Try our new research platform with insights from 80,000+ expert users

Elastic Security vs Trend Vision One comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 15, 2024
 

Categories and Ranking

Elastic Security
Ranking in Endpoint Detection and Response (EDR)
16th
Ranking in Extended Detection and Response (XDR)
8th
Average Rating
7.6
Number of Reviews
61
Ranking in other categories
Log Management (5th), Security Information and Event Management (SIEM) (5th), Security Orchestration Automation and Response (SOAR) (6th)
Trend Vision One
Ranking in Endpoint Detection and Response (EDR)
4th
Ranking in Extended Detection and Response (XDR)
7th
Average Rating
8.6
Number of Reviews
48
Ranking in other categories
Network Detection and Response (NDR) (3rd), Attack Surface Management (ASM) (3rd)
 

Featured Reviews

RI
Jun 6, 2023
Efficiently handle millions of loads simultaneously
We are using Elastic Security for logging the application logs, as we use a microservice architecture. So all application logs are saved to this LogSpot It helps us detect errors and keep an eye on the application in both the development and production environments. It can handle millions of…
GF
Dec 12, 2023
Provides centralized visibility, alerts us of potential risks, and enhances security posture
Trend Vision One streamlines our security by centralizing data collection and threat management. It pulls data from Exchange, SharePoint, endpoints, and servers to the cloud, providing a unified view of our IT environment. This centralized data feeds into advanced playbooks that automatically block URLs and files based on predefined conditions, reducing our reliance on manual intervention. For potential threats requiring further analysis, Vision One flags them for human review, allowing security personnel to quickly approve or deny access to specific URLs or files. These decisions then inform the suspicious object lists used across all deployed Trend Micro products, maximizing our overall security posture. In short, Vision One effectively automates routine tasks while empowering security teams to focus on critical decisions, making it a valuable asset for our organization. Vision One grants us centralized visibility and management across our protection layers. With its ongoing development, Trend Micro has steadily consolidated this visibility into a single pane of glass. Centralized visibility significantly improves our efficiency. Instead of scouring endpoints or hopping between the mail server and data lake, we can consolidate our search for malicious activity into one central location. Vision One empowers us to leverage comprehensive search parameters and scan all data within the data lake, not just data limited to specific products. For me, the executive dashboard is always the first one I check. Then, I turn to the operations dashboard for a more detailed look. These two dashboards provide a comprehensive overview of our security posture, drawing data from internal and external assets, application agents without vulnerability assessments, and detected account compromises. Vision One also excels at alerting us to potential risks, including accounts exposed to data breaches. I've personally experienced this when the executive dashboard's risk score suddenly spiked due to flagged accounts. After investigating and confirming the risk, we dismiss the alert and the score adjusts accordingly. The attack surface risk management capability has identified several vulnerability issues in external assets, necessitating immediate action. It has also shed light on blind spots within our environment. When we identify blind spots, we need to implement measures to address them and mitigate, reduce, or even eliminate the associated risk from our environment. Our team is relatively small, so dedicating someone to focus intensively on a single issue can be challenging. Vision One has alleviated this burden. Vision One's playbook and built-in automation features help us by proactively alerting us to issues requiring immediate attention, enhancing our overall security posture. Vision One offers a feature where, if it detects a phishing email with high confidence, it automatically locks the email, removes it from the Exchange database, quarantines it, and disables any links within the email or similar emails. For emails requiring human intervention or immediate action, Vision One flags them for review. We can then approve or deny the actions on the URLs and emails within the system. We use Vision One as a secondary measure if something slips through our other security layers. It allows us to see exactly what happens when users click on a malicious link, even if it wasn't flagged beforehand. To some extent, Vision One helps us reduce the time we spend investigating false positive alerts generated by our firewalls. While firewalls throw out many alerts, I often turn to Vision One for clients flagged as compromised. Jumping over the firewall report, I check Vision One's insights on those specific endpoints and the sites flagged by the firewall. Previously, I'd spend time on the machine itself, sifting through cookies and deleting temporary files to track the source of the suspicious traffic. But with Vision One, I can quickly see if the endpoint is trying to reach those flagged endpoints. In most cases, it turns out to be just Google searches – images or other elements loading as part of a search. Vision One has become my go-to spot every morning because of the dashboards. They put everything I needed in one place, saving me the hassle of jumping between multiple platforms. It's a half-hour ritual that sets me up for success, allowing me to review everything efficiently and tackle the rest of my day with confidence. Vision One has probably saved me several hours of valuable time per day. We currently have some playbooks in place, and we're exploring the option of adding more automation features to them. Our limited IT support staff is one factor that makes a managed XDR solution particularly appealing. However, we recognize the need to invest time in learning and understanding the available automation features, of which there are many.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"ELK documentation is very good, so never needed to contact technical support."
"It's open-source and free to use."
"The product has huge integration varieties available."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"It's very stable and reliable."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"The cost is reasonable. It's not overly pricey."
"It helps us with investigations."
"The centralized visibility is good."
"The integration is also nice because there are many external tools that we can connect to the platform, such as configuration management tools. Because the platform is integrated, I can manage almost the whole company across our global organization."
"We had a quick deployment. The solution is easy to set up."
"I appreciate the value of real-time activity monitoring."
"The most important thing for us as a customer is that we can spend more time in other places as it's simpler to have that overview. We have much more time for other tasks."
"The most valuable feature is the network protection shield on every server, which isolates attacks and prevents our clients from being affected."
"We haven't had any issues with configurations or customizations."
 

Cons

"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"We'd like better premium support."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"This solution is very hard to implement."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"The solution could offer better reporting features."
"The integration with third-party tools and with on-premises Active Directory needs improvement."
"They have a DLP module in Tredn Moicros and they need to enhance its capabilities."
"It would be ideal if they could improve the control of connectivity between sensors."
"Also, XDR should improve its coverage of the latest IOCs. Their suspicious object management works, but the coverage should be improved. It will take one or two months to get those things covered. XDR will detect on a behavioral basis, but these databases will not get updated daily like some other solutions. If you're dealing with new ransomware or malware, it may take around a month before it's covered by Trend Micro."
"They should increase their potential for third-party integrations."
"Trend Micro doesn't have the next-generation firewall."
"The support has been delayed at times."
"The price could be lower."
 

Pricing and Cost Advice

"We use the open-source version, so there is no charge for this solution."
"The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."
"The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000."
"Compared to other tools, Elastic Security is a cheaper solution."
"The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."
"We are using the free, open-source version of this solution."
"Affordable but with additional costs"
"Elastic Security is free to use."
"The price is reasonable. It's not exorbitant. CrowdStrike and other players are on the higher side."
"Trend Micro XDR is expensive, and you have to pay for it yearly."
"The pricing is competitive, and the cost aligns with the features we receive."
"It is costly. It is not that affordable for a small organization. Only big organizations can afford it. It is a new feature that has been added, so its price is fair. Its licensing is probably subscription-based. It is for one or two years."
"The price for Trend Vision One is reasonable compared to Microsoft and Symantec."
"Trend Micro recently switched from a license-based pricing model to a credit system, which caused some initial frustration during my renewal."
"Vision One's pricing is extremely competitive. They're probably the lowest-cost provider that has this feature set."
"From a pricing standpoint, they're a really good negotiator and they'll work with you."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
801,394 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
10%
Government
10%
University
6%
Educational Organization
29%
Computer Software Company
18%
Healthcare Company
5%
Financial Services Firm
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
Compared to other tools, Elastic Security is a cheaper solution.
What do you like most about Trend Micro XDR?
I appreciate the value of real-time activity monitoring.
What is your experience regarding pricing and costs for Trend Micro XDR?
Product names are changing all the time. Lots of changes in the last three years. They introduced the concept of credits, too, which did not make anything easier. It's also easy to underestimate th...
What needs improvement with Trend Micro XDR?
The SOAR features (Security Playbooks) are quite limited. At the moment, it is impossible to execute a simple piece of Python code that would pull or push something to an API, for example. While yo...
 

Also Known As

Elastic SIEM, ELK Logstash
Trend Micro XDR, Trend Micro XDR for Users, Trend Vision One - XDR for Networks
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Panasonic North America, Decathlon, Fischer Homes, Banijay Benelux, Unigel, DHR Health,
Find out what your peers are saying about Elastic Security vs. Trend Vision One and other solutions. Updated: September 2024.
801,394 professionals have used our research since 2012.