Try our new research platform with insights from 80,000+ expert users

Rapid7 InsightIDR vs Trend Vision One comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Rapid7 InsightIDR
Ranking in Endpoint Detection and Response (EDR)
18th
Ranking in Extended Detection and Response (XDR)
14th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
32
Ranking in other categories
Security Information and Event Management (SIEM) (9th), User Entity Behavior Analytics (UEBA) (2nd), Threat Deception Platforms (5th)
Trend Vision One
Ranking in Endpoint Detection and Response (EDR)
4th
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
70
Ranking in other categories
Network Detection and Response (NDR) (3rd), Attack Surface Management (ASM) (2nd), AI-Powered Cybersecurity Platforms (3rd), Continuous Threat Exposure Management (CTEM) (1st)
 

Mindshare comparison

As of April 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Rapid7 InsightIDR is 1.1%, up from 0.7% compared to the previous year. The mindshare of Trend Vision One is 2.9%, down from 3.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Asim Naeem - PeerSpot reviewer
Providing comprehensive insight into alerts while working towards AI enhancement
I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.
DavidBowman - PeerSpot reviewer
It improves the detection speed, but it could be more customizable
They need to stop changing Vision One once a week. They're in a hurry to change things so badly and so fast that I can't find where stuff is half the time, which is a challenge sometimes. I've given one piece of feedback to their product guys. One thing that they're trying to make is a SIEM. It's a product where you input all the logs from your tools, and it creates additional insights into how things look. They've been kind of playing the "me too" game on that, even though that's not what I bought the product for. They have a new gateway where I can take my firewall of email logs and send it over there. In theory, it's supposed to do a more comprehensive evaluation of all my stuff to improve that risk index score. I'm not impressed with it, and I've told them as much. I feel if you're good at something, you should keep working on that and not try to be all the things to all the people. I bought a different email solution even though it would have been 10 times easier to just stay with their email solution because they aren't great at it. They are great at other things, but they're playing the "me too" game with some of their products. Their competitors do this, so they should be doing this, too. They need to pick a product and keep being good at that. If they're going to roll new things out, they should do it but do it right. They have a button to isolate an endpoint because it looks bad, but it doesn't usually work. I've had no chance to argue with the product guys to show them examples of how their button doesn't work. You think it does, but it doesn't work in a real environment. That can be a challenge sometimes. I can see in the data showing what is a false positive. But it doesn't save me time helping them figure out how to fix the problem in their engine. It can help me identify it as a false positive, but it doesn't apply that consistently. It will ignore the false positive for that device, but if they start detecting a false positive on Apple devices, I have eight thousand Apple devices and get 8,000 alerts. I can tell that specific false positive, but it doesn't learn from that particularly well. We use the executive dashboards, but I don't find them particularly useful. One is the ability to customize. That has gotten a little better, and it'll be better in the future. Most of what they have on there are data points that are generic and not particularly actionable. That's why it's called an executive dashboard. Executives want to see if we are secure, but it's hard for me to find out why our attack surface risk went down by x percentage. I don't know. It says that on the dashboard, but it doesn't give me specific details about why. I find it confuses my executives, and it's not useful for me because it doesn't give me things to work on. It will give me generic things on the executive dashboard like you have a thousand accounts with an old password. Those are big generic things, but I also can't tell it that our password policy is different from what your automatic detection model means, and I don't have a problem with that, so quit lowering my risk score. The risk score is useless. In theory, it's based on the random intelligence they're getting from their various customers. I'm in K-12 education, so they have a decent amount of K-12 customers, but it's a subset, and the baseline of what's common in K-12 education is not the same. There's not enough data to make that particularly clean or useful. Vision One is not custom, and that's part of my beef. That index score is based on whatever random report they're looking at from their data sources at any given moment in time. It's nice, but I'd rather have one that's based on your particular circumstances. Instead, it's saying that the number one attack threat surface for school districts is email phishing. It's too generic.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."
"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
"It improves because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively."
"I like the tool's user analysis feature."
"The alerting to drive investigations and remediation has been its most valuable feature.​"
"We were able to identify criminals attempting to login from China and put a stop on their IP locations."
"The solution's initial setup is easy."
"InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly."
"The workbench alerts provide valuable insights into attack chains and relevant information, while Observer techniques give a comprehensive overview of ongoing activities."
"Trend Vision One provides centralized visibility and management across protection layers, which is crucial for compliance."
"From an automation point of view, I find the ability to curate and deploy playbooks very helpful. I find that very convenient for us."
"The telemetric report is the most valuable feature."
"The most significant recent change has been the addition of the new AI companion."
"I love everything about the solution, especially the XDR features, the attack surface management, and the workbench alerts. It oversees vulnerabilities among the system and devices, prioritizing areas that need patching."
"The user interface is very good."
"Trend Vision One offers superior integrations, enhanced tool capabilities, and expanded solutions for network security, firewalls, and remote malware scanning."
 

Cons

"Lacks a mobile application."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.​"
"The product allows us to make only 30 custom rules."
"Needs a better ability to customize the check within the console."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"For XDR threat investigation, there is not enough documentation about how to search for different keywords. The documentation for keywords used in attack techniques is lacking, making it difficult to understand certain aspects."
"A room for improvement in Trend Micro XDR is more visibility into the alerts. We do get alerts from the solution, but when we are away, we need to have more visibility."
"I think that continued optimization of the environment towards automation and orchestration, a kind of layer that sits underneath all of the technologies, would be extremely important."
"While the continuous addition of features is commendable, the sheer volume of changes makes it difficult to stay abreast of the latest developments."
"An easier way to understand the credit structure would be helpful."
"To improve support, the company should streamline communication and reduce response times."
"Trend Vision One would be enhanced by incorporating an SIEM solution as a built-in feature."
"One area that requires improvement is the installation process of the agents, as it is not seamless."
 

Pricing and Cost Advice

"Rapid7 InsightIDR charges us based on the endpoints we connect to."
"The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.​"
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"The pricing of the solution depends on the user. But there is a yearly licensing cost."
"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."
"The solution has a mid-range price point in the market"
"​Accurately predict your licensing counts as this is a subscription based product.​"
"The pricing and licensing are competitive."
"Trend Micro XDR is expensive."
"I feel that Vision One is a bit expensive. As for the pricing or licensing, I would rate it a seven out of ten."
"The pricing of the solution is okay. There is a need for me to look into the new pricing plan introduced by the solution recently."
"Trend Micro's cost is higher than other solutions. That is the main reason why we need to switch to another solution."
"I do not have much visibility to it. It is definitely not a cheap product, but to my knowledge, it is out there with the big wigs in the industry, such as CrowdStrike, SentinelOne, and other EDR/XDR vendors. I had heard, and found out eventually, that their sales teams are very flexible, as more sales teams are."
"The pricing is competitive, and the cost aligns with the features we receive."
"The price is reasonable. It's not exorbitant. CrowdStrike and other players are on the higher side."
"It is costly. It is not that affordable for a small organization. Only big organizations can afford it. It is a new feature that has been added, so its price is fair. Its licensing is probably subscription-based. It is for one or two years."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
9%
Manufacturing Company
8%
Government
7%
Educational Organization
22%
Computer Software Company
19%
Financial Services Firm
6%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about Rapid7 InsightIDR?
During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...
What do you like most about Trend Micro XDR?
I appreciate the value of real-time activity monitoring.
What is your experience regarding pricing and costs for Trend Micro XDR?
It is very good. The flexibility to temporarily exceed license limits when setting up new devices is helpful, as it allows us to ensure security before purchasing additional licenses.
What needs improvement with Trend Micro XDR?
Improving the user interface would be helpful—it can be confusing, especially if you do not use it daily. We do not see a need for additional features. The tool has so many capabilities that it can...
 

Also Known As

InsightIDR
Trend Micro XDR, Trend Micro XDR for Users, Trend Vision One - XDR for Networks
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Liberty Wines, Pioneer Telephone, Visier
Panasonic North America, Decathlon, Fischer Homes, Banijay Benelux, Unigel, DHR Health,
Find out what your peers are saying about Rapid7 InsightIDR vs. Trend Vision One and other solutions. Updated: April 2025.
849,190 professionals have used our research since 2012.