We performed a comparison between Trend Vision One and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"Microsoft 365 Defender is a stable solution."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The automatic EDR system that notifies us when something is wrong is valuable."
"We had a quick deployment. The solution is easy to set up."
"For scalability, I would give a rating of ten out of ten."
"The telemetric report is the most valuable feature."
"The solution is very easy to use."
"The solution is stable."
"Its detection rate is valuable. It is really an easy product to install and manage. It is quite effective at what it does, and if needed, it can also be co-managed, which means 24 hours and seven days a week monitoring through a SOC."
"I appreciate the value of real-time activity monitoring."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"If they support a solution, it is easy to do an integration."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"The most valuable features are the modules and metrics."
"It offers built-in modules for file integrity and vulnerability management."
"The main thing I like about it is that it has an EDR."
"The configuration assessment and Pile integrity monitoring features are decent."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"Stability could be improved by avoiding frequent changes to the interface."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"The solution could always be made to be more secure."
"The zero trust is a bit complicated compared to other parts of the solution."
"The centralized dashboard has room for improvement."
"The support should be improved."
"Having more variables within the playbook would be useful. It would allow us to have more refined playbooks for the business. It would allow us to take stronger action through a playbook. It will give us confidence to target a particular area of business where our risk tolerance might be higher or lower. We would like to have more granular playbooks."
"They should increase their potential for third-party integrations."
"I would like to have the capability to export the information we receive from the XDR into Microsoft Excel."
"It would be ideal if they could improve the control of connectivity between sensors."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"Since it's an open-source tool, scalability is the main issue."
"While it is scalable, it can suffer from reduced latencies."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
Trend Vision One is ranked 6th in Extended Detection and Response (XDR) with 43 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Trend Vision One is rated 8.6, while Wazuh is rated 7.4. The top reviewer of Trend Vision One writes "The integration of toolsets is key, enabling automation, and vendor has been tremendous partner for us". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Trend Vision One is most compared with CrowdStrike Falcon, Trend Vision One Endpoint Security, SentinelOne Singularity Complete, Microsoft Defender for Endpoint and Kaspersky Endpoint Detection and Response Expert, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Splunk Enterprise Security and SentinelOne Singularity Complete. See our Trend Vision One vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.