We performed a comparison between CrowdStrike Falcon and Trend Micro XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. Trend Micro XDR is commended for its holistic approach to preventing, real-time visualization, and ability to prioritize network-based detection and response. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options. Trend Micro XDR should improve integration, overhaul its web interface, and strengthen its business relationships.
Service and Support: CrowdStrike Falcon's customer service has been commended for its promptness and assistance. Some customers have found Trend Micro’s customer service to be helpful and responsive, while others have encountered challenges with technical support in complex situations.
Ease of Deployment: CrowdStrike Falcon's setup is considered to be simple and efficient, with varying deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable. The initial setup of Trend Micro XDR is straightforward and fast, but it may require the involvement of several technical professionals.
Pricing: Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive. Some reviews noted that Trend Micro XDR might be too costly for small organizations, but others found the price reasonable.
ROI: CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the necessity for onsite servers. Trend Micro XDR delivers value through automation. Its efficient alerts ensure timely threat detection and prevention.
Comparison Results: Our users prefer CrowdStrike Falcon over Trend Micro XDR for its setup process, lightweight design, efficient resource usage, and accurate threat detection. It also offers useful features like Overwatch and a user-friendly dashboard.
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"The product integrates security into one tool instead of having third-party security tools."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"The most valuable features are the complete IPS and IDS."
"We like Falcon's network visibility. We can see how threats are evolving on PCS or in the company network. The solution's real-time incident response is very fast."
"It's given me a level of confidence that my network is secure."
"The solution offers great stability."
"Its integration capability is valuable. It integrates easily with any OS."
"Cyberattack detection is very good. We use it for detecting different vulnerabilities, such as ransomware, virus, and malware. It is a good product today when compared to Symantec that we used previously."
"The most valuable feature is its threat analysis."
"It helps us with investigations."
"We can scale the product as needed."
"Scaling is not a problem at all."
"I like the workbench. It is a view of all the alerts or problems in your estate. The visibility that it provides to engineers is very useful. It is one thing having lots of alerts. It is another thing to have something to correlate all your alerts into a workbench for you so that you can see what is going on."
"I like Vision One's observed attack techniques feature. It lets you see what an attacker is doing, how they have tried to exploit a machine, or how malicious code is operating. It helps us discover indicators of compromise so we can write better rules for detection."
"The search features help us try to correlate information and identify any suspicious activity."
"The integration is also nice because there are many external tools that we can connect to the platform, such as configuration management tools. Because the platform is integrated, I can manage almost the whole company across our global organization."
"Its detection rate is valuable. It is really an easy product to install and manage. It is quite effective at what it does, and if needed, it can also be co-managed, which means 24 hours and seven days a week monitoring through a SOC."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"The logs could be better."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"The licensing is a nightmare and has room for improvement."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"The web filtering solution needs to be improved because currently, it is very simple."
"CrowdStrike Falcon by itself does not supply in-depth reporting."
"It would be nice if the dashboard had some more information upfront, and looked a little better."
"The pricing structure should allow for some flexibility."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"The GUI can use improvement, it's cloud-based so sometimes the interface can be a bit slow. The interface could use a little bit more speed."
"Any kind of integration that you want to do, such as using the API to connect to a SIEM, is complex and it will be expensive to do."
"I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it."
"Sometimes CrowdStrike changes the GUI, and they need to be better at informing us and providing guidance concerning that."
"It is very expensive."
"The price could be lower."
"The support has been delayed at times."
"While blocking an IP address restricts access for 30 days, it eventually becomes accessible again."
"While the continuous addition of features is commendable, the sheer volume of changes makes it difficult to stay abreast of the latest developments."
"I would like to have more integration with mobile device management."
"The solution could always be made to be more secure."
"I'd like to see alert time reduction so that they show up on the dashboard faster."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while Trend Vision One is ranked 5th in Endpoint Detection and Response (EDR) with 43 reviews. CrowdStrike Falcon is rated 8.8, while Trend Vision One is rated 8.6. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Trend Vision One writes "The integration of toolsets is key, enabling automation, and vendor has been tremendous partner for us". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Fortinet FortiEDR, whereas Trend Vision One is most compared with Trend Vision One Endpoint Security, SentinelOne Singularity Complete, Microsoft Defender for Endpoint, Cortex XDR by Palo Alto Networks and Fortinet FortiEDR. See our CrowdStrike Falcon vs. Trend Vision One report.
See our list of best Endpoint Detection and Response (EDR) vendors, best Extended Detection and Response (XDR) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.