Try our new research platform with insights from 80,000+ expert users

Cybereason Endpoint Detection & Response vs Trend Vision One comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cybereason Endpoint Detecti...
Ranking in Endpoint Detection and Response (EDR)
25th
Average Rating
8.0
Reviews Sentiment
7.9
Number of Reviews
21
Ranking in other categories
Endpoint Protection Platform (EPP) (35th)
Trend Vision One
Ranking in Endpoint Detection and Response (EDR)
4th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
70
Ranking in other categories
Network Detection and Response (NDR) (3rd), Extended Detection and Response (XDR) (5th), Attack Surface Management (ASM) (2nd), AI-Powered Cybersecurity Platforms (3rd), Continuous Threat Exposure Management (CTEM) (1st)
 

Mindshare comparison

As of April 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Cybereason Endpoint Detection & Response is 1.0%, down from 1.3% compared to the previous year. The mindshare of Trend Vision One is 2.9%, down from 3.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Chad Kliewer - PeerSpot reviewer
We can make more informed decisions on whether an action is malicious
The ease of use and dashboards are improving. We came in at a time when they were developing a new dashboard screen. Therefore, we have had some confusing times between the old and new dashboards. Knowing how the new one works, I have seen vast improvements with it. While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper. They are improving on this because I have seen some improvements in the user interface that helps with this. Part of it was moving two different screens into one, merging the two together. It is very good, but it is very technically detailed and would be harder for an entry-level person to decipher. However, improvements are being made. It leverages indicators of behavior to help us remediate faster against attacks. Sometimes, I wish there was more detail on why they consider it malicious.
DavidBowman - PeerSpot reviewer
It improves the detection speed, but it could be more customizable
They need to stop changing Vision One once a week. They're in a hurry to change things so badly and so fast that I can't find where stuff is half the time, which is a challenge sometimes. I've given one piece of feedback to their product guys. One thing that they're trying to make is a SIEM. It's a product where you input all the logs from your tools, and it creates additional insights into how things look. They've been kind of playing the "me too" game on that, even though that's not what I bought the product for. They have a new gateway where I can take my firewall of email logs and send it over there. In theory, it's supposed to do a more comprehensive evaluation of all my stuff to improve that risk index score. I'm not impressed with it, and I've told them as much. I feel if you're good at something, you should keep working on that and not try to be all the things to all the people. I bought a different email solution even though it would have been 10 times easier to just stay with their email solution because they aren't great at it. They are great at other things, but they're playing the "me too" game with some of their products. Their competitors do this, so they should be doing this, too. They need to pick a product and keep being good at that. If they're going to roll new things out, they should do it but do it right. They have a button to isolate an endpoint because it looks bad, but it doesn't usually work. I've had no chance to argue with the product guys to show them examples of how their button doesn't work. You think it does, but it doesn't work in a real environment. That can be a challenge sometimes. I can see in the data showing what is a false positive. But it doesn't save me time helping them figure out how to fix the problem in their engine. It can help me identify it as a false positive, but it doesn't apply that consistently. It will ignore the false positive for that device, but if they start detecting a false positive on Apple devices, I have eight thousand Apple devices and get 8,000 alerts. I can tell that specific false positive, but it doesn't learn from that particularly well. We use the executive dashboards, but I don't find them particularly useful. One is the ability to customize. That has gotten a little better, and it'll be better in the future. Most of what they have on there are data points that are generic and not particularly actionable. That's why it's called an executive dashboard. Executives want to see if we are secure, but it's hard for me to find out why our attack surface risk went down by x percentage. I don't know. It says that on the dashboard, but it doesn't give me specific details about why. I find it confuses my executives, and it's not useful for me because it doesn't give me things to work on. It will give me generic things on the executive dashboard like you have a thousand accounts with an old password. Those are big generic things, but I also can't tell it that our password policy is different from what your automatic detection model means, and I don't have a problem with that, so quit lowering my risk score. The risk score is useless. In theory, it's based on the random intelligence they're getting from their various customers. I'm in K-12 education, so they have a decent amount of K-12 customers, but it's a subset, and the baseline of what's common in K-12 education is not the same. There's not enough data to make that particularly clean or useful. Vision One is not custom, and that's part of my beef. That index score is based on whatever random report they're looking at from their data sources at any given moment in time. It's nice, but I'd rather have one that's based on your particular circumstances. Instead, it's saying that the number one attack threat surface for school districts is email phishing. It's too generic.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We didn't have the visibility that we now have. It has increased our visibility by a lot. So, we put a lot more time into really looking at our environment and what is happening throughout our different networks. It has increased our visibility by around fivefold."
"Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations."
"For me, the technical support is good."
"The initial setup is not overly complicated."
"They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen."
"The dashboard is very good and you can consider it as an interactive UI."
"The initial setup was straightforward."
"What I like most about Cybereason Endpoint Detection & Response is the support because the support is good. The solution is also easy to use, and it has a dashboard. Everything is good, and there's no problem with it."
"Trend Micro can integrate third-party tools, such as Fortinet, Cisco, or any other vendor's firewall, to get the logs and alerts from them. Vision One is much more capable in that way."
"It is a stable product. It works very well."
"I can prevent my environment from different types of attacks based on what I see in the Vision One console."
"The SOC team is the most valuable feature for us because having experts who monitor global threat landscapes and can respond accordingly is incredibly helpful."
"The proactive approach is the best feature."
"Trend Vision One's greatest assets are its cloud-based platform and credit-based purchasing system, which eliminate the need for traditional licensing and procurement processes, enabling quick product acquisition within one or two days."
"Trend Vision One has significantly improved our company because we can now track and see how many attacks we have. Since we’ve implemented it, we haven’t had any major attacks that have successfully entered the company. So, we know the defense mechanism is working."
"Our speed has increased significantly."
 

Cons

"Cybereason does not have sandbox functionality."
"Ad hoc higher-level reporting to senior management can be improved or can be implemented. That's definitely an area of improvement that they need to focus on."
"They need to improve their technical support services."
"Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts."
"It should be more stable, and the sensor needs improvement in terms of connectivity."
"There is room for improvement in the product features related to device control, particularly USB management."
"The product's reporting isn't great."
"It initially took some time to deploy."
"The SOAR features (Security Playbooks) are quite limited."
"It should integrate with more tools. There are a lot of tools that can do the PTP dump."
"The reports lack detail and customization options, particularly for XDR, which hinders our ability to provide tailored reports to clients."
"A room for improvement is Trend Micro XDR's website. It's a very complicated website since finding the right point one wants to see is difficult."
"Vision One's search could be improved. While the platform is very user-friendly, the search feature uses terms that aren't as intuitive."
"In future releases of Trend Vision One, I would like to see improvements regarding role-based access control, as it is important to ensure that when granting admin access to a person, their visibility is limited to only their respective markets."
"There should be improvements in risk quantification, where the risk is displayed in a quantified manner, showing the dollar value loss."
"Trend Vision One would be enhanced by incorporating an SIEM solution as a built-in feature."
 

Pricing and Cost Advice

"I do not have experience with the licensing of the product."
"The pricing is manageable."
"In terms of cost, this is a good choice for our needs."
"This product is somewhat expensive and should be cheaper."
"I had to go through a third-party to purchase it, which I wasn't really pleased about."
"In terms of pricing, it's a good solution."
"We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money."
"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight."
"Competitors offer comparable solutions at slightly lower prices, so Vision One has room to reduce its pricing by 15 percent, given that Trend Vision One charges approximately $10 per endpoint."
"The pricing is fair and not on the higher side."
"It is definitely not cheap. I do believe you get what you pay for to some degree. It is cost-effective."
"The pricing is fair compared to other solutions."
"The price is reasonable. It's not exorbitant. CrowdStrike and other players are on the higher side."
"When I compare it to its peers that can do the same, it is cost-effective."
"Trend Vision One is cost-effective because it offers detailed reporting and environment control features."
"Trend Micro's licensing is outsourced to third-party vendors, resulting in price variations depending on the vendor."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
11%
Manufacturing Company
8%
Government
6%
Educational Organization
22%
Computer Software Company
19%
Financial Services Firm
6%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for Cybereason Endpoint Detection & Response?
Comparison with other products showed it be cheaper than some larger competitors. Set up cost for us were cheaper as we already had users experienced with the product in other business units. Initi...
What is your primary use case for Cybereason Endpoint Detection & Response?
We use it to improve detection in the whole industrial sector. We are a big energy company. Across multiple endpoints, we deploy the EDR to secure all, improve detection, and also attempt to automa...
What do you like most about Trend Micro XDR?
I appreciate the value of real-time activity monitoring.
What is your experience regarding pricing and costs for Trend Micro XDR?
It is very good. The flexibility to temporarily exceed license limits when setting up new devices is helpful, as it allows us to ensure security before purchasing additional licenses.
What needs improvement with Trend Micro XDR?
Improving the user interface would be helpful—it can be confusing, especially if you do not use it daily. We do not see a need for additional features. The tool has so many capabilities that it can...
 

Also Known As

Cybereason EDR, Cybereason Deep Detect & Respond
Trend Micro XDR, Trend Micro XDR for Users, Trend Vision One - XDR for Networks
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Lockheed Martin, Spark Capital, DocuSign, Softbank Capital
Panasonic North America, Decathlon, Fischer Homes, Banijay Benelux, Unigel, DHR Health,
Find out what your peers are saying about Cybereason Endpoint Detection & Response vs. Trend Vision One and other solutions. Updated: April 2025.
849,190 professionals have used our research since 2012.