I primarily use the solution to prevent attacks. 

It's good for detecting malware and anomalies. We use it on our endpoints. 

The user interface is very good. Everything is all on one single platform.

With this product, we get centralized visibility and management across all of our protection layers. With a central platform, we don't have to look around across different websites or platforms. We can go right on the portal and manage things. It also helps us reduce the learning curve. We can manage and monitor products from the same place instead of learning different platforms. It's also helped us increase efficiency.

We have made use of the executive dashboard. It greatly increased visibility. We get a risk management view and metrics that help us narrow down and find issues. It helps us reduce risks. The risk index feature gives us a score to help us in our security goals. With it, we know what's the baseline or standard, so now we know what we need to do in order to meet the standards out there in the industry. We can see everything we need to in one glance. 

It's kept up to date and is consistently improving. This helps us protect our environment. 

The patch management has been very useful. They help recommend what needs to be installed.

We leverage the attack surface risk management capabilities. It shows the entire incident, including how it happened. We can use the information when we're doing forensics.

We've been able to reduce our mean time to detect and mean time to respond. What would previously take us two to three hours to fix, we can do in one hour or even half an hour. We've also been able to reduce the amount of time we spend investigating false positives. 

We'd like to see more use of AI around analytics and controls. 

I've been using the solution for five years. 

The stability is good; I'd rate it eight out of ten.

We're a small-to-medium-sized company. We have it deployed to less than 5,000 users. 

I'm not sure of the scalability. It works for us and our company size.

Support is okay. They could be more responsive and could provide more communication channels. 

Positive

We did not previously use a different solution. 

I'm more of an end-user. I do not handle the installation aspect. The deployment was done a long time ago. 

The tool does not require much maintenance. 

I'm not familiar with the exact pricing of the solution. My understanding is the licensing is reasonable. 

I'm an end-user and customer. 

I'd rate the solution eight out of ten. It has very good management and monitoring benefits. 

We rely on Trend Micro Vision One as our Extended Detection and Response platform, leveraging its capabilities for endpoint detection and response across our entire IT environment.

Trend Micro Vision One boasts a good detection rate thanks to its data lake analysis and frameworks like MITRE. This helps minimize false positives, ensuring alerts are truly security threats. While no platform is flawless and occasional false positives can occur, Vision One's detection is effective for our use cases.

Trend Micro Vision One doesn't have a separate module for advanced threat protection. Instead, its standard endpoint protection, formerly Apex One, includes features like real-time scanning with advanced telemetry collection to identify and prevent unknown threats. These features go beyond basic signature-based detection and offer advanced actions like specific file quarantine or cleanup thanks to machine learning capabilities.

Trend Micro Vision One uses real-time machine learning to detect ransomware, a critical tool since cybercrime is increasingly focused on extortion. While ransomware isn't new, its prominence in news reports makes it a major concern. However, even though it's widely reported, it may not be the biggest threat. For healthcare organizations especially, protecting patient data from being leaked and sold on the dark web is paramount. This is why using tools like Trend Micro Vision One is crucial.

Trend Micro's Vision One simplifies security management by offering a unified console for threat detection, investigation, and hunting across all security layers. This replaces their previous approach of separate consoles for different products like cloud app security and Cloud One, eliminating the need to switch between consoles for a complete security picture.

While telemetry data offers valuable insights into identity access, endpoint detection, and threat intelligence, doesn't provide complete visibility. There's no access to firewall logs or built-in network access control. However, the platform's strength lies in its advanced features like intrusion detection and integration capabilities, allowing for threat hunting and sharing data with other security solutions.

Vision One uses two methods for endpoint detection. The first is "active update," where devices connect securely using port 443 to the cloud to download the latest signature data every 12 hours, ensuring they have up-to-date protection. This eliminates the need for on-premise signature updates.

Vision One is user-friendly with clear navigation, but its wealth of data can be overwhelming for new users. For example, telemetry can be complex, and some alerts might go unnoticed by inexperienced users who lack the necessary skills to interpret the data effectively. This isn't a flaw of the product itself; it's simply a matter of needing the right training and experience to get the most out of it.

Vision One, while easy to manage, requires significant upfront investment when building a platform from scratch. Configuring agent deployment, servers, and third-party integrations, takes many hours and there's no perfect out-of-the-box solution.

While initially considering Trend Vision One as just a replacement antivirus solution, we realized its extended detection and response capabilities offered more than just basic endpoint protection. XDR allows for collecting telemetry data beyond signatures, enabling us to identify threats like suspicious file activity, lateral movement, and potential command-and-control communications. This provides a more comprehensive security posture compared to traditional antivirus solutions and helps reduce our workloads.

Our organization utilizes the full range of Trend Vision One features, excluding tipping points. This includes attack surface risk management, XDR threat investigation, endpoint, cloud, network security, and email protection. This full security posture positions us well for our future security roadmap.

Trend Micro Vision One requires significant customization to fit our specific needs, which increases the administrative burden. While the wider data collection offers a broader security net, we don't utilize all its services (e.g., Okta integration). This necessitates manual log ingestion from Azure (e.g., anonymous logins, suspicious tokens) and additional verification using separate tools like Azure for risky sign-in detection and IP vetting, making it a more hands-on security solution.

Trend Vision One has some usability issues. For example, extracting browser history for forensic analysis is cumbersome. The platform parses the history file but then doesn't allow exporting the data, making it difficult to share findings with managers. Additionally, the lack of a Network Security Installer for endpoint agents is surprising, especially considering servers have them. The feature request process, relying on a community voting system within a product portal, seems inefficient. Overall, improvements in data consistency and user-friendliness would be beneficial. 

I have been using Trend Vision One for two years.

Despite having several open support tickets with Trend Micro, I'm impressed by their exceptional customer service. Unlike Microsoft, they proactively reach out by phone to resolve issues quickly. This personalized approach makes me confident we'll get everything sorted out.

Whenever I encounter an issue, technical support is fantastic at providing a root cause analysis, which helps me understand the underlying problem and document it accurately for leadership.

Positive

I wasn't involved in the initial Trend Vision One deployment, but I heard about performance problems. While my team deployed the product itself through SCCM after enterprise approval, the agent caused high CPU usage due to configuration issues. Now, from my new perspective, it's clear these problems stemmed from deployment configuration, not the product itself.

Trend Micro recently switched from a license-based pricing model to a credit system, which caused some initial frustration during my renewal. While I've spoken with their leadership about the credit system's functionality and potential improvements, it still feels unconventional even though I'm now more comfortable with it.

I would rate Trend Vision One eight out of ten. 

In our organization, the IT department has a collective decision-making process for product procurement. During the proof of concept calls, a group of 30 IT professionals evaluate vendor presentations, like, Microsoft partners showcasing Windows Defender. They consider features, budget fit, and individual preferences before voting on the best option. Leadership then finalizes the purchase. While I, the senior security team member, have no direct influence on product selection like Trend Vision One, I significantly impact its functionality. I work directly with Trend Micro, providing daily suggestions for product improvement within the platform.

Upon taking control of Trend Vision One, I identified several areas for improvement, including integrating custom data feeds like taxi data, deploying agents in different ways, and collecting telemetry data specific to our environment e.g., Office 365 data. Since Trend Vision One doesn't natively collect everything, and tailoring it to our needs involved significant effort e.g., setting up DLP rules for email and collaboration, I'm unsure about its initial impact without customization.

While a patch exists for the vulnerability through Tipping Point, we don't have it, our existing intrusion prevention/detection rules within our server and workload protection system offer some mitigation. A specific module in this system is being configured to address the CVE and potentially protect our assets even if a patch isn't applied.

Trend Vision One is a great cybersecurity platform that requires upfront effort to set up but offers comprehensive protection for your organization. While it has room for improvement, the developers are actively adding new features like cloud scanning and AI-powered detections, demonstrating their commitment to innovation. This ongoing development ensures Trend Vision One stays relevant and effective in the ever-evolving security landscape.

Our biggest security challenge was the number of alerts. It has helped with the reduction in alerts. We had too many alerts in the past that were false positives. The reduction in alerts was definitely a big benefit to us.

With Vision One, we have a platform view and all alerts go to one place. It gives us a much better understanding.

We definitely have better visibility. We can now detect things that we could never detect in the past using traditional AV platforms. That is definitely the biggest benefit. The second one is the risk score where we can see where the risk is in the business, and we can actively call and address it.

We use it on all of our endpoints. We use it on our cloud, on our email, M365, SharePoint, and OneDrive. We have been using it pretty much everywhere.

Vision One provides us with centralized visibility and management across protection layers. It is critical to us. Without it, our staff has to work harder because we are in multiple dashboards, and we do not have a giant picture between the systems and the security layers. Vision One connects it all together for you, and it can show us an attack from start to finish. It allows us to defend that much better.

Vision One has definitely increased our efficiency by reducing the number of alerts and correlating them. It is almost impossible to put a real number on it, but we definitely see things that we could not detect without it. There is probably 50% efficiency.

We use the Executive Dashboards. It is important to us that we can drill down from the Executive Dashboards into XDR detections.

We use the Risk Index feature. We look at the highest risks to the business, and we actively address those risks. There is a little bit of gamification with it. We have engineers looking to reduce the overall score of the business. They are targeting the biggest risks that Vision One has given us and that are most likely to be exploited. By addressing that, we reduced our risk score, and, as a side effect of that, we improved our business' security posture.

We use the Attack Surface Risk Management capabilities. We can see what is being actively exploited in the wild, and if we see some of that in our perimeter, we are going to do that straight away. We have full visibility of what is vulnerable, which allows us to prioritize.

Trend Micro XDR has helped to decrease our time to detect and respond to threats. With the combined visibility of Vision One, we get a lot of better-quality reports. In the past, with products like SIEM, we used to get a lot of noise. We would get thousands of alerts that were never risks to us, whereas XDR is all joined together. It gives you a much more confident data set, and from our data set, we can then start addressing the real risks to the business, which we have never been able to do in the past. It is the primary driver for business change. We get great visibility and high-quality alerts. We never measured the time to detect in the past, but I know that we are now detecting things within an hour or so, whereas in the past, it might be in hours if not days. We would have never detected some of the things in the past because we did not have a tool to do it.

Vision One has helped to reduce the amount of time we spend investigating false positive alerts. It has saved a lot of time. Traditional tools give you completely out-of-context alerts, which take time. We had thousands of alerts to look at, but 99% of them were just false positives. People sat on those alerts all day long that were never going to be an issue for us. When you get an XDR and Vision One in place, you start getting good-quality alerts. It just frees up countless amounts of time, but I cannot give a number.

We use its automation capabilities. Some of the playbooks have saved us days. They have taken action without the security being involved. 

It is definitely the center of our detection and response these days. We are seeing things that we have not seen before or never detected with other tools. It has made us far more aware of what is on our estate. It provides better visibility and allows the threat detection team to stop anything that might even be a suspect well in advance. It has definitely improved our response times.

I like the workbench. It is a view of all the alerts or problems in your estate. The visibility that it provides to engineers is very useful. It is one thing having lots of alerts. It is another thing to have something to correlate all your alerts into a workbench for you so that you can see what is going on. 

Integration is very good. There are lots of integrations. There are third-party products that we use, so the integrations are beneficial.

Within five minutes, even a new engineer can understand how to use it. It is very intuitive. You can easily learn how to use the platform and get the most from it. 

It is very good. It is very simplistic to learn. It is very intuitive to learn. We do not spend a lot of time training the staff on how to use it. They can just pick it up and use it themselves quite well.

On the reporting side, we use quite a lot of reports and dashboards. This visibility is very beneficial.

Playbooks are very good, but on the automation side, they could always improve. Having more variables within the playbook would be useful. It would allow us to have more refined playbooks for the business. It would allow us to take stronger action through a playbook. It will give us confidence to target a particular area of business where our risk tolerance might be higher or lower. We would like to have more granular playbooks.

Further integrations with other products are always beneficial.

I have been using it for four years.

It has never been down for us, so it is very stable. I would rate it a ten out of ten in terms of stability.

We have never had any scale issues. It has been absolutely fine. I would rate it a ten out of ten for scalability. 

Their support is great. Whenever I have called them, the support teams have always been fast to respond. They are always helpful and willing to talk by email, phone, or WebEx. The escalations are always good as well. If we need further support, they are always there to promote that.

I would rate their support a ten out of ten. I do not think it can be improved. It is excellent.

Positive

We had a SIEM from LogRhythm. We almost replaced that entirely. We went for Trend Micro for a lot of reasons. The product was definitely the number one reason. It went through some rigorous testing with us, and we proved it to be very good and helpful to the business. Trend Micro's support model from their sales and delivery and their pricing model just worked for us. They were a good fit with our business.

Deployment on the cloud is always easy. Deploying the agents to the endpoints can take time due to the size of your estate, but it is not a Trend Micro issue. It is purely down to the size of your environment. If you have 1,000 endpoints, it is not going to take as long if you have 100,000 endpoints. It is just a bit of a scale thing. You have got to deploy it out. It is not the worst deployment we have ever seen.

It is fairly straightforward. Cloud-to-cloud gets done in minutes. With all such tools, it is always about how long it is going to take the IT team to deploy the agents to all of their endpoints. It was not a massive issue for us.

We spent a few months getting it working.

We had about four people for implementation and maintenance. We had about 11,000 endpoints. We have offices around the world. We have the UK, India, Canada, Australia, and many others. We have a full global team there. 

In terms of maintenance, the cloud does not require maintenance. The rest of it is about looking at the agents in terms of how the agents work, how they are deployed, and whether they are doing what we are expecting.

We do not calculate return on investment as such, but we have detected things that we may never have detected in the past. Those things could have turned into an actual real attack. We have probably saved far more than the cost of the system by not having an attack. The cost of being attacked, being exploited, having downtime, and reputation damage would be huge. It easily pays for the product.

It is definitely not cheap. I do believe you get what you pay for to some degree. It is cost-effective. The money we spend on it is justifiable. It is not the most expensive product in the market. It is definitely not the cheapest product in the market. You have got to weigh that off as part of your business risk and understand what the risk to the business is if you do not spend and invest in modern tools like Vision One.

I would definitely recommend this product. We would not be without it. I would definitely recommend doing a proof of concept in your environment. Once you have done that, you will realize the value of it, and once you realize the value of the tool, there is no going back. You would have to purchase it.

I would rate Trend Vision One an eight out of ten. They have room for improvement, but that is not at all unusual. It is still very good, and we would not want to get rid of it any time soon.

Its real-time analysis has impacted our security incident response time. We use the Workbench console and dashboards. We are normally able to analyze an incident in a few hours, understand what is going on, and provide a specific solution for any type of incident.

A few days ago, a user opened something with malware on their machine. In a few seconds, I received an email, and I received a pop-up in the console. To mitigate this, we removed the machine from the network and checked it.

In terms of integration, we intend to integrate more solutions with Trend Micro, but so far, we have just integrated the firewall.

Telemetry is very useful. They provide all the information. I can see specific details about any malware and various types of attacks. I can prevent my environment from different types of attacks based on what I see in the Vision One console.

Log inspection is also very useful for me. We check the logs all the time. In certain cases, it is necessary to analyze with more detail. It is very useful to understand what is going on in my environment with log inspection.

It is very expensive. 

I have been using this solution for ten years.

We do not have any problems with the stability of this solution.

It scales well. We do not have any problems with scalability.

At the moment, we do not have any plans to increase its usage.

Their technical support is good. They take some time to give me the answers, but in the end, they fix and solve all my problems. I would rate their support a nine out of ten.

Positive

We were not using any other solution previously. We have been using Trend Micro's solutions from the beginning of our operations in Brazil.

It is a SaaS solution. Its initial setup is not complex. It is very easy to deploy. It is not complicated. It is very user-friendly. It took around 15 days.

In terms of implementation strategy, we prepared some test machines and servers. After that, we deployed it for the entire company.

They do the maintenance, but we do not have any downtime in this maintenance mode.

We had a Brazilian reseller.

We have not seen an ROI.

Trend Micro's cost is higher than other solutions. That is the main reason why we need to switch to another solution.

We are using a full license that provides different types of features, but CrowdStrike does not provide some of the features such as MDM or anti-spam. We do not have these options or features with CrowdStrike. If we switch to CrowdStrike, we would have to buy other solutions to have a complete solution.

In addition to the license, there are no extra costs.

Its cost is high for us, so we are checking other options and other companies to provide the same solution. We are evaluating CrowdStrike, Trellix, McAfee, and Sophos. We have not yet received the quotation, but their cost is lower than Trend Micro.

Trend Vision One is very useful. It has many functionalities and integrations. Its integration with other products is growing. In the future, it will probably be the biggest console in the world.

Trend Micro is making some changes to the console. At the moment, it is a little bit confusing for our use case because we are using three or four consoles from Trend Micro. We intend to migrate to just one, which is the Vision One console, but at the moment, we are using the Apex One console for the workstations and the Cloud One console for the servers. I do not know if the integration is complicated for Trend Micro, but at this moment, it is not so easy for me to manage all devices.

I would rate Trend Vision One an eight out of ten.

It offers very good ransomware protection. You have more visibility on the network.

It helps with compliance. We are also well-protected from ransomware and network attacks.

It's improved our organization in two ways: we can have more visibility and have more confidence in security. We also have better reporting for regulatory compliance. 

The endpoint protection is the most useful. It's powerful. I've faced issues with other products regarding ransomware; however, with Trend Micro, I have no fear of network attacks. I have experience with consistent protection. 

Customers have NDR and XDR protection, and it's very good for protection. There are also regulations within our country that require us to use XDR. 

The centralized visibility is good. It's great for the IT team as they have to export reports to management for compliance. It helps with reporting. It's essential. 

The centralized visibility and management across protection layers helped our efficiency. We have a limited number of security engineers. With Trend Micro and its centralized dashboard, it will show everything we've learned and reflect reporting on the dashboard and this helps when you have a limited amount of users. It simply reduces the number of people that need to be involved in the security effort. 

We use the executive dashboards on both sides. We can drill down on them right into XDR detection. It's essential when we have an incident. If we need to know more about the threat, we need to know where and how they are attacking. We can drill down and get forensic data. 

The solution's risk index feature is very good. It comes out of the box. Our customers can use it. 

The product has helped us decrease our time to detect and respond to threats. 

It took some time to realize the benefits, as we had some issues with support. It took us three to four months to realize its benefits. 

The support should be improved. 

We'd like to see deception features in the next release. It would help us to reduce false positive alerts. 

I've been using the solution for seven years now.

The stability is good overall. 

The solution is scalable. You simply need the resources on the VM, and you can easily change your license. 

We've had issues with support. Their services could be improved. 

Neutral

I have used Fidelis and found you can control the endpoints better. They also have a deception module, which is very powerful. You can manage your endpoints perfectly. It also offers very good network visibility. I use both products. It depends on the customer's needs and approach.

I observed the deployment process. 

We had issues. It should be straightforward; however, with a customer, we faced a problem with technical support. It took us almost eight months to deploy. They had issues with the installation on the endpoints and on the network side. We had a problem with a few things, including use cases. 

The plan was to deploy in two weeks, and yet it took almost eight months.

From the customer side, there were three engineers, and from Trend Micro, there were one or two engineers working on the solution.

Almost every two weeks, there are maintenance calls. The customer has three people handling maintenance duties. 

The solution was deployed by support. 

The pricing is average. The costs are acceptable. It's good for small or medium-sized businesses. 

I'm a partner. 

We're using the latest version of the solution. 

I'd rate the solution eight out of ten. 

For enterprise customers, I wouldn't recommend the solution. However, it's a good solution for small or medium customers. New users need to ensure they have the correct sizing and licensing. 

You need to talk to the right support engineers in order to have a smooth experience. 

We use the solution primarily for monitoring. It's for running investigations.

If we need any endpoint logs, we're able to access them. It helps us with investigations. We can see, for example, if we are investigating email, the processes running, and any anomalous activity. It detects that kind of stuff. 

We are using MicroVision One and it helps us with centralized visibility and management across protection layers. Having a centralized view is very helpful. If we have everything in one place, we can see in one display all of the virtual information and attack rates, et cetera.  It makes it easier for an engineer to monitor everything. 

We use the risk index feature for the endpoints. It helps with the analysis of malware. It can automate scanning for day-to-day activities. 

Trend Micro helped us to decrease our time to detect when responding to threats. It has also helped reduce the amount of time used to investigate false positive alerts.

The support has been delayed at times. They could improve that aspect of the solution. 

I've been using the solution for about six months. 

The solution is stable. We've had a good experience. 

The solution can scale. I'd rate the ability to scale eight out of ten.

The support response can be delayed during investigations. 

Neutral

We did not previously use any other solutions. 

We did not handle the deployment. It was handled by Trend Micro.

There is a bit of maintenance required. However, the vendor handles it. 

Trend Micros handled the initial setup for us. 

I'm on the client side. I don't deal with the licensing directly. 

We use the solution across our network.

I'd rate the solution eight out of ten.

The information you get for the solution in terms of investigation, makes things easier. 

Normally, we use the solution for day-to-day investigations. We get alerts when something is going on in the environment. Right now, we are using that tool for the asset management team to identify services or applications that are not allowed for governance and all of these purposes. In addition to that, we use it for isolating devices. We also have a service with them, an MDR service. They analyze information, and they do investigations for us as well.

Mainly, we were concerned with the visibility of the environment. We didn't have a tool that was able to allow us to see or have visibility of what the endpoints were doing on the servers in the environment. That was the main reason to adopt this solution - to have visibility on the environment as, in the past, we didn't have that capability.

The isolation of devices has been really important. We like all the attack surface-managed NPEs. It's helping us to identify devices and protect us on the network. That's in combination with third-party integrations as well. We have integrations that are helping us to identify devices using our vulnerability management services. It's scanning the network and it's sending all that data to VisionOne. With that information, we identify devices that are protected on the network and the environment.

The reports are a really good feature for showing results to upper management levels.

The search features help us try to correlate information and identify any suspicious activity. That's another feature that has been really important.

We are using it everywhere except for the network, so we don't have the network discovery service from Trend Micro. However, we have it on endpoint servers and email and also the cloud as well. We use cloud conformity to connect that piece.

Trend Micro has a feature called Vision One, that provides us with centralized visibility management across all protection levels. That's helping us to have a centralized view of the console. That's the main reason why we still have that product.

Centralized visibility is important. When we are doing investigations, we can do everything in one console instead of moving to different screens or different windows. The centralized visibility and management across these protection levels helped with our efficiency. It helps us to identify quicker, any potential threat, or any special activity.

They have this feature called Risk Index which I use sometimes to validate the level of rates we have. We don’t use it often - maybe once every one or two weeks. We use it to rank our security operations overall. Mostly, we just check it out of curiosity.

We use the Managed XDR service that they have. It relieves a lot of workload especially during investigations or interim reports about any particular activity - especially with the coverage after hours. It is helping us with the capability there. Also, if something really bad is happening, we have eyes watching all the activity, which is nice.

Using this Managed XDR service enables our team to work on other tasks - especially when we, in certain ways, allocate some of the investigation pieces. We basically create a request for them to investigate things, and that allows us to focus on other things to optimize our security toolset. That's really helpful.

We use the attack surface risk management capability they have. We use that heavily right now. It was a big use case in the past few months. We use it to identify multiple devices without protection, the applications that have been used by our users, and which ones are risky. We are using that on a regular basis. It's helped us identify blind spots and more assets. It's positively affected our security posture by improving a lot of our visibility.

XDR helped us decrease our time to detect or respond to threats. In the past, we didn't have that visibility. When we enabled that tool, at the beginning, it was a little bit noisy. That's something to be expected coming from a new tool. However, after testing through these years, things are improving, and now we can see better results, especially during investigation alerts.

The solution has helped us to reduce the amount of time we spend investigating false positive alerts. In the beginning, there was a large amount of false positives. Right now, we are day to day trying to reduce them. At this point, they are lower compared with the beginning of the implementation. Things are improving. We are reducing false positives as we go which is great.

We do use the automation capability a little. However, we noticed some limitations, especially on the playbook side. The API we use. We are integrating that with another product, a SOAR product. The playbooks are a little bit limited in what they can do at this point. Let's say that we want to connect on a specific API. The templates we cannot modify very well. When we noticed that limitation, we decided to go and use Trend Micro VisionOne API and connect it to other tools to develop that activity using another product.

Under attack surface management, when you go to the specific sites or applications that the users are accessing, the capability of downloading that report could be better. Let's say, as an example, we want to identify users using chatGPT, for example. We want to download that data through an API or through the GUI. Right now, it's not available as an option. Maybe having the capability of extracting data from VisionOne for specific areas of the tool could work. That's something that could be useful, especially if we want to generate that report and send it to specific teams. Often, we don't want to provide DX to all the people. Sometimes it's easier to just have that file and share that file with the people who need to have that information. 

I've been using the solution for around three years now. 

The stability is good. It's not very common to have any outages. Sometimes there may be a glitch, however, it's rare. Normally we have 95% stability.

The scalability is good, especially when we are talking about third-party integrations. We can have visibility and control of all different assets. So we can have good scalability and visibility and know more about the environment in places where we didn't have any idea things were happening. It's a SaaS tool, and we don't have to do any maintenance, and it's easy to deploy. It's pretty straightforward.

When we have specific issues or problems connecting some products we ask for support. They respond really fast. They always try to mitigate and resolve all the issues we have. If they cannot resolve the problem, they normally share some suggestions on how we can mitigate future problems.

Positive

We did not use other solutions, although we did use Apex One for a long time. We have also used an EDR product.

I was involved in the deployment. I was the one leading the data during the implementation. The process is pretty straightforward. It was a little tricky to reduce the false positive alerts, however, the portion of deploying to the environment and connecting the pieces was simple. 

From our side, we had three or four people involved in the implementation. 

We had some help with the deployment and we had some guidance in the beginning. We requested some support from our account manager.

The pricing is good if you look at all the compatibilities and features offered by the product. There are features that can increase the pricing. We can put some credits to some features, however, if we want to enable them. With the amount of credit we have, we are covered for all of our needs.

I'd rate the product eight out of ten.

It is a really good product and easy to deploy. They allow you to have more visibility on your environment, especially if you have any kind of XDR solution. It will increase the visibility of what's happening in the environment. Also, from the perspective of doing maintenance updates or patches, the cloud is the way to go. The product management team does a really good job of increasing the features, and they are listening really closely to what the customer needs via feedback. 

We use Trend Micro XDR to enhance our security framework.

One of our partners was the victim of a major attack, and we realized that our environment was susceptible to the same thing because we were only using an antivirus solution. 

Trend Micro XDR is deployed on-premises, and we use it on our core business servers, clients, and the management portal to protect all of our network nodes from attacks.

Trend Micro Vision One provides centralized visibility and management across protection layers, which is important. It is part of our monitoring tool. The visibility gives us a centralized view of our network nodes, activities, and possible attacks.

The risk index feature plays an important role in our KPIs, which we report to the management team. Our business is dependent on our systems running 24/7.

Trend Micro XDR has helped decrease our time to detect and respond to threats.

Trend Micro XDR has reduced the time we spend investigating false positive alerts by 50 percent.

The most valuable feature is the network protection shield on every server, which isolates attacks and prevents our clients from being affected.

The deployment process could be more streamlined over the existing infrastructure, as it was not as easy as we thought. We are working with an expert from Trend Micro to improve the rollout process, but it has taken some time and we do not yet have a concrete understanding of the issue. There are some features that we have to install repeatedly before they start running.

I have been using Trend Micro XDR for one year.

Trend Micro XDR is stable.

Trend Micro XDR is scalable.

The technical support is good.

Positive

The deployment took six to eight weeks to complete. We had around five part-time people involved in the deployment.

Trend Micro XDR is expensive but we got a good deal from Trend Micro. We pay for an annual license.

Currently, we are researching the question of whether to use Trend Micro XDR when we switch from our classic NPLS internal corporate lines to an SD-WAN solution. Or if we should use an integrated solution from the SD-WAN and firewall provider, such as Palo Alto or Fortinet.

I would rate Trend Micro XDR eight out of ten.

We have 300 people in our organization that use the solution.

Maintenance is easy and done by two people, who update, patch, and install new servers; client-side, they also update user stations and analyze logs.

I recommend Trend Micro XDR. It is user-friendly.