Try our new research platform with insights from 80,000+ expert users

LogRhythm UEBA vs Trend Vision One comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm UEBA
Ranking in Extended Detection and Response (XDR)
25th
Average Rating
7.0
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
User Entity Behavior Analytics (UEBA) (11th)
Trend Vision One
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
69
Ranking in other categories
Endpoint Detection and Response (EDR) (4th), Network Detection and Response (NDR) (3rd), Attack Surface Management (ASM) (2nd), AI-Powered Cybersecurity Platforms (3rd)
 

Mindshare comparison

As of March 2025, in the Extended Detection and Response (XDR) category, the mindshare of LogRhythm UEBA is 1.1%, up from 1.0% compared to the previous year. The mindshare of Trend Vision One is 3.9%, down from 4.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Sheikh Abu Ayub Azad - PeerSpot reviewer
Great at managing cyber incidents; the technical support could be improved
The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.
DavidBowman - PeerSpot reviewer
It improves the detection speed, but it could be more customizable
They need to stop changing Vision One once a week. They're in a hurry to change things so badly and so fast that I can't find where stuff is half the time, which is a challenge sometimes. I've given one piece of feedback to their product guys. One thing that they're trying to make is a SIEM. It's a product where you input all the logs from your tools, and it creates additional insights into how things look. They've been kind of playing the "me too" game on that, even though that's not what I bought the product for. They have a new gateway where I can take my firewall of email logs and send it over there. In theory, it's supposed to do a more comprehensive evaluation of all my stuff to improve that risk index score. I'm not impressed with it, and I've told them as much. I feel if you're good at something, you should keep working on that and not try to be all the things to all the people. I bought a different email solution even though it would have been 10 times easier to just stay with their email solution because they aren't great at it. They are great at other things, but they're playing the "me too" game with some of their products. Their competitors do this, so they should be doing this, too. They need to pick a product and keep being good at that. If they're going to roll new things out, they should do it but do it right. They have a button to isolate an endpoint because it looks bad, but it doesn't usually work. I've had no chance to argue with the product guys to show them examples of how their button doesn't work. You think it does, but it doesn't work in a real environment. That can be a challenge sometimes. I can see in the data showing what is a false positive. But it doesn't save me time helping them figure out how to fix the problem in their engine. It can help me identify it as a false positive, but it doesn't apply that consistently. It will ignore the false positive for that device, but if they start detecting a false positive on Apple devices, I have eight thousand Apple devices and get 8,000 alerts. I can tell that specific false positive, but it doesn't learn from that particularly well. We use the executive dashboards, but I don't find them particularly useful. One is the ability to customize. That has gotten a little better, and it'll be better in the future. Most of what they have on there are data points that are generic and not particularly actionable. That's why it's called an executive dashboard. Executives want to see if we are secure, but it's hard for me to find out why our attack surface risk went down by x percentage. I don't know. It says that on the dashboard, but it doesn't give me specific details about why. I find it confuses my executives, and it's not useful for me because it doesn't give me things to work on. It will give me generic things on the executive dashboard like you have a thousand accounts with an old password. Those are big generic things, but I also can't tell it that our password policy is different from what your automatic detection model means, and I don't have a problem with that, so quit lowering my risk score. The risk score is useless. In theory, it's based on the random intelligence they're getting from their various customers. I'm in K-12 education, so they have a decent amount of K-12 customers, but it's a subset, and the baseline of what's common in K-12 education is not the same. There's not enough data to make that particularly clean or useful. Vision One is not custom, and that's part of my beef. That index score is based on whatever random report they're looking at from their data sources at any given moment in time. It's nice, but I'd rather have one that's based on your particular circumstances. Instead, it's saying that the number one attack threat surface for school districts is email phishing. It's too generic.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"The most valuable features are file activity monitoring and registry activity monitoring."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"The tool's most valuable feature is server threat hunting."
"I can investigate attacks more quickly using machine learning tools."
"The solution's most valuable features are the graphical user interface and the reporting."
"It is so helpful to have something that pulls all the data into one visual representation of the events."
"Trend Vision One offers superior integrations, enhanced tool capabilities, and expanded solutions for network security, firewalls, and remote malware scanning."
"The proactive approach is the best feature."
"Its threat intelligence sources enable it to automatically block domains known for command-and-control callbacks, effectively preventing attacks from those sources."
"The setup is fairly simple."
"We are very impressed with the single pane of glass visibility that Trend Micro XDR provides."
"The user interface is very good."
"For our day-to-day use cases, the correlation and attribution of different alerts are valuable. It is sort of an SIEM, but it is intelligent enough to run the queries and intentionally detect and prioritize attacks for you. At the end of the day, it is different data that you see. It correlates data for you and makes it meaningful. You can see that someone got an email and clicked a link. That link downloaded, for example, malware into the memory of the machine. From there, you can see that they started moving laterally to your environment. I quite like it because it gives visibility, so Workbench is what we use every day"
 

Cons

"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
"The search feature needs to be improved."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"The cloud version is lacking and not up to par."
"In general, if something needs to be improved in the algorithm, it would be the dashboards."
"Vision One's functional capabilities are excellent, but the platform can be upgraded and simplified in many ways. We use multiple playbooks to automate many things, but I'm not sure there are mature cybersecurity applications. There are several external alerts, and their behavior changes daily, so I'm not sure automation can help you that much. We're using the playbooks, but it might require some improvement."
"Having more variables within the playbook would be useful. It would allow us to have more refined playbooks for the business. It would allow us to take stronger action through a playbook. It will give us confidence to target a particular area of business where our risk tolerance might be higher or lower. We would like to have more granular playbooks."
"Also, XDR should improve its coverage of the latest IOCs. Their suspicious object management works, but the coverage should be improved. It will take one or two months to get those things covered. XDR will detect on a behavioral basis, but these databases will not get updated daily like some other solutions. If you're dealing with new ransomware or malware, it may take around a month before it's covered by Trend Micro."
"It would be great if there were Trend Micro products that could enhance the security of these devices, either as part of our product or in some other way integrated into our offering."
"I think that continued optimization of the environment towards automation and orchestration, a kind of layer that sits underneath all of the technologies, would be extremely important."
"Reporting could be a little bit better. They are working on it, and it is getting better."
"To improve support, the company should streamline communication and reduce response times."
"It would be ideal if they could improve the control of connectivity between sensors."
 

Pricing and Cost Advice

"The pricing is nice when compared to other products in the industry."
"Licensing is on a yearly basis. It's not expensive compared to its competitors."
"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
"LogRhythm UEBA's pricing is affordable for small and medium businesses."
"It is quite a budget-friendly product."
"Trend Micro's licensing is outsourced to third-party vendors, resulting in price variations depending on the vendor."
"The pricing is fair and not on the higher side."
"From a pricing standpoint, they're a really good negotiator and they'll work with you."
"Trend Micro XDR is expensive, and you have to pay for it yearly."
"The pricing is competitive, and the cost aligns with the features we receive."
"It's relatively well-priced."
"It is definitely not cheap. I do believe you get what you pay for to some degree. It is cost-effective."
"The pricing for Trend Vision One is reasonable."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
842,651 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
11%
Manufacturing Company
9%
Government
8%
Educational Organization
24%
Computer Software Company
18%
Financial Services Firm
5%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about LogRhythm UserXDR?
The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance...
What is your experience regarding pricing and costs for LogRhythm UserXDR?
I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive.
What needs improvement with LogRhythm UserXDR?
In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the us...
What do you like most about Trend Micro XDR?
I appreciate the value of real-time activity monitoring.
What is your experience regarding pricing and costs for Trend Micro XDR?
It is very good. The flexibility to temporarily exceed license limits when setting up new devices is helpful, as it allows us to ensure security before purchasing additional licenses.
What needs improvement with Trend Micro XDR?
Improving the user interface would be helpful—it can be confusing, especially if you do not use it daily. We do not see a need for additional features. The tool has so many capabilities that it can...
 

Also Known As

LogRhythm UserXDR, LogRhythm Enterprise UEBA
Trend Micro XDR, Trend Micro XDR for Users, Trend Vision One - XDR for Networks
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Information Not Available
Panasonic North America, Decathlon, Fischer Homes, Banijay Benelux, Unigel, DHR Health,
Find out what your peers are saying about LogRhythm UEBA vs. Trend Vision One and other solutions. Updated: March 2025.
842,651 professionals have used our research since 2012.