NetWitness XDR vs Trend Vision One comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Jul 8, 2023

We performed a comparison between NetWitness XDR and Trend Micro XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Features: NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Trend Micro XDR is commended for its holistic approach to threat prevention, real-time visualization, and ability to prioritize network-based detection and response. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine. Trend Micro XDR should improve integration, overhaul its web interface, and strengthen its business relationships.

  • Service and Support: NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours. Some customers have found Trend Micro’s customer service to be helpful and responsive, while others have encountered challenges with technical support in complex situations.

  • Ease of Deployment: Some users found the initial setup of NetWitness uncomplicated, but others faced challenges. The initial setup of Trend Micro XDR is straightforward and fast, but it may require the involvement of several technical professionals.

  • Pricing: The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support. Some reviews noted that Trend Micro XDR might be too costly for small organizations, but others found the price reasonable. 

  • ROI: NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics. Trend Micro XDR delivers value through automation. Its efficient alerts ensure timely threat detection and prevention.

Comparison Results: Our users prefer Trend Micro XDR over NetWitness XDR. Trend Micro XDR is commended for its comprehensive visibility, high detection rate, and user-friendliness. NetWitness XDR users report challenges with integration, setup, and performance. Trend Micro XDR is considered reasonably priced, while NetWitness XDR is viewed as expensive.

To learn more, read our detailed NetWitness XDR vs. Trend Vision One Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations.""The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics.""The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products.""The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years.""I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender.""The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts.""From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave.""The comprehensiveness of Microsoft's threat detection is good."

More Microsoft Defender XDR Pros →

"Ability to isolate the machine when there are malicious files.""NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console.""It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great.""RSA NetWitness does market analysis in a more granular form. It gives you full visibility.""The log correlation is good.""It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users.""This solution allows us to locate the malware in real-time.""The stability of the RSA NetWitness Endpoint is very good."

More NetWitness XDR Pros →

"I can prevent my environment from different types of attacks based on what I see in the Vision One console.""I like XDR's workbench feature and observed attack technique. It generates an alert once certain conditions are met. For example, let's say there's a threat called malicious.exe being deployed on your system. It will generate an alert with information like the file path, location, hash, etc. You also see a relational matrix showing how that file was executed and which processes were installed.""The solution is stable.""Drilling down further, we can analyze how our users are utilizing their workstations, including the websites they visit.""VisionOne offers a clear window into the security posture of our endpoints.""The solution is very easy to use.""Scaling is not a problem at all.""The centralized visibility is good."

More Trend Vision One Pros →

Cons
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again.""When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments.""Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed.""Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features.""I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses.""The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist.""The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports.""The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."

More Microsoft Defender XDR Cons →

"When analyzing something, you have to click several times. It requires a lot of effort to find something.""The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features.""We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues.""The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution.""Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training.""The contamination feature could be improved.""This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available.""The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."

More NetWitness XDR Cons →

"While blocking an IP address restricts access for 30 days, it eventually becomes accessible again.""I think that continued optimization of the environment towards automation and orchestration, a kind of layer that sits underneath all of the technologies, would be extremely important.""Trend Micro doesn't have the next-generation firewall.""It should integrate with more tools. There are a lot of tools that can do the PTP dump.""The agent system is very slow, it needs to improve its performance.""The zero trust is a bit complicated compared to other parts of the solution.""The integration with third-party tools and with on-premises Active Directory needs improvement.""The centralized dashboard has room for improvement."

More Trend Vision One Cons →

Pricing and Cost Advice
  • "The solutions price is fair for what they offer."
  • "The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
  • "The price of the solution is high compared to others and we have lost some customers because of it."
  • "Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
  • "We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
  • "The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
  • "Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
  • "They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."
  • More Microsoft Defender XDR Pricing and Cost Advice →

  • "With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
  • "They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
  • "It is highly scalable. It can be bought based on your requirements."
  • "I do not have any opinion on the pricing or licensing of the product."
  • "The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
  • "It is an expensive product."
  • "The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
  • "The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
  • More NetWitness XDR Pricing and Cost Advice →

  • "It is costly. It is not that affordable for a small organization. Only big organizations can afford it. It is a new feature that has been added, so its price is fair. Its licensing is probably subscription-based. It is for one or two years."
  • "It would be nice if it was a little bit cheaper, but I think it has a fair price. It is comparable to others in the market."
  • "The price is reasonable. It's not exorbitant. CrowdStrike and other players are on the higher side."
  • "We have an annual subscription and I believe there is no option for monthly billing at the moment."
  • "Trend Micro XDR is expensive, and you have to pay for it yearly."
  • "Trend Micro XDR has a good price, and on a scale of one to five, I would rate it a four out of five in terms of price."
  • "From a pricing standpoint, they're a really good negotiator and they'll work with you."
  • "It's relatively well-priced."
  • More Trend Vision One Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which EDR (Endpoint Detection and Response) solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Scanning, vulnerability reporting, and the dashboard are the most valuable features.
    Top Answer:While Microsoft Defender XDR carries a higher cost, its ease of use compared to Defender may justify the investment.
    Top Answer:While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a… more »
    Top Answer:Technical support is knowledgeable.
    Top Answer:The solution is expensive. I'd rate it at a one or two out of five. They need to adjust it to keep up with the… more »
    Top Answer:I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat… more »
    Top Answer:I like the workbench. It is a view of all the alerts or problems in your estate. The visibility that it provides to… more »
    Top Answer:It is definitely not cheap. I do believe you get what you pay for to some degree. It is cost-effective. The money we… more »
    Top Answer:Playbooks are very good, but on the automation side, they could always improve. Having more variables within the… more »
    Comparisons
    Also Known As
    Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
    RSA ECAT, NetWitness Network
    Trend Micro XDR, Trend Micro XDR for Users
    Learn More
    Interactive Demo
    Overview

    Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment. 

    It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks. 

    Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

    Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

    Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness XDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

    Trend Vision One is a cloud-native security operations platform, serving cloud, hybrid, and on-premises environments. It combines ASM and XDR in a single console to effectively manage cyber risk across your organization. The platform provides powerful risk insights, earlier threat detection, and automated risk and threat response options. Utilize the platform’s predictive machine learning and advanced security analytics for a broader perspective and advanced context. Trend Vision One integrates with its own expansive protection platform portfolio and industry-leading global threat intelligence, in addition to a broad ecosystem of purpose-built and API-driven third-party integrations.

    Sample Customers
    Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
    ADP, Ameritas, Partners Healthcare
    Panasonic North America, Decathlon, Fischer Homes, Banijay Benelux, Unigel, DHR Health,
    Top Industries
    REVIEWERS
    Manufacturing Company18%
    Financial Services Firm12%
    Government12%
    Computer Software Company12%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Financial Services Firm16%
    Computer Software Company15%
    Government8%
    Manufacturing Company7%
    REVIEWERS
    Healthcare Company17%
    Hospitality Company13%
    Financial Services Firm13%
    Computer Software Company8%
    VISITORS READING REVIEWS
    Educational Organization30%
    Computer Software Company14%
    Financial Services Firm5%
    Healthcare Company5%
    Company Size
    REVIEWERS
    Small Business43%
    Midsize Enterprise24%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise18%
    Large Enterprise57%
    REVIEWERS
    Small Business59%
    Midsize Enterprise24%
    Large Enterprise18%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise16%
    Large Enterprise68%
    REVIEWERS
    Small Business50%
    Midsize Enterprise9%
    Large Enterprise41%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise39%
    Large Enterprise37%
    Buyer's Guide
    NetWitness XDR vs. Trend Vision One
    March 2024
    Find out what your peers are saying about NetWitness XDR vs. Trend Vision One and other solutions. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    NetWitness XDR is ranked 36th in EDR (Endpoint Detection and Response) with 15 reviews while Trend Vision One is ranked 5th in EDR (Endpoint Detection and Response) with 42 reviews. NetWitness XDR is rated 8.0, while Trend Vision One is rated 8.6. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Trend Vision One writes "The integration of toolsets is key, enabling automation, and vendor has been tremendous partner for us". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, Microsoft Defender for Endpoint and SentinelOne Singularity Complete, whereas Trend Vision One is most compared with CrowdStrike Falcon, SentinelOne Singularity Complete, Microsoft Defender for Endpoint, Fortinet FortiEDR and Cortex XDR by Palo Alto Networks. See our NetWitness XDR vs. Trend Vision One report.

    See our list of best EDR (Endpoint Detection and Response) vendors and best Extended Detection and Response (XDR) vendors.

    We monitor all EDR (Endpoint Detection and Response) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.