Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Trend Vision One - Cloud Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024
 

Categories and Ranking

Checkmarx One
Ranking in Vulnerability Management
16th
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Static Code Analysis (2nd), API Security (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
Trend Vision One - Cloud Se...
Ranking in Vulnerability Management
9th
Average Rating
8.6
Number of Reviews
21
Ranking in other categories
Container Security (9th), Cloud Workload Protection Platforms (CWPP) (7th), Hybrid Cloud Computing Platforms (6th), Extended Detection and Response (XDR) (13th), Cloud Security Posture Management (CSPM) (7th), Cloud-Native Application Protection Platforms (CNAPP) (6th), Attack Surface Management (ASM) (4th), Cloud Infrastructure Entitlement Management (CIEM) (4th)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Brett Tatum - PeerSpot reviewer
Oct 20, 2023
We can quickly deploy cloud conformity, provides good visibility, and control
I am satisfied with the protection that Trend Vision One - Cloud Security provides for our multi-cloud environment. I need a single pane of glass that will give me the information I need quickly and easily. I set up Trend Vision One - Cloud Security in one afternoon, which I have done before. With one person, it only takes a day or so. Now, it is so simple to get it into any cloud and give it a small permission set to go in there and read our infrastructure, and then get some valuable insights very quickly. Trend Vision One - Cloud Security provides us with contextual data, which is especially useful when we are acquiring a company or when I take on a new role and need to quickly understand what they have. Trend Vision One - Cloud Security also helps me to quickly correlate information in the DevSec process, as it protects everything. There are three times when a security vulnerability can be caught: when we write the code, when we deploy the code, or when the code is running. If a vulnerability is not caught until the code is running, we probably made a mistake. We can then go back and look at the first two steps to see where we should have caught the issue. I am 100 percent satisfied with the context provided by Trend Vision One - Cloud Security. Trend Vision One - Cloud Security protects my cloud workloads. If an attack gets past the first two layers, I still need a way to protect the endpoints, whether they're EC2 instances, virtual machines in Azure, or even on-premises servers. I need a single pane of glass to see all of my endpoints. And let's say there's a zero-day attack, something that no one knew about and couldn't have caught. With Workload Security, I don't need to patch it immediately, even if it's a Windows update. Workload Security can patch it for me and put security tools around it. So we use it for patching and filtering, as well as other security needs. It sits on our virtual machines and whatever cloud we use. The biggest benefit of Trend Vision One - Cloud Security is its single pane of glass view. Other cloud providers, such as AWS and Azure, offer similar features, but they require multiple dashboards and reports. With Trend Vision One - Cloud Security, I have a single pane of glass view of my entire infrastructure. We also use Trend Vision One - Cloud Security for many security needs, including endpoint protection and Office 365 protection. This gives me a single vendor, a single pane of glass, and a single console to manage the security of all of my platforms. Trend Vision One - Cloud Security gives us full visibility and control of our cloud environments. When I am asked difficult questions, or when I am going through an audit or other process, I use its reporting and dashboarding capabilities to get all the information I need in one place. This saves me from having to correlate data from different sources, and it helps me to resolve audit and compliance workflows more quickly. Visibility helps us resolve complexity in our environment by providing quick snapshots of an account. This is especially useful when I'm trying to get an overview of a new workload or a new company, as it allows us to take a snapshot of the environment to make it easier to ingest. We buy our subscriptions through the marketplace because it's easier. I don't want to buy credits, because I can use the marketplace as needed. It also allows us to quickly bill the subscriptions to our existing account, so I don't have to set up another vendor or billing terms. I can just quickly use the marketplace, choose the subscriptions I want, and pay as I go. It's perfect. Conformity would give me a good overview of what infrastructure we are using and where we can potentially save costs by emphasizing the infrastructure that we do not necessarily need. Trend Vision One - Cloud Security protects me in the cloud, protects my registry, and protects my DevOps pipeline. It is not necessary for Trend Vision One - Cloud Security to protect all of these things. Additionally, Trend Vision in general also protects our Office 365 infrastructure, including SharePoint, Teams, and Outlook. Protecting all the data across our environment is extremely important these days. No matter what industry we're in, it's crucial to understand our data security protocols, where our data is stored, how it's protected, and how it's accessed. This information gives us a single, overarching view of our data security posture, which helps us to identify and remediate misconfigurations and quickly respond to zero-day attacks or compromises. The sooner we know about a security incident, the fewer repercussions we're likely to experience.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The user interface is modern and nice to use."
"One of the most valuable features is it is flexible."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"Checkmarx offers many valuable features, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IAC), Supply Chain Security, and API Security."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The solution is scalable, but other solutions are better."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"We use the solution to protect our cloud-based applications like Office 365."
"The perfect package for all security platforms, providing more than any other endpoint solution."
"I really like Trend Vision One - Cloud Security's dashboard."
"The most valuable features are intrusion prevention and anti-malware capabilities."
"Trend Vision One - Cloud Security's best features are security analysis, remote access security, and driver security."
"The stability is quite good."
"I use the tool for security solutions. It's a leader in Gartner and Forrester Wave reports. Customers rely on these reports."
"I like the solution's baselines."
 

Cons

"Checkmarx could improve the REST APIs by including automation."
"I would like to see the rate of false positives reduced."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"There are also some loopholes because it's a new product that they have recently migrated to the cloud. We do see some issues with the policies we have assigned when it comes to a particular account. There are some issues with system support, such as a particular server kernel version that is not supported."
"The workbook insights generate a massive list, making it inconvenient to review."
"Securing S3 using Trend Vision One - Cloud Security can cost too much. Trend Vision One - Cloud Security has a tool that requires lots of privileges. From my understanding, it's only for static application testing, so they need to add dynamic application testing, and there should be more collaboration with the application testing tools on the market. We have not used this product, and I don't know if they plan to decommission it or something. They should focus on application security because this tool's unique feature is multi-cloud support. However, they should improve integration with tools for these kinds of use cases, especially application security and dynamic scanning. For example, I would like it to support Dell SecureOps. I'd also like to see some enhancements to API gateway security."
"I'd like to see mobile licenses included in the main license, similar to Kaspersky's model for future features."
"One area for improvement in Trend Vision One - Cloud Security is marketing; in particular, Trend Vision should update the marketing documentation. The information needs to be more comprehensive."
"The firewall configuration should have been automated based on the understanding of the application, utilities, and protocols."
"The local agent should be able to show more logs. At present, the logs are only available from the web console and not from the local agent."
"They should provide a way for users to see violations for specific compliance."
 

Pricing and Cost Advice

"It is the right price for quality delivery."
"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
"With everything I deal with, Trend Micro Cloud One's pricing is somewhere in the middle."
"I rate the solution's pricing a six out of ten."
"While Trend Vision One - Cloud Security was a cost-effective solution for us in 2021, we've noticed a recent price increase that makes it less affordable."
"The price could be lower. That is a bit of a consideration."
"One year ago, Trend transitioned to a credit system for licensing, which has confused users."
"The pricing for Cloud One is reasonable because my costs scale up and down based on my infrastructure usage."
"Two years ago, it cost $200 for 20 credits, which was a high cost."
"Pricing for Trend Micro Cloud One Container Security in the corporate market is okay."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Educational Organization
30%
Computer Software Company
14%
Manufacturing Company
6%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about Trend Micro Cloud One Workload Security?
The the most valuable feature is the scanning engine. It does not impact server performance. It's very lightweight.
What is your experience regarding pricing and costs for Trend Micro Cloud One Workload Security?
The is price is 25% cheaper than it was a couple of years ago, which is good.
What needs improvement with Trend Micro Cloud One Workload Security?
The local agent should be able to show more logs. At present, the logs are only available from the web console and not from the local agent.
 

Also Known As

No data available
Trend Micro Cloud One , Cloud One Workload Security, Trend Micro Cloud One Container Security, Trend Micro Cloud One Application Security, Cloud One File Storage Security, Cloud One Network Security, Cloud One Conformity
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Find out what your peers are saying about Checkmarx One vs. Trend Vision One - Cloud Security and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.