About billing and pricing

Topics in this section:

Billing methods

Metered billing

You are billed based on the number of hours your computers are protected with Workload Security. These are known as 'protection-hours'. Pricing for metered billing depends on the type of metered billing you choose.

Bring-your-own license (BYOL)

You are billed based on a license that you pre-purchase from Trend Micro. For BYOL pricing, please contact the Workload Security Support team.

Free tier billing

There are two free options:

  • A 30-day trial. You are given unlimited access to Workload Security for 30 days.
  • 5 instance unlimited: You are given unlimited access to Workload Security as a Service with a 5 agent maximum. You are placed automatically in the '5 instance unlimited' category when your 30-day trial lapses, or when you cancel your metered or BYOL billing.

AWS subscription billing

Your Amazon Web Services (AWS) account is billed.

Azure subscription billing

Your Azure account is billed.

Pay as you Go billing

You are billed monthly for the protection-hours used the previous month.

The pricing for Pay as you Go is shown in the table below. The same rates apply for both AWS and Azure subscriptions.

The rates below only apply if you added the computers through the Workload Security console > Computers > Add Account. If you used Computers > Add Computer, the protection-hours are billed at the highest rate (Data Center) regardless of the computer's size.

Computer size Examples Cost per hour (in USD) per instance
Medium or smaller

Amazon EC2: C1, M1, M3, T1, T2

Amazon WorkSpaces

Azure: 1 core

Google: 1 core

$0.01
Large

Amazon EC2: C3, C4, M1, M3, M4, R3, T2

Azure: 2 cores

Google: 2-3 cores

$0.03
Extra-large and greater

Amazon EC2: C1, C3, C4, CC2, CG1, CR1, D2, G2, HI1, HS1, I2, M1, M2, M3, M4, R3

Azure: 4 or more cores

Google: 4 or more cores

$0.06
Data Center

All computers in Workload Security that are not from a cloud connector

$0.06

Annual + Pay as you Go

You are billed based on a number of seats, or 'licenses', that you pre-purchase from Trend Micro. 1 seat equals 1 agent, and can be purchased for a 1 month, 1 year, 2 year, or 3 year term. If you need to protect additional computers later, those overages are billed at the Pay as You Go rate.

To lower your costs, Trend Micro applies the Pay as You Go rate to the smallest size possible of your instances, and uses the (cheaper) seat license rate for your largest instances. For example, if you initially purchased 5 seats covering 5 medium instances, and then later added 4 more large instances, your 5 seats would cover the 4 large instances you just added plus 1 of your existing medium instances. The remaining 4 medium instances would be billed at the Pay as you Go rate.

Prepaid credit

You are billed based on a number of protection-hour credits that you pre-purchase from Trend Micro. By prepaying, you receive a discount on Pay as you Go rates. Please contact the Workload Security Support team for pricing details.

Trend Micro notifies you when an estimated 30 days of credit remain. The estimate is based on current usage. If credits run out before you renew, then existing protection remains, but you won't be able to activate Deep Security Agent on new computers, and existing agents won't receive updates.

Commit to using Workload Security for one year and save up to 30% (for largest instance sizes).

Credit card

Credit card billing is no longer offered for new deployments. If you are already using credit card billing, you can continue to use it.

You are billed monthly for the protection-hours used the previous month. Workload Security tallies your hourly usage and sends the total owing that month to CleverBridge, a third-party billing service, which subsequently bills you. CleverBridge handles all credit card information so Trend Micro never sees any of it.

Credit card pricing is the same as Pay as you Go.

What Workload Security considers as a protection-hour

This section applies only to metered billing methods.

Cost is based on hours during which your computers are protected by Deep Security Agent. Partial protection within a clock-hour boundary is considered a full hour. In the example below, you can see how this is calculated in the usage scenarios below.

Pricing and usage chart

When protection-hours start and stop

This section applies only to metered billing methods.

How Workload Security counts protection-hours varies by how the computer was added:

  • If added through Computers > Add Account: Protection-hours start when the instance is powered on, and include hours when the Deep Security Agent status is "Offline". Protection-hours stop when the instance is powered off, deleted, or the agent is uninstalled.
  • If added through Computers > Add Computer: Same as above, but excludes hours when the Deep Security Agent status is "Offline".

Even if an agent's status is "Offline", protection continues with the agent's last known configuration. Other features such as centralized reporting, however, require connectivity with the Workload Security console. To troubleshoot, see "Offline" agent. Alternatively, if the computer is decommissioned and will be permanently offline, you should de-activate its agent on the Workload Security console.