Try our new research platform with insights from 80,000+ expert users

Contrast Security Assess vs Trend Vision One - Cloud Security comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Contrast Security Assess
Average Rating
8.8
Number of Reviews
11
Ranking in other categories
Application Security Tools (29th), Static Application Security Testing (SAST) (24th)
Trend Vision One - Cloud Se...
Average Rating
8.6
Number of Reviews
21
Ranking in other categories
Vulnerability Management (9th), Container Security (9th), Cloud Workload Protection Platforms (CWPP) (7th), Hybrid Cloud Computing Platforms (6th), Extended Detection and Response (XDR) (13th), Cloud Security Posture Management (CSPM) (7th), Cloud-Native Application Protection Platforms (CNAPP) (6th), Attack Surface Management (ASM) (4th), Cloud Infrastructure Entitlement Management (CIEM) (4th)
 

Mindshare comparison

Contrast Security Assess and Trend Vision One - Cloud Security aren’t in the same category and serve different purposes. Contrast Security Assess is designed for Static Application Security Testing (SAST) and holds a mindshare of 0.4%, down 0.5% compared to last year.
Trend Vision One - Cloud Security, on the other hand, focuses on Extended Detection and Response (XDR), holds 0.1% mindshare, up 0.1% since last year.
Static Application Security Testing (SAST)
Extended Detection and Response (XDR)
 

Featured Reviews

Mustufa Bhavnagarwala - PeerSpot reviewer
Nov 27, 2023
A stable solution that provides lots of details on web-based vulnerabilities and source code reviews
Contrast Security Assess has a really good UI and gives the details in more depth. It gives more information about web application vulnerabilities. If third-party libraries, JS files, and JAR files have any CVEs in them, the solution reports that and gives a grade from A to E. It gives good…
Brett Tatum - PeerSpot reviewer
Oct 20, 2023
We can quickly deploy cloud conformity, provides good visibility, and control
I am satisfied with the protection that Trend Vision One - Cloud Security provides for our multi-cloud environment. I need a single pane of glass that will give me the information I need quickly and easily. I set up Trend Vision One - Cloud Security in one afternoon, which I have done before. With one person, it only takes a day or so. Now, it is so simple to get it into any cloud and give it a small permission set to go in there and read our infrastructure, and then get some valuable insights very quickly. Trend Vision One - Cloud Security provides us with contextual data, which is especially useful when we are acquiring a company or when I take on a new role and need to quickly understand what they have. Trend Vision One - Cloud Security also helps me to quickly correlate information in the DevSec process, as it protects everything. There are three times when a security vulnerability can be caught: when we write the code, when we deploy the code, or when the code is running. If a vulnerability is not caught until the code is running, we probably made a mistake. We can then go back and look at the first two steps to see where we should have caught the issue. I am 100 percent satisfied with the context provided by Trend Vision One - Cloud Security. Trend Vision One - Cloud Security protects my cloud workloads. If an attack gets past the first two layers, I still need a way to protect the endpoints, whether they're EC2 instances, virtual machines in Azure, or even on-premises servers. I need a single pane of glass to see all of my endpoints. And let's say there's a zero-day attack, something that no one knew about and couldn't have caught. With Workload Security, I don't need to patch it immediately, even if it's a Windows update. Workload Security can patch it for me and put security tools around it. So we use it for patching and filtering, as well as other security needs. It sits on our virtual machines and whatever cloud we use. The biggest benefit of Trend Vision One - Cloud Security is its single pane of glass view. Other cloud providers, such as AWS and Azure, offer similar features, but they require multiple dashboards and reports. With Trend Vision One - Cloud Security, I have a single pane of glass view of my entire infrastructure. We also use Trend Vision One - Cloud Security for many security needs, including endpoint protection and Office 365 protection. This gives me a single vendor, a single pane of glass, and a single console to manage the security of all of my platforms. Trend Vision One - Cloud Security gives us full visibility and control of our cloud environments. When I am asked difficult questions, or when I am going through an audit or other process, I use its reporting and dashboarding capabilities to get all the information I need in one place. This saves me from having to correlate data from different sources, and it helps me to resolve audit and compliance workflows more quickly. Visibility helps us resolve complexity in our environment by providing quick snapshots of an account. This is especially useful when I'm trying to get an overview of a new workload or a new company, as it allows us to take a snapshot of the environment to make it easier to ingest. We buy our subscriptions through the marketplace because it's easier. I don't want to buy credits, because I can use the marketplace as needed. It also allows us to quickly bill the subscriptions to our existing account, so I don't have to set up another vendor or billing terms. I can just quickly use the marketplace, choose the subscriptions I want, and pay as I go. It's perfect. Conformity would give me a good overview of what infrastructure we are using and where we can potentially save costs by emphasizing the infrastructure that we do not necessarily need. Trend Vision One - Cloud Security protects me in the cloud, protects my registry, and protects my DevOps pipeline. It is not necessary for Trend Vision One - Cloud Security to protect all of these things. Additionally, Trend Vision in general also protects our Office 365 infrastructure, including SharePoint, Teams, and Outlook. Protecting all the data across our environment is extremely important these days. No matter what industry we're in, it's crucial to understand our data security protocols, where our data is stored, how it's protected, and how it's accessed. This information gives us a single, overarching view of our data security posture, which helps us to identify and remediate misconfigurations and quickly respond to zero-day attacks or compromises. The sooner we know about a security incident, the fewer repercussions we're likely to experience.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use the Contrast OSS feature that allows us to look at third-party, open-source software libraries, because it has a cool interface where you can look at all the different libraries. It has some really cool additional features where it gives us how many instances in which something has been used... It tells us it has been used 10 times out of 20 workloads, for example. Then we know for sure that OSS is being used."
"I am impressed with the product's identification of alerts and vulnerabilities."
"This has changed the way that developers are looking at usage of third-party libraries, upfront. It's changing our model of development and our culture of development to ensure that there is more thought being put into the usage of third-party libraries."
"It is a stable solution...Contrast Security Assess is one of the first players in this market, so they have experience and customers, especially abroad. Overall, it's a good product."
"Assess has an excellent API interface to pull APIs."
"The solution is very accurate in identifying vulnerabilities. In cases where we are performing application assessment using Contrast Assess, and also using legacy application security testing tools, Contrast successfully identifies the same vulnerabilities that the other tools have identified but it also identifies significantly more. In addition, it has visibility into application components that other testing methodologies are unaware of."
"No other tool does the runtime scanning like Contrast does. Other static analysis tools do static scanning, but Contrast is runtime analysis, when the routes are exercised. That's when the scan happens. This is a tool that has a very unique capability compared to other tools. That's what I like most about Contrast, that it's runtime."
"The accuracy of the solution in identifying vulnerabilities is better than any other product we've used, far and away. In our internal comparisons among different tools, Contrast consistently finds more impactful vulnerabilities, and also identifies vulnerabilities that are nearly guaranteed to be there, meaning that the chance of false positives is very low."
"The most valuable part of Trend Vision One - Cloud Security is its dashboard, as it's simple. It's easy to manage, and you can better control the solution."
"I use the tool for security solutions. It's a leader in Gartner and Forrester Wave reports. Customers rely on these reports."
"Detection response and cloud conformity are valuable features."
"It has the best EDR functionality for cloud and typical endpoints."
"The perfect package for all security platforms, providing more than any other endpoint solution."
"The storage and computing features are valuable."
"I really like Trend Vision One - Cloud Security's dashboard."
"I like the conformity and workload security modules. Workload security is all about intrusion detection and prevention. Trend Vision One - Cloud Security has behavioral rules that are auto-populated based on organizational structure. That's one aspect that we liked most."
 

Cons

"The product's retesting part needs improvement. The tool also needs improvement in the suggestions provided for fixing vulnerabilities. It relies more on documentation rather than on quick fixes."
"Regarding the solution's OSS feature, the one drawback that we do have is that it does not have client-side support. We'll be missing identification of libraries like jQuery or JavaScript, and such, that are client-side."
"I think there was activity underway to support the centralized configuration control. There are ways to do it, but I think they were productizing more of that."
"The out-of-the-box reporting could be improved. We need to write our own APIs to make the reporting more robust."
"I would like to see them come up with more scanning rules."
"Personalization of the board and how to make it appealing to an organization is something that could be done on their end. The reports could be adaptable to the customer's preferences."
"Contrast Security Assess covers a wide range of applications like .NET Framework, Java, PSP, Node.js, etc. But there are some like Ubuntu and the .NET Core which are not covered. They have it in their roadmap to have these agents. If they have that, we will have complete coverage."
"To instrument an agent, it has to be running on a type of application technology that the agent recognizes and understands. It's excellent when it works. If we're using an application that is using an unsupported technology, then we can't instrument it at all. We do use PHP and Contrast presently doesn't support that, although it's on their roadmap. My primary hurdle is that it doesn't support all of the technologies that we use."
"Trend Vision One - Cloud Security could improve connections with different types of authentication and user groups concerning cloud services."
"Trend Vision One - Cloud Security seems to have a preference for AWS Cloud over Azure and would be improved by focusing equally on both."
"I'd like to see mobile licenses included in the main license, similar to Kaspersky's model for future features."
"The initial setup is easy for someone who operates container platforms on a daily basis. However, it could be difficult for those coming purely from informational security or another field of an IT."
"While it provides some data protection within its security framework, it doesn't allow users to customize policies or create their own for specific needs."
"They should provide a way for users to see violations for specific compliance."
"The product could use a little bit of automation."
"Documentation on cloud architecture and job architecture would be helpful."
 

Pricing and Cost Advice

"It's a tiered licensing model. The more you buy, as you cross certain quantity thresholds, the pricing changes. If you have a smaller environment, your licensing costs are going to be different than a larger environment... The licensing is primarily per application. An application can be as many agents as you need. If you've got 10 development servers and 20 production servers and 50 QA servers, all of those agents can be reporting as a single application that utilizes one license."
"I like the per-application licensing model... We just license the app and we look at different vulnerabilities on that app and we remediate within the app. It's simpler."
"The solution is expensive."
"The product's pricing is low. I would rate it a two out of ten."
"For what it offers, it's a very reasonable cost. The way that it is priced is extremely straightforward. It works on the number of applications that you use, and you license a server. It is something that is extremely fair, because it doesn't take into consideration the number of requests, etc. It is only priced based on the number of onboarded applications. It suits our model as well, because we have huge traffic. Our number of applications is not that large, so the pricing works great for us."
"You only get one license for an application. Ours are very big, monolithic applications with millions of lines of code. We were able to apply one license to one monolithic application, which is great. We are happy with the licensing. Pricing-wise, they are industry-standard, which is fine."
"The good news is that the agent itself comes in two different forms: the unlicensed form and the licensed form. Unlicensed gives use of that software composition analysis for free. Thereafter, if you apply a license to that same agent, that's when the instrumentation takes hold. So one of my suggestions is to do what we're doing: Deploy the agent to as many applications as possible, with just the SCA feature turned on with no license applied, and then you can be more choosy and pick which teams will get the license applied."
"The pricing for Cloud One is reasonable because my costs scale up and down based on my infrastructure usage."
"It's a slightly expensive product."
"Two years ago, it cost $200 for 20 credits, which was a high cost."
"I rate the solution's pricing a six out of ten."
"Pricing for Trend Micro Cloud One Container Security in the corporate market is okay."
"The price could be lower. That is a bit of a consideration."
"While Trend Vision One - Cloud Security was a cost-effective solution for us in 2021, we've noticed a recent price increase that makes it less affordable."
"The is price is 25% cheaper than it was a couple of years ago, which is good."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
814,572 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Manufacturing Company
11%
Computer Software Company
11%
Insurance Company
8%
Educational Organization
30%
Computer Software Company
14%
Manufacturing Company
6%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Contrast Security Assess?
When we access the application, it continuously monitors and detects vulnerabilities.
What is your experience regarding pricing and costs for Contrast Security Assess?
The product's pricing is low. I would rate it a two out of ten.
What needs improvement with Contrast Security Assess?
Technical support for the solution should be faster. We have to further analyze what kind of CVEs are in the reported libraries and what part of the code is affected. That analysis can be added to ...
What do you like most about Trend Micro Cloud One Workload Security?
The the most valuable feature is the scanning engine. It does not impact server performance. It's very lightweight.
What is your experience regarding pricing and costs for Trend Micro Cloud One Workload Security?
The is price is 25% cheaper than it was a couple of years ago, which is good.
What needs improvement with Trend Micro Cloud One Workload Security?
The local agent should be able to show more logs. At present, the logs are only available from the web console and not from the local agent.
 

Also Known As

Contrast Assess
Trend Micro Cloud One , Cloud One Workload Security, Trend Micro Cloud One Container Security, Trend Micro Cloud One Application Security, Cloud One File Storage Security, Cloud One Network Security, Cloud One Conformity
 

Overview

 

Sample Customers

Williams-Sonoma, Autodesk, HUAWEI, Chromeriver, RingCentral, Demandware.
Information Not Available
Find out what your peers are saying about Contrast Security Assess vs. Trend Vision One - Cloud Security and other solutions. Updated: July 2024.
814,572 professionals have used our research since 2012.