We performed a comparison between Elastic Security and Trend Vision One based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"The solution is well integrated with applications. It is easy to maintain and administer."
"It's not very complicated to install Elastic."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The scalability is good. It can be scaled easily in the production environment."
"The stability of the solution is good."
"Stability-wise, I rate the solution a ten out of ten."
"The most valuable features are the speed, detail, and visualization. It has the latest standards."
"We've found the pricing to be reasonable."
"The search features help us try to correlate information and identify any suspicious activity."
"I like Vision One's observed attack techniques feature. It lets you see what an attacker is doing, how they have tried to exploit a machine, or how malicious code is operating. It helps us discover indicators of compromise so we can write better rules for detection."
"What I like the most about Trend Micro XDR is that the detection and response domain extends to the network. It goes beyond the endpoint and includes data about the network which lets you pinpoint patient zero as well as the root cause of the attack."
"I like Vision One's workbench. It provides helpful logs that I can search, and the telemetry is excellent because I can see what's happening during an attack or potential attack."
"One of the features I like in Trend Micro XDR is that you can drill down on the root-cause analysis for anything you find on the solution. I also like that it works for detection purposes. Behavior analytics is also what I like most about Trend Micro XDR. I love that it has features such as behavior detection, program detection, and memory scanning. By default, the solution protects against spyware, apart from the normal virus scan. Smart Scan and DLP are also available in Trend Micro XDR which I like as well."
"The integration is also nice because there are many external tools that we can connect to the platform, such as configuration management tools. Because the platform is integrated, I can manage almost the whole company across our global organization."
"I like XDR's workbench feature and observed attack technique. It generates an alert once certain conditions are met. For example, let's say there's a threat called malicious.exe being deployed on your system. It will generate an alert with information like the file path, location, hash, etc. You also see a relational matrix showing how that file was executed and which processes were installed."
"Stability could be improved by avoiding frequent changes to the interface."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"We'd like to see some more artificial intelligence capabilities."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"Email notification should be done the same way as Logentries does it."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"The deployment process could be more streamlined over the existing infrastructure, as it was not as easy as we thought."
"Also, XDR should improve its coverage of the latest IOCs. Their suspicious object management works, but the coverage should be improved. It will take one or two months to get those things covered. XDR will detect on a behavioral basis, but these databases will not get updated daily like some other solutions. If you're dealing with new ransomware or malware, it may take around a month before it's covered by Trend Micro."
"It is very expensive."
"The solution could always be made to be more secure."
"I would like to have the capability to export the information we receive from the XDR into Microsoft Excel."
"While blocking an IP address restricts access for 30 days, it eventually becomes accessible again."
"The agent system is very slow, it needs to improve its performance."
"Trend Micro doesn't have the next-generation firewall."
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 59 reviews while Trend Vision One is ranked 5th in Endpoint Detection and Response (EDR) with 43 reviews. Elastic Security is rated 7.6, while Trend Vision One is rated 8.6. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Trend Vision One writes "The integration of toolsets is key, enabling automation, and vendor has been tremendous partner for us". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Trend Vision One is most compared with CrowdStrike Falcon, Trend Vision One Endpoint Security, SentinelOne Singularity Complete, Microsoft Defender for Endpoint and Trellix Endpoint Security. See our Elastic Security vs. Trend Vision One report.
See our list of best Endpoint Detection and Response (EDR) vendors, best Extended Detection and Response (XDR) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.