We just raised a $30M Series A: Read our story

Compare CrowdStrike Falcon vs. Trend Micro Deep Security

Cancel
You must select at least 2 products to compare!
Comparison Summary
Question: Is Crowdstrike Falcon better than Trend Micro Deep Security?
Answer: I can't say one way or the other for sure, but, having experienced Trend Micro in the past from an endpoint perspective they have their own way of doing things. They certainly didn't catch everything that even basic a/v like SEP did and they had a very convoluted setup and system configuration. Not sure on how falcon compares but cost wise Trend would probably be the cheap option while Falcon would be more expensive but easier to work in/with.
Featured Review
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Protection for Business (EPP). Updated: November 2021.
552,305 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The entirety of our network infrastructure is Cisco and the most valuable feature is the integration.""The solution's integration capabilities are excellent. It's one of the best features.""The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems.""The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great.""The most valuable feature is signature-based malware detection.""Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP.""It doesn't impact the devices. It is an agent-based solution, and we see no performance knock on cell phones. That was a big thing for us, especially in the mobile world. We don't see battery degradation like you do with other solutions which really drain the battery, as they're constantly doing things. That can shorten the useful life of a device.""One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."

More Cisco Secure Endpoint Pros »

"The most valuable feature is that we don't need to re-image machines as much as we had to.""Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that.""The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed.""The stability is good; we haven't experienced any glitches or bugs.""From what we have seen, it is very scalable. We have recently acquired a company where someone had a ransomware attack when we joined networks. Within the course of just a few days, we were able to easily get CrowdStrike rolled out to about 300 machines. That also included the removal of that company's legacy anti-malware tool.""There's almost no maintenance required. It's very low if there's any at all.""The detection is very reliable. Also, OverWatch is a great feature.""It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably."

More CrowdStrike Falcon Pros »

"We like the Smart protection and the Virtual patching.""The initial setup was straightforward and we didn't have any problem with it.""In terms of valuable features, I would say its intrusion prevention. Each and every IP connecting to the server gets scanned so we know everyone who is accessing our server and we can block whichever IP's do not belong to us at the firewall.""This product offers good protection against many types of malware.""Some of the main features of this solution are it is reliable and can be used in small to large size businesses.""Automated virtual patching is a good feature.""Deep Security is a good product for managing a few servers.""It's easy to use and the interface is simple."

More Trend Micro Deep Security Pros »

Cons
"I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products.""We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment.""...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal.""We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints.""The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself.""The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time.""The room for improvement would be on event notifications. I have mine tuned fairly well. I do feel that if you subscribe to all the event notification types out-of-the-box, or don't really go through and take the time to filter out events, the notifications can become overwhelming with information. Sometimes, when you're overwhelmed with information, you just say, "I'm not going to look at anything because I'm receiving so much." I recommend the vendor come up with a white paper on the best practices for event notifications.""The GUI needs improvement, it's not good."

More Cisco Secure Endpoint Cons »

"In the six months that I have been using CrowdStrike, it has not been able to detect anything.""I would rate it an eight out of ten. It does what it needs to do but there's always room for improvement.""There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it.""They don't really have anything when it comes to scanning attachments.""If we have a dashboard capability to uninstall agents, I think that would be great.""I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup.""The management reporting functionality needs to be improved.""CrowdStrike Falcon by itself does not supply in-depth reporting."

More CrowdStrike Falcon Cons »

"Deep Security's most valuable features are antivirus and host intrusion detection.""The setup is fairly complex. The deployment took around two months.""The product isn't very user-friendly.""Another issue is if I want to suggest this solution to a customer, we won't get the pricing immediately, which is a major problem.""The problem with this solution is that if you go on large sites you have to have an external database, which would increase the cost.""Requires simplification, a fair amount of trouble shooting required.""The situation with the currency in Turkey makes this solution a little bit on the expensive side, and if it were lowered then it would be more competitive.""As for what could be improved, I think it should come with an XDR facility without any extra cost. They're always releasing new features, but we need to pay extra for them."

More Trend Micro Deep Security Cons »

Pricing and Cost Advice
"Whenever you are doing the licensing process, I would highly advise to look at what other Cisco solutions you have in your organization, then evaluate if an Enterprise Agreement is the best way to go. In our case, it was the best way to go. Since we had so many other Cisco products, we were able to tie those in. We were actually able to get several Cisco security solutions for less than if we had bought three or four Cisco security solutions independently or ad hoc.""Our company was very happy with the price of Cisco AMP. It was about a third of what we were paying for System Center Endpoint Protection.""We can know if something bad is potentially happening instantaneously and prevent it from happening. We can go to a device and isolate it before it infects other devices. In our environment, that's millions of dollars saved in a matter of seconds.""The visibility that we have into the endpoint and the forensics that we're able to collect give us value for the price. This is not an overly expensive solution, considering all the things that are provided. You get great performance and value for the cost.""The Enterprise Agreement is like an all-you-can-eat buffet of Cisco products. In that vein, it was very affordable.""Licensing fees are on a yearly basis and I am happy with the pricing.""We have a license for 3,000 users and if we get up to 3,100 users, it doesn't stop working, but on the next renewal date you're supposed to go in there and add that extra 100 licenses. It's really good that they let you grow and expand and then pay for it. Sometimes, with other products, you overuse a license and they just don't work.""In our case, it is a straightforward annual payment through our Enterprise Agreement."

More Cisco Secure Endpoint Pricing and Cost Advice »

"With respect to pricing, my suggestion to others is to evaluate the environment and purchase what you need.""Pricing and licensing seem to be in line with what they offer. We are a smaller organization, so pricing is important. Obviously, we would make a business case if it is something we really needed or felt that we needed. So, the pricing is in line with what we are getting from a product standpoint.""The price is too high.""We bought a very small number of licenses, then ran it for a year. We bought a 100 licenses for a year, so we didn't actually do a proof of concept. We just bought them. Then, the next year, we bought 10,000 licenses.""The pricing on CrowdStrike is per license. It was about $42 per seat yearly.""When comparing to Microsoft, CrowdStrike Falcon is more expensive.""All I can say about the licensing cost is that it's negotiable.""The pricing is good and there are no costs in addition to the standard licensing fees."

More CrowdStrike Falcon Pricing and Cost Advice »

"It's more expensive than other solutions, such as Sophos and Kaspersky, as an endpoint solution.""It is a very expensive solution. It would be nice if they lower its price. Its license is based on the machines.""We are paying approximately $50,000 each month, it's definitely expensive.""There is a license for this solution and there are extra features you can purchase.""The solution is considerably cheaper than other similar solutions."

More Trend Micro Deep Security Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Endpoint Protection for Business (EPP) solutions are best for your needs.
552,305 professionals have used our research since 2012.
Answers from the Community
Netanya Carmi
author avatarKirk Stephen
User

Having previously run a penetration testing company, I can tell you that the general feedback I have from professional hackers is that CrowdStrike Falcon does make their job a lot more difficult. 


The "traditional" players in the endpoint protection market e.g. Trend Micro, Symantec and McAfee they generally view as trivial to bypass.

Questions from the Community
Top Answer: The most valuable feature is signature-based malware detection.
Top Answer: Licensing fees are on a yearly basis and I am happy with the pricing.
Top Answer: The GUI needs improvement, it's not good. There are false positives in emails. At times, the emails are blocked and… more »
Top Answer: Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions… more »
Top Answer: Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing… more »
Top Answer: The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push… more »
Top Answer: I like that Crowdstrike allows me to easily correlate data between my firewalls. What’s most useful for my needs is the… more »
Top Answer: The traceback feature in XDR is amazing. You can trace back an attack. You can playback where an attack actually… more »
Top Answer: There is a license required for this solution and there are extra features you can purchase.
Comparisons
Also Known As
Cisco AMP for Endpoints
CrowdStrike
Deep Security
Learn More
Overview

Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.

CrowdStrike is the leader in cloud-delivered next-generation endpoint protection. CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent. 

Many of the world’s largest organizations already put their trust in CrowdStrike, including three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies.

Request a free trial here: https://go.crowdstrike.com/try-falcon-prevent

The Trend Micro Cloud and Data Center Security solution protects applications and data and prevents business disruptions, while helping meet regulatory compliance. Whether you are focused on securing physical virtual, cloud, or hybrid environments, Trend Micro provides the advanced server security you need  with the Trend Micro™ Deep Security™ platform.

Offer
Learn more about Cisco Secure Endpoint
Get Fast and Easy Protection Against All Threats

Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.

Learn more about Trend Micro Deep Security
Sample Customers
Heritage Bank, Mobile County Schools, NHL University, Thunder Bay Regional, Yokogawa Electric, Sam Houston State University, First Financial Bank
Information Not Available
Rush University Medical Center, Guess? Inc., Mazda Motor Logistics Europe, MEDHOST, KSC Commercial Internet Co., Ricoh Company Ltd., Square Enix, SoftBank Telecom, Telecom Italia, United Way of Greater Atlanta, A&W Food Services of Canada
Top Industries
REVIEWERS
Healthcare Company19%
Government13%
Manufacturing Company13%
Financial Services Firm6%
VISITORS READING REVIEWS
Comms Service Provider24%
Computer Software Company23%
Government7%
Financial Services Firm5%
REVIEWERS
Financial Services Firm17%
Manufacturing Company10%
Insurance Company10%
Hospitality Company10%
VISITORS READING REVIEWS
Computer Software Company25%
Comms Service Provider19%
Government6%
Financial Services Firm5%
REVIEWERS
Financial Services Firm26%
Healthcare Company22%
Manufacturing Company13%
Computer Software Company9%
VISITORS READING REVIEWS
Computer Software Company28%
Comms Service Provider23%
Government7%
Financial Services Firm5%
Company Size
REVIEWERS
Small Business36%
Midsize Enterprise18%
Large Enterprise46%
VISITORS READING REVIEWS
Small Business27%
Midsize Enterprise21%
Large Enterprise51%
REVIEWERS
Small Business24%
Midsize Enterprise24%
Large Enterprise51%
VISITORS READING REVIEWS
Small Business23%
Midsize Enterprise31%
Large Enterprise47%
REVIEWERS
Small Business33%
Midsize Enterprise33%
Large Enterprise35%
VISITORS READING REVIEWS
Small Business30%
Midsize Enterprise30%
Large Enterprise39%
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Protection for Business (EPP). Updated: November 2021.
552,305 professionals have used our research since 2012.

CrowdStrike Falcon is ranked 1st in Endpoint Protection for Business (EPP) with 27 reviews while Trend Micro Deep Security is ranked 1st in Virtualization Security with 16 reviews. CrowdStrike Falcon is rated 8.8, while Trend Micro Deep Security is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Speeds up the data collection for our phishing playbooks dramatically". On the other hand, the top reviewer of Trend Micro Deep Security writes "Each and every IP connecting to the server gets scanned so we can block whichever IPs do not belong to us at the firewall". CrowdStrike Falcon is most compared with Microsoft Defender for Endpoint, SentinelOne, Cortex XDR by Palo Alto Networks, Darktrace and Symantec End-User Endpoint Security, whereas Trend Micro Deep Security is most compared with Trend Micro Apex One, Symantec End-User Endpoint Security, Carbon Black CB Defense, Microsoft Defender for Endpoint and SentinelOne.

We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.