn't give me specific details about why. I find it confuses my executives, and it's not useful for me because it doesn't give me things to work on. It will give me generic things on the executive dashboard like you have a thousand accounts with an old password. Those are big generic things, but I also can't tell it that our password policy is different from what your automatic detection model means, and I don't have a problem with that, so quit lowering my risk score. The risk score is useless. In theory, it's based on the random intelligence they're getting from their various customers. I'm in K-12 education, so they have a decent amount of K-12 customers, but it's a subset, and the baseline of what's common in K-12 education is not the same. There's not enough data to make that particularly clean or useful. Vision One is not custom, and that's part of my beef. That index score is based on whatever random report they're looking at from their data sources at any given moment in time. It's nice, but I'd rather have one that's based on your particular circumstances. Instead, it's saying that the number one attack threat surface for school districts is email phishing. It's too generic.
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Government
10%
Financial Services Firm
9%
Comms Service Provider
7%
Educational Organization
24%
Computer Software Company
18%
Financial Services Firm
5%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
Elastic Security is considered cost-effective, especially at lower EPS levels. However, a direct comparison was not made due to different pricing structures.
What do you like most about Trend Micro XDR?
I appreciate the value of real-time activity monitoring.
What is your experience regarding pricing and costs for Trend Micro XDR?
It is very good. The flexibility to temporarily exceed license limits when setting up new devices is helpful, as it allows us to ensure security before purchasing additional licenses.
What needs improvement with Trend Micro XDR?
Improving the user interface would be helpful—it can be confusing, especially if you do not use it daily. We do not see a need for additional features. The tool has so many capabilities that it can...
 

Also Known As

Elastic SIEM, ELK Logstash
Trend Micro XDR, Trend Micro XDR for Users, Trend Vision One - XDR for Networks
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Panasonic North America, Decathlon, Fischer Homes, Banijay Benelux, Unigel, DHR Health,
Find out what your peers are saying about Elastic Security vs. Trend Vision One and other solutions. Updated: February 2025.
844,944 professionals have used our research since 2012.