We use Vision One for antivirus, endpoint protection, and identifying misconfigurations in our cloud platform. It secures our servers and endpoints and detects any sort of malicious software or inappropriate user behavior. It's a cloud solution with agents on the machines for endpoint protection. 

Vision One gives us more insight. When we implemented the solution, we didn't have a mature security platform, so we couldn't see what was happening on our servers or what our users were doing. It has decreased our time to detect and respond. Initially, we didn't have as much insight into any attacks that came through. It gives us more data points to work with and guidance about the remediation efforts. We aren't dealing with eight or nine different systems to identify one issue. It's all centrally located in one place.

Their Managed XDR service acts as our security operations center. It helps us sleep a little better at night. We know that they can call us on the phone when a significant alert comes in after hours. It makes things more efficient because we know there's someone on the other side who can look at alerts for us and at least do the preliminary analysis if anything comes in. Multiple teams are notified when an alert comes in. We can allocate security resources more efficiently and plug more data sources into the Vision One platform. We don't need to dedicate personnel to continuously monitor the dashboard because we know someone is looking at it with us.

The platform has allowed us to identify blind spots and see where there are holes in our network. It suggests remediation steps in many cases.  There is typically a link in the documentation. That has been a significant benefit because it tells you what to do. For example, it might suggest running a command in the terminal to identify the issues or take x output and put it into y input. 

The solution reduces the time spent investigating false positives by around 65 to 75 percent. For example, when we are pushing out custom code, the workbench tells us the risk level. If it's 70 or higher, we check it out. At 69 or lower, it could be a false positive, so it might require some poking around. It gives us enough data in the alerts that anyone who knows the system could say, "Oh, that was me. I was running patches," instead of checking nine different systems to identify what triggered the alert. It's all there in the alert, including the hashes, commands, impacted web files, etc. We can instantly dismiss it as a false positive and flag it as resolved.

Vision One's playbooks help us save time but I can't say how much because we're still maturing those. For instance, we know what those patching commands look like, so we're working on a playbook to automatically ignore or close those false positive alerts as they come in. We're still trying to fine-tune those playbooks. 

I like Vision One's observed attack techniques feature. It lets you see what an attacker is doing, how they have tried to exploit a machine, or how malicious code is operating. It helps us discover indicators of compromise so we can write better rules for detection.

Migrating to the Vision One platform helped us because we no longer need to look at eight different screens to find data. It's all just consolidated into one location. Having everything in one place is critical. I've been in the industry for almost a decade now, and it's a struggle to find that single pane of glass for all my alerts, logs, and anomalies like random users clicking on a link or downloading a file. It's nice to have it all in one location. Having centralized visibility saves the time we would spend checking various systems to look for things. I can also correlate data points more effectively and make data-driven decisions about the remediation and mitigation of any internal or external threats discovered.

The executive dashboard is nice. It's consolidating all of the tools into the Vision One platform, giving you a high-level overview. Executives love dashboards and pretty colors. The ability to drill down into XDR detection from the executive dashboard his handy. I don't have to go fishing. We get an alert that says a machine did X, and I can fire it up. It's on the dashboard, so I can click on that machine, and it lets me drill down into the logs. It cuts down on the time required to do any kind of forensic analysis on anomalous alerts or behavior. 

The Risk Index gives you an overview of the risk and how it compares with others in your industry. It's nice to be able to quantify the risk, and it enables you to justify the spending on these tools to your executives by showing that it pays off. Also, if we start plugging in more data points and the risk score goes up, we can conclude that there are some issues with the new data source that we just hooked up to our platform. The goal is to have a risk level of zero, but that will be hard to achieve. 

We've received some mild complaints that the documentation is sometimes not up to date. 

I used Vision One at my last job, and I brought them on board when I joined this company, so I have been using the platform for about two years. 

I haven't had any issues with stability. 

We run several different AWS accounts, and Vision One keeps up pretty well. I haven't noticed any downtime, lagging, or crashes.

They were using something else, but my team wasn't in charge of it. Vision One offers a more mature platform. I had used it at my previous job. My boss brought it in because we had both worked with Trend Micro in the past. We know the platform and the engineers. 

Deploying Vision One was relatively straightforward. We were on the legacy platform. They had written a script, so all you had to do was hit the play button. We recently moved to their all-in-one VisionOne platform, which was super simple. The deployment team included two on our side and two on the Trend Micro side. Their engineers hopped on a call and walked us through the process. The setup process primarily entails deploying the agents globally. 

Trend Micro's licensing is fair. 

I rate Trend Micro nine out of 10. This is a SaaS product, so you can do a trial period. If you like it, contact their sales people and try to develop a good relationship with the company. 

We have deployed the Trend Micro product suite across all our servers and workstations, including their XDR component, Vision One.

Our decision to switch from Kaspersky to Trend Micro stemmed from the concerns surrounding Kaspersky and the Russian government. Following those developments, we were advised to discontinue using Kaspersky and began the process of evaluating alternative security solutions. Trend Micro ultimately emerged as our preferred choice due to their exceptional support during the proof-of-concept stage. Unlike other vendors, Trend Micro proactively dispatched an engineer to our corporate headquarters at their own expense to assist with setting up and running the POC, demonstrating their commitment to our success. Vision One was released a year into our contract and we were able to work with the Trend Micro account team to deploy it in our organization.

Previously, our security setup with Trend Micro was entirely on-premises. This meant we were managing our backend servers and manually reviewing security updates. It was a time-consuming process, especially when vulnerabilities arose in their on-prem products. Reviewing briefing files and ensuring everything was patched was a constant burden. Moving to the cloud was a game-changer. The maintenance of backend servers is now handled by Trend Micro, freeing up our resources. We receive monthly emails notifying us of upcoming maintenance, and they take care of everything behind the scenes. It's a breeze. Vision One has always been cloud-based, but our previous on-premises solutions included their endpoint product Apex One, server product Deep Security, and exchange product. When we transitioned to the cloud, Apex One remained our endpoint protection, while Deep Security evolved into Cloud One. Additionally, Cloud App Security was introduced, providing security features for SharePoint and Teams alongside Exchange Cloud. 

Trend Vision One streamlines our security by centralizing data collection and threat management. It pulls data from Exchange, SharePoint, endpoints, and servers to the cloud, providing a unified view of our IT environment. This centralized data feeds into advanced playbooks that automatically block URLs and files based on predefined conditions, reducing our reliance on manual intervention. For potential threats requiring further analysis, Vision One flags them for human review, allowing security personnel to quickly approve or deny access to specific URLs or files. These decisions then inform the suspicious object lists used across all deployed Trend Micro products, maximizing our overall security posture. In short, Vision One effectively automates routine tasks while empowering security teams to focus on critical decisions, making it a valuable asset for our organization.

Vision One grants us centralized visibility and management across our protection layers. With its ongoing development, Trend Micro has steadily consolidated this visibility into a single pane of glass.

Centralized visibility significantly improves our efficiency. Instead of scouring endpoints or hopping between the mail server and data lake, we can consolidate our search for malicious activity into one central location. Vision One empowers us to leverage comprehensive search parameters and scan all data within the data lake, not just data limited to specific products.

For me, the executive dashboard is always the first one I check. Then, I turn to the operations dashboard for a more detailed look. These two dashboards provide a comprehensive overview of our security posture, drawing data from internal and external assets, application agents without vulnerability assessments, and detected account compromises. Vision One also excels at alerting us to potential risks, including accounts exposed to data breaches. I've personally experienced this when the executive dashboard's risk score suddenly spiked due to flagged accounts. After investigating and confirming the risk, we dismiss the alert and the score adjusts accordingly.

The attack surface risk management capability has identified several vulnerability issues in external assets, necessitating immediate action. It has also shed light on blind spots within our environment. 

When we identify blind spots, we need to implement measures to address them and mitigate, reduce, or even eliminate the associated risk from our environment. Our team is relatively small, so dedicating someone to focus intensively on a single issue can be challenging. Vision One has alleviated this burden. Vision One's playbook and built-in automation features help us by proactively alerting us to issues requiring immediate attention, enhancing our overall security posture.

Vision One offers a feature where, if it detects a phishing email with high confidence, it automatically locks the email, removes it from the Exchange database, quarantines it, and disables any links within the email or similar emails. For emails requiring human intervention or immediate action, Vision One flags them for review. We can then approve or deny the actions on the URLs and emails within the system. We use Vision One as a secondary measure if something slips through our other security layers. It allows us to see exactly what happens when users click on a malicious link, even if it wasn't flagged beforehand.

To some extent, Vision One helps us reduce the time we spend investigating false positive alerts generated by our firewalls. While firewalls throw out many alerts, I often turn to Vision One for clients flagged as compromised. Jumping over the firewall report, I check Vision One's insights on those specific endpoints and the sites flagged by the firewall. Previously, I'd spend time on the machine itself, sifting through cookies and deleting temporary files to track the source of the suspicious traffic. But with Vision One, I can quickly see if the endpoint is trying to reach those flagged endpoints. In most cases, it turns out to be just Google searches – images or other elements loading as part of a search.

Vision One has become my go-to spot every morning because of the dashboards. They put everything I needed in one place, saving me the hassle of jumping between multiple platforms. It's a half-hour ritual that sets me up for success, allowing me to review everything efficiently and tackle the rest of my day with confidence. Vision One has probably saved me several hours of valuable time per day.

We currently have some playbooks in place, and we're exploring the option of adding more automation features to them. Our limited IT support staff is one factor that makes a managed XDR solution particularly appealing. However, we recognize the need to invest time in learning and understanding the available automation features, of which there are many.

I could visit VisionOne daily and check the operations dashboard. It provides a good high-level overview of our risk posture, and I can drill down to see the specific registrations from the endpoint network that VisionOne is highlighting. This helped us understand that our risk index recently increased due to users requiring patches for the latest Google Chrome bug. Beyond that, VisionOne offers a clear window into the security posture of our endpoints. It shows any existing vulnerabilities and, if applicable, highlights any available tools from Trend Micro that can help us reduce the risk and mitigate the issues.

The support documentation could be more comprehensive. The last time I needed to find information, it was scattered, and took me a long time to locate what I needed. 

I have been using Trend Vision One for almost six years.

While all products can encounter occasional stability issues, we've had specific instances where Trend Micro caused problems. We were unable to pinpoint the exact cause ourselves. Therefore, we contacted Trend Micro's technical support and collaborated with them to resolve the issue. In one case, it was a bug or previously unknown problem that was fixed in the next release.

Vision One is fairly scalable, especially the cloud model. Because as long as we have the licenses installed. They can create folders and groups to help keep things organized for us.

The technical support team is always incredibly helpful. Whenever we call them, they typically recommend using their data collection tool to gather some information. However, they're quick to respond, easy to work with, and knowledgeable, making for great customer service.

Positive

Previously, we used Kaspersky for several years after Symantec's exorbitant pricing led us to switch. We hadn't considered Trend Micro at the time. When concerns about Kaspersky arose due to the geopolitical situation, our director decided to move away from it. Seeking an alternative that was lightweight and met our needs, we explored various vendors and ultimately settled on Trend Micro.

The initial deployment was straightforward. Trend Micro sent one of their engineers from Toronto to Halifax to help us set up the point-of-sale system for the proof-of-concept trial. The beauty of their approach was that if we decided to move forward with Trend Micro after the POC, we only needed to apply the license to the existing model, and it could be seamlessly transitioned into production. The engineer worked closely with us to develop a script that would uninstall Kaspersky and install the Trend Micro product. They also helped us configure the necessary policies, making the entire process remarkably simple.

Three people were involved in the deployment including the engineer from Trend Micro.

The implementation was completed in-house with the help of a Trend Micro engineer.

Initially, the new pricing structure from Trend Micro seemed reasonable compared to what we'd seen before. They've introduced a credit system, where we purchase credits and then allocate them to the specific services we need active. This concept is intriguing, but it has its pros and cons. In the past, licensing for 700 clients meant purchasing 700 licenses for everything in the package, a straightforward approach. Now, the new system requires a sizing exercise to determine our actual needs. However, the upside is that unused credits don't go to waste. We can divert some to a sandbox environment or other Trend Micro service for a limited time, if needed, to address specific issues.

Each feature costs a certain amount of credits.

I would rate Trend Vision One a nine out of ten.

The on-premises version requires maintenance on the management server and update the software. The cloud model reduces the amount of time spent on maintenance dramatically because the cloud model automatically takes care of the software maintenance side of Trend Micro.

It offers very good ransomware protection. You have more visibility on the network.

It helps with compliance. We are also well-protected from ransomware and network attacks.

It's improved our organization in two ways: we can have more visibility and have more confidence in security. We also have better reporting for regulatory compliance. 

The endpoint protection is the most useful. It's powerful. I've faced issues with other products regarding ransomware; however, with Trend Micro, I have no fear of network attacks. I have experience with consistent protection. 

Customers have NDR and XDR protection, and it's very good for protection. There are also regulations within our country that require us to use XDR. 

The centralized visibility is good. It's great for the IT team as they have to export reports to management for compliance. It helps with reporting. It's essential. 

The centralized visibility and management across protection layers helped our efficiency. We have a limited number of security engineers. With Trend Micro and its centralized dashboard, it will show everything we've learned and reflect reporting on the dashboard and this helps when you have a limited amount of users. It simply reduces the number of people that need to be involved in the security effort. 

We use the executive dashboards on both sides. We can drill down on them right into XDR detection. It's essential when we have an incident. If we need to know more about the threat, we need to know where and how they are attacking. We can drill down and get forensic data. 

The solution's risk index feature is very good. It comes out of the box. Our customers can use it. 

The product has helped us decrease our time to detect and respond to threats. 

It took some time to realize the benefits, as we had some issues with support. It took us three to four months to realize its benefits. 

The support should be improved. 

We'd like to see deception features in the next release. It would help us to reduce false positive alerts. 

I've been using the solution for seven years now.

The stability is good overall. 

The solution is scalable. You simply need the resources on the VM, and you can easily change your license. 

We've had issues with support. Their services could be improved. 

Neutral

I have used Fidelis and found you can control the endpoints better. They also have a deception module, which is very powerful. You can manage your endpoints perfectly. It also offers very good network visibility. I use both products. It depends on the customer's needs and approach.

I observed the deployment process. 

We had issues. It should be straightforward; however, with a customer, we faced a problem with technical support. It took us almost eight months to deploy. They had issues with the installation on the endpoints and on the network side. We had a problem with a few things, including use cases. 

The plan was to deploy in two weeks, and yet it took almost eight months.

From the customer side, there were three engineers, and from Trend Micro, there were one or two engineers working on the solution.

Almost every two weeks, there are maintenance calls. The customer has three people handling maintenance duties. 

The solution was deployed by support. 

The pricing is average. The costs are acceptable. It's good for small or medium-sized businesses. 

I'm a partner. 

We're using the latest version of the solution. 

I'd rate the solution eight out of ten. 

For enterprise customers, I wouldn't recommend the solution. However, it's a good solution for small or medium customers. New users need to ensure they have the correct sizing and licensing. 

You need to talk to the right support engineers in order to have a smooth experience. 

We utilize Trend Vision One to identify and neutralize malicious activities on our network. This comprehensive security solution extends beyond traditional antivirus software, which relies on pattern matching, by actively monitoring endpoint behavior for anomalies and deviations from established norms.

In 2020, we transitioned to remote work like many other companies. During this transition, we conducted an internal Trend Micro office scan, which revealed that many of our users' devices were out of date due to their inability to connect to the VPN for extended periods. This prompted us to switch to Apex One later that year. As part of the Apex One implementation, we were given a complimentary trial of Vision One. During this trial, we received an alert that demonstrated the product's effectiveness, leading us to purchase a subscription. Vision One has been an excellent addition to our security arsenal. Trend Micro continuously adds new features and updates, making it an ever-evolving and valuable tool. The product's capabilities, functionality, and incident response capabilities have improved significantly over the past several years. We can set up playbooks to automate our response to specific incidents, which is a tremendous asset. Vision One is an outstanding security solution.

We are a state government agency that is subject to oversight by the state. Vision One has detected attempted attacks that the state SOC has missed, enabling us to swiftly halt these attacks and address the vulnerabilities before they escalate into more widespread problems.

The integrations have been great. There have been a couple of issues, but overall they've been very helpful. Vision One recently added the ability to connect to our on-premises AD. This was a sticking point for us for a year or so because we didn't have Azure. So we were stuck in a situation where we couldn't tie Vision One to our AD. But since they added the on-premises integration, it's been easy to set up.

Trend Vision One has saved us ten percent of our time. It has eliminated the need for us to rebuild machines. It has helped us even more than that because the few times we have had a threat, it has stopped it in its tracks. This has prevented the threat from spreading and compromising multiple machines. Without Trend Vision One, we would have had to investigate the threat, which would have taken time and resources. Additionally, we would have had to rebuild the compromised machines, which would have taken them offline and impacted our users. In some cases, a widespread outbreak could have occurred, causing even more disruption.

The dashboard provides great visibility into our risk profile. We receive a daily email report that outlines our risk score and identifies the machines with the highest risk. This information is based on usage patterns, vulnerabilities, and non-compliance issues. This helps us prioritize which machines require patching or further investigation.

Drilling down further, we can analyze how our users are utilizing their workstations, including the websites they visit. While we don't track specific website URLs, we can categorize website types and identify any potentially risky or inappropriate usage patterns. This allows us to proactively address any potential security concerns.

For instance, we identified a user who was using ChatGPT for work-related tasks. This flagged our system, and we were able to discuss the user's usage of ChatGPT to gain a better understanding of how our users are working and identify any areas that require additional attention.

Trend Vision One offers training sessions every few weeks or every month to showcase new features. However, the product's rapid development and the introduction of numerous new features make it challenging to keep track of the evolving interface and maintain a consistent understanding of its usability. While the continuous addition of features is commendable, the sheer volume of changes makes it difficult to stay abreast of the latest developments.

I have been using Trend Vision One for two years.

Trend Vision One has proven to be extremely stable in our environment. We have deployed the Trend Micro client across all workstations. Additionally, we utilize a tool for vulnerability scanning, one for application whitelisting, and FireEye, as mandated by state regulations. These security solutions coexist harmoniously, causing no compatibility issues. We have also implemented laptop encryption and other security measures to further enhance protection. Throughout our experience, Trend Micro has not caused any conflicts with Microsoft or our other security tools.

Trend Vision One is scalable. We can add another 150 machines with no problems.

The technical support is excellent. We experienced what we initially thought was a technical issue, but it turned out to be a state update that triggered alerts across all of our machines. I contacted the support team and our sales representative. Within an hour, the incident response team was on the phone with me, examining the file hashes of the updated DLL to determine the cause of the issue. They quickly identified that the update was not malicious. Their promptness and thoroughness were outstanding. The incident was resolved within three hours of receiving the alerts.

Positive

We lacked an XDR tool. Instead, we relied on FireEye, which offers similar capabilities, but it doesn't provide us with the same level of visibility as Vision One. Vision One has consistently detected threats that FireEye missed. While we were mandated to use FireEye by state regulations, we sought a more robust solution that could effectively identify anomalies and patterns. Vision One's utilization of the MITRE ATT&CK framework has been particularly advantageous. We've found great value in Vision One's comprehensive feature set, particularly its well-designed playbooks.

The initial deployment was straightforward. I was able to deploy Trend Vision One with the vendor's assistance within one week.

The vendor guided us through the implementation process and continues to conduct periodic check-ins to verify that everything continues to function effectively in accordance with industry best practices.

Our return on investment does not stem from direct cost savings but from the fact that Vision One has mitigated issues before they escalated into larger problems. This has saved us time, which is a valuable asset.

The pricing for Trend Vision One is reasonable. I am not sure of the exact amount we pay, but it is not excessively expensive.

I would give Trend Vision One a perfect score of ten out of ten. It is undoubtedly the best product in the market today. While I appreciate CrowdStrike and its offerings, I believe Trend Vision One stands out as the leader. In my opinion, these two products are the clear frontrunners in the XDR space at this moment.

Trend Vision One is deployed at a single location. We have approximately 50 endpoints. Most of our devices are laptops because we have a large number of employees who travel frequently.

Trend Vision One is maintenance-free, which is convenient because patching is handled seamlessly from the backend in the cloud. Trend Micro proactively notifies users about upcoming patching schedules and provides detailed information about the patches, new features, and updates. The patching process is managed entirely by Trend Micro, eliminating the need for user intervention. A client installed on the machines receives updates from the cloud server, ensuring that all devices remain protected and up-to-date without any manual effort.

I highly recommend Trend Vision One. Contact Trend Micro and they'll be happy to schedule a demo. I suggest installing the demo, testing it out, and seeing if it's a good fit for the organization's needs before purchasing. Trend Vision One is worthwhile.

We use the solution for event correlation.

We are deploying a server inside our network to use it as a data collector.

The solution provides all the information in only one dashboard. We have integrated with Lumen, NETSCOUT, and other MDM products such as Microsoft Intune and ManageEngine MDM. We have also integrated Chrome with VisionOne.

The login system could be improved. We must pass two different dashboards to log in to the solution. We have a second-factor authentication. We need to check the platform, which delays three or four minutes because of logging, checking email, and returning to the platform. If you multiply the entire team, we lose a lot of time daily.

I have been using Trend Vision One for two years.

I rate the solution’s stability an eight out of ten.

I rate the solution’s scalability a nine out of ten.

We have used Symantec before. We switched to Trend Vision because Symantec cut off support for Windows XP. We still have Windows XP in our environment.

The initial setup is easy because our assets are in interactive directory.

We’ve seen ROI because we controlled a malware attack in our network with Trend Micro two weeks ago.

We have tried other malware solutions. We chose Trend Vision because it supports Windows XP.

Overall, I rate the solution a nine out of ten.

I work with it as a third party in other companies. I installed XDR in other companies. And then, I help them understand the tool, help them with developing the necessary use cases, and understand, for example, how to do a threat intel, how to do a threat investigation, and stuff like that. Sometimes, I work with it as well by implementing it and actively using it in the customer's environment.

The workbench feature is excellent. It helps a lot with understanding how the environment is working and how the threats are working in their own environment. It helps a lot to understand where the threat is coming from, where it is going, how is it being dealt with, et cetera. 

We do not use XDR to protect a multi-cloud or hybrid cloud environment. I have other solutions on the cloud, like Apex One, the endpoint protection feature in the cloud. I have Cloud One Workload Security, which is protection for workloads and servers where the main console is in the cloud. I'm mainly using this to protect an on-premises environment. 

I've been using it for emails, for networks, endpoints, workload servers, et cetera. It has the ability to cover all of those. The coverage is really important. The integration between all those different tools and those different assets makes a big difference in understanding the analytics.

It provides centralized visibility and management across our protection layers. That helps in a lot of ways. For example, the fact that it has some centralized visibility means we can do searches between email addresses and an endpoint. We can take a workspace, for example, and do IPS detection in a workspace and understand from which endpoint something is coming. 

We use the executive dashboards that they have almost every day. Once we see an anomaly or something that feels weird in the environment, we can go straight to work, straight to the detections, and we can take a look at it to see what's going on. 

We use the Risk Index mainly to help us understand a customer's environment. We use it to get a brief overview of how the environment is, how high their risk is, and then, given the score that we've received, to understand what is causing this risk and then give them suggestions on how to take the score down.

We use the Managed XDR feature. It just basically collects the telemetry and sends it to the console so we can use it in other parts. It has helped a lot with the team's workload. The detection has been really, really useful. It helps a lot to rank where we should put our efforts. Sometimes we'll have to take a deep investigation into some of the stuff we see. Sometimes other issues emerge as we dig. It's helped in detection.

We use the risk management attack surface capability to understand the vulnerabilities and how high a risk something is in the environment. It can help with detection. It's helped us effectively identify blind spots. 

The product has helped us decrease time to detect. We've had some issues with a couple of our customers in which the XDR helped us easily detect an issue, and it was fast enough for us to be able to react and respond quickly in order to mitigate damages.

The web viewer could be improved. I've had some issues with it in the past. 

The zero trust is a bit complicated compared to other parts of the solution. 

Mostly, I don't have any issues with XDR.

I've used the solution for about three years.

I haven't had any issues with stability. There has been no crashing to lagging. We occasionally get informed about maintenance that may cause downtime. 

We've had no issues with scalability. 

I've contacted support in the past. They are pretty good. They have a high understanding of the platform and the solutions. If they need to escalate, it's easy to do so. 

Positive

We did not use a different solution previously.

I was involved in the installation. We have an agent installed in the endpoints or a sensor connected to the mail sensors. 

The initial setup is straightforward. You just click through with a simple connection. 

It doesn't require any maintenance on my end. 

We had about four people handling the implementation. We just had to have some credential access, and once the connections were made, we had to distribute the sensors throughout the environment. 

You need the whole platform to use XDR. However, there are some activities you don't need XDR to use. 

I'm not familiar with their pricing and licensing. 

We are an official Trend Micro partner.

We do not yet use the automation capabilities found in XDR.

I'd rate the solution nine out of ten. 

After implementing XDR, have a good understanding of how the workbenches work to create a decent playbook. Use the service gateway to your benefit. Connect your active directories, make connections, and use integrations with your firewalls. These third-party integrations are really good, and they help you a lot with your environment. 

We have deployed Trend Micro XDR on all our endpoints. It is deployed as an agent because we are using Trend Micro Apex, the antivirus agent, and the SaaS agent. This means that we receive notifications from XDR for any suspicious activity related to endpoints. For example, if a user connects to a suspicious website, XDR should alert us based on our rules. It can also generate alerts for malicious Windows activities.

In addition to deploying XDR on our endpoints, we have connected Vision One XDR to our Office 365 email platform. This allows XDR to read incoming emails. We can then configure rules to remove emails from mailboxes if they have certain properties or are particularly suspicious.

We have also connected XDR to our Azure platform, which is our user authentication platform. XDR can monitor for risky user sign-ins, such as sign-ins from unusual locations. If it detects any risk, it will notify us.

Finally, we have integrated XDR with a third-party tool to receive indicators of compromise. When we receive an IOC, Vision One will automatically run a check in our environment to see if any endpoints have been compromised. It will also check to see if any emails have been sent from any of the senders in the IOC listing. If it finds any matches, it will notify us.

We can also configure playbooks to automatically take action when XDR detects a threat. For example, we could configure a playbook to force a user to reset their password or isolate an endpoint from the network.

We are using the Trend Micro Vision One XDR agent. This agent component is installed on all of our endpoints, including servers, workstations, desktops, and any other computer elements. Vision One also has an API-based element, which we have connected to our email system, such as Azure.

Before Vision One, we had limited visibility into our security posture. Things were happening all around us, but we couldn't see them. With Vision One, we have centralized visibility and management across all of our protection layers, so we can see and respond to threats quickly and effectively.

I cannot imagine my day-to-day operations without the visibility that Vision One provides. It makes all the difference. No other platform compares to Vision One in terms of simplicity, ease of use, and importance.

Vision One has improved our efficiency with centralized visibility. Before Vision One, we had to go to different platforms and tools in our environment. Sometimes the information was missing and sometimes we were searching with the wrong terms. But because I can now see everything at once, it has helped. The decision we are making now is simply to go there, and whatever we have been faced with, the console is enough to make a decision.

We just signed a contract for Managed XDR services. We were managing our security before, but we'll start using their managed services next year. We've received a few escalations from them already, but that's because they're proactively searching for threats, which is a good thing. For example, I got an escalation from them last week for something that we wouldn't have discovered on our own. It wasn't something that the tool would have generated an alert for either, because it was very similar to what a user would normally do. But they were able to find it because they're looking into all of the addresses that they have. This led to us being able to control incidents that would have happened otherwise.

The XDR service has saved us time, enabling us to work on other tasks. The environment is quite complex, so before we had XDR, we didn't have any tool that considered all possibilities or provided any visibility into our environment. When we first started using the tool, it was new to us, but after a couple of years of using it, we've found that it is a legitimate tool that provides valuable information. Instead of seeing it as adding more work to our workload, we see it as helping us to be more proactive and prevent future incidents. For me, it has been a great help and has added real value to our work.

XDR helped us reduce our time to detect and respond to threats. With a single click, I can isolate a computer from the rest of the compliant environment. I had to do this last week when I had to support two escalated computers. Without XDR, there would be hundreds of things that we would not have seen or known about. But with XDR, we can see everything. And that even includes coverage of devices or computers that are not owned by us, such as those used by vendors. If a vendor brings a malicious device onto the property and downloads something malicious, we can detect it as early as possible.

Trend Micro XDR has helped us reduce the time we spend investigating false positive alerts. I am 100 percent confident that everything that comes out of the platform is legitimate. We had a few false positives when we first started using the solution, but because Trend Micro allows us to whitelist specific items, we were able to build our policy accordingly. Sometimes, there are malicious items that we need to allow because of our environment, such as certain security tools. Trend Micro allows us to build a policy that excludes these items from alerts, so we no longer receive alerts for them.

We use the XDR automation capabilities extensively, including playbook automation for tasks like isolating computers, and API-based automation for most other tasks. For example, we are a member of the retail ISAC information-sharing platform, and we have automated scripts from that platform that pull in all malicious senders, IPs, and domains, and pool them into XDR. XDR then automatically scans all computers to see if any of these malicious entities exist. If they do, XDR generates an alert and allows us to take action, such as removing the file. We generally set XDR to allow only, so that we have visibility into all malicious activity, even if we don't take action on it.

I would like to have the capability to export the information we receive from the XDR into Microsoft Excel.

I have been using Trend Micro XDR for almost four years.

Trend Micro XDR is stable. We have not experienced any stability issues when using the console. 

I do not have access to the backend, so I am not aware of the specific technical details. However, from an end-user perspective, the scalability of the system appears to be excellent.

I reach out to technical support almost every week to address any questions I have. I also have a bi-weekly meeting with their technical team. They guide open tickets and address any concerns we may have. Additionally, we have a monthly meeting with Vision One developers where they discuss upcoming features and seek input. I know exactly who to contact for any assistance I may need. Sometimes, I can simply email them directly instead of opening a ticket. The process is always straightforward and efficient. At times, the prompt responses make me wonder if they are using AI assistance, but I hope that's acceptable. I usually receive a response within a minute or two, which suggests AI involvement. However, the signature at the end of the IT person's email confirms that an actual person is handling my request.

Positive

We had Carbon Black, but we're using it only for application control. With Trend Micro XDR we can detect and respond.

The initial deployment was straightforward. I have extensive experience in deployments across various companies and platforms. However, Trend Micro XDR surpassed all my expectations. We had previously deployed on-premises, and all we had to do was access the designated console and click a button to migrate all on-premises agents to cloud agents. It was incredibly easy. My team of two and I handled the entire process without any involvement from the teams and properties. I right-clicked and moved everything over. A few agents remained unmovable due to their outdated versions, but we successfully migrated close to 99 percent of all agents.

The implementation was completed in-house. Trend Micro provided a document link to help with the deployment.

Trend Micro XDR is reasonably priced for its value, comparable to other products like VMware Carbon Black.

We evaluated an additional option with Carbon Black because we already had that agent in our environment. We also considered Cisco, which has its own XDR platform.

I would rate Trend Micro XDR ten out of ten.

We tried to use the risk index feature, but I didn't have the resources to focus on it at the time. I was more focused on the actual findings that were happening. I have since hired someone who will focus on the risk index, as the primary reason I hired them is to focus on the risk element coming from Vision One, as well as from other third-party intelligence platforms that we work with or have contracts with. Now that I have someone here, we will be focusing on the risk index.

No maintenance is required.

It's a perfect tool for monitoring infrastructure, including endpoints, servers, and potential attacks via networks. That's especially true for internet-visible hosts, which we can monitor directly from the tool.

We had problems with users not using legitimate tools, such as pendrives. We needed to protect hosts from external threats and third-party actors. That included monitoring behavior, scanning our infrastructure, and exploitation of vulnerabilities.

The solution has enabled us to completely reorganize our work. I was the first person using this tool in our company, and I completely changed user behavior to become more restricted. In Poland, but also in the United States, we are very strict about abnormal usage of our tools or attempts to download tools that shouldn't be on desktops, laptops, or servers. From my point of view, we are now a completely different organization than when I joined it. Trend Micro is one of the most important security tools we have implemented.

We don't need to use an external vulnerability scanner because Trend Micro XDR has a module for that, and we can save that money.

Trend Micro's Managed XDR is quite nice because I can manage more than 2,000 endpoints. I use the playbooks with particular scenarios for incident management. It's a very nice tool. It competes with anyone on the market. Sometimes, when we detect some kind of threat and we have no idea how we should investigate, troubleshoot, or mitigate the risk, we use the managed service team with Trend Micro engineers. I'm very happy with this team. They are very good professionals.

We respond much faster thanks to the intelligence used by Trend Micro. They have very good knowledge because they have many threat sources. That is why we are reacting much faster than we would if we had to dig deeper without that knowledge and this tool. It would be absolutely impossible to manage this infrastructure by a single admin or even two security admins. We are able to detect and respond about 80 percent faster. It's not only the monitoring and alerting for classic signature threats; there is also a tool for monitoring user behavior. It would be utterly impossible to find abnormal user behavior without this type of tool.

And we have mitigated most of the false positives—more than 90 percent. About one out of 10 alerts may be a false positive. In the beginning, we had to learn about Trend Micro, what was a legitimate action and what was a suspicious or malicious action. We had to learn what the right approach was.

This product is simple to use. Sometimes, especially when new features come out, I need to spend a little bit of time discovering how they work. But overall, it's simple. The interface is quite nice.

The integration is also nice because there are many external tools that we can connect to the platform, such as configuration management tools. Because the platform is integrated, I can manage almost the whole company across our global organization. I can almost manage the infrastructure alone. We have minimized the need to expand our team.

It also handles vulnerability management.

We use Trend Micro to cover endpoint protection and server protection. That's one of the key points for our company. And Trend Micro Vision One absolutely gives us centralized visibility and management. Especially when we integrate it with Active Directory, we get full visibility of our endpoint and server infrastructure. That is very important; a 10 on a scale of one to 10.

We also use the solution's Executive Dashboards. We present the findings in steering committees periodically. Sometimes, there is a repetitive alert or event. Directly from this dashboard, I can see the groups of this type of event. For me, it's quite a nice tool for presenting the results to the C level and the whole company for those who are not technically experienced.

And especially because of the new European regulation called NIST 2, we are using the solution's Risk Index feature. We calculate our risk score and we can see how it is changing in the timeline. Is it growing? Is there a new vulnerability detected? We can also compare our risk score with organizations of the same size or in the same industry and see if we are better or worse.

The area for improvement is mobile security. We have just finished a proof of concept for Zero Trust Secure Access. We withdrew from this PoC because it does not have that many points for proxy across Europe. Our organization is across Europe, and it will be nice when it is possible to have Trend Micro proxies across many more countries. At this time, they are only located in Germany and the UK. For us, it's not enough. We are waiting for them to increase the points of contact, and after that, we will return to this project. 

From my experience, it was quite a nice tool, and I could manage almost all of the actions that I could not manage in a traditional way. Traditionally, I could allow or block usage of an application. But using the Zero Trust Secure Access tool, I could manage the schema of the usage. I will wait for this tool to change in the next few months.

I have been using Trend Micro XDR for almost 20 months.

It's a stable product. We haven't detected any issues other than the false positives, but that's normal.

We use it in multiple locations because our company is spread across Europe and Asia, as well as the United States and Canada. We have more than 2,000 users, and the solution covers 400 or 500 assets.

If our company were to increase over two to three months to 10,000 users, it would not be a problem. We have the ability to extend as we scale our users. It's very simple and absolutely flexible.

Their technical support is nice. On a scale of one to 10, it's a 10. They respond fast using email, phone, and the customer service portal.

Positive

I used competitors' tools, Secureworks, as well as Carbon Black. These are nice tools, but they are very heavy to implement and heavy on daily operations. Trend Micro is much better, much more flexible, and I have much more visibility. It is a cost- and time-saving tool.

Our deployment is a hybrid. We have advanced our implementation a lot. The first implementation was only one of the features called OfficeScan. That was a few years ago, and the implementation was in the United States. After that, we moved forward with the implementation across servers and endpoints, including Mac and Microsoft endpoints.

The whole project took about three months, with the custom discovery and the fine tuning. We had two people involved, one in Europe and one in the US.

Sometimes, maintenance is required if there is a new feature. It needs to be restarted. But this function is done by Trend Micro engineers because we are using the XDR in the cloud. We don't touch it. There is maintenance on our side for Deep Discovery because that part is an on-prem solution. But it's simple to manage.

They are implementing new tools, like Trend Micro Apex One and DDI. They are ready for implementation on the console, and we are waiting to transition to these tools.

For the new features, I prefer doing a proof of concept, like we did for the Zero Trust Secue Access platform. That was a good move because we saved time when it came to resolving issues on the user side. We had a few users in every department, and we tried to discover what would happen if we implemented this tool. That is my approach to being safe with such products. We can do things without any technical training and can disconnect users around the world using one switch. For new features, I'm a big fan of using a proof of concept.

The reason we invested in Trend Micro XDR was to consolidate security operations and monitoring. On top of that, we invested in their managed detection and response service, which they can provide on top of the ETA service, which makes our lives easier. You can say that with it, we need fewer hands.

We're able to gather a more simple view of what was going on in our infrastructure. Before this solution, we used a SIEM system. Trend Micro XDR made monitoring more simple, and we trusted them as a security partner.

It definitely has improved our visibility of all of our ongoing items in the infrastructure. We can get a good overview of what's going on across our network and what our security looks like.  

Having everything under one management console and having them monitored from one place is the most beneficial.

It saves time and we do not have to invest in a lot of products to meet all of our use case needs.

It's quite simple to monitor everything under one console. It makes life simpler for our operations team. 

We have the solution everywhere, including email, network, endpoints, and cloud. This is important to have this coverage. As a former incident response analyst, having visibility everywhere is really important. Having everything correlated into one place increases visibility.

We have centralized visibility and management across our production layers. They are also improving that from month to month. It's important for us. In security operations, the fewer places you need to go to have a look around, the easier it is. Back in the day, we had to open ten different consoles. Now we just open one. 

The most important thing for us as a customer is that we can spend more time in other places as it's simpler to have that overview. We have much more time for other tasks. 

We use the solution's executive dashboards. We like that we can drill down from the dashboards into XDR detections. It helps the C-suite understand. However, it also helps us drill down by allowing us to choose which views we want. 

We have a trial version of the Risk Index. We have a daily look at it and it gives a nice overview of our vulnerability management and what the attack surface looks like. It helps us prioritize our daily tasks. 

The Managed XDR service was great. It helped quite a lot. We had to get used to working with them and they with us, however, now it's quite an easy task and the advisory and alerts we get from them have been helpful. The availability to work on other tasks has helped us improve in other areas. It's positively affected our business. Having this product means that we are improving in a lot of different areas that we also need to focus on. They can do the monitoring better than we can do it ourselves. We don't have the manpower to do it on our own so it helps a lot to have them help with management.

We use the Attack Surface Risk Management capabilities, which are also in the trial period. It's absolutely helped us to identify blind spots in our environment. It made us realize that, for example, users were using their work email for private services such as Netflix or other services that, if they had a data breach, would be an issue. With this, we can reach out to those users and explain to them how to act on the Internet, not to use your work email for private services, et cetera.

It's helped decrease our time to detect and respond to threats. It's likely 80% faster now. It's also helped us reduce the time we spend investigating false positive alerts. They do a lot of the initial work for us and come back with the actions we need to do on our part (if any). It's helped us reduce false positive investigations by 50%.

We're using some of the automation capabilities of XDR. It's helped us save time. At the moment, it's likely helped us save 20% of the time we'd normally spend on manual processes. 

They should increase their potential for third-party integrations. We'd like to see integrations with other IT security vendors that are not currently there. 

I'd like to see central management of all products.

I've been using the solution since it came out, essentially. I've been working with it for eight or nine years.

The solution is quite stable. 

We don't have branch offices, however we have 2200 clients and 800 servers. 

It is easy to scale if you are a bigger organization. We do plan to scale further in the future. 

We have Service One, which includes three-year support. It is 24/7/365 support and they are quite good. 

Positive

Before Trend Micro, we used Splunk. The use case and monitoring were easier with Trend Micro. We found it easier to fulfill our needs using Trend Micro. 

I was involved in the deployment process. Some of it was quite complex. Unfortunately, we had an on-prem environment that wasn't well taken care of. The migration was hard, however, that was more our fault. It could be easier to migrate, however. 

It took us about nine months to fully deploy. 

We already had some products in the cloud, however, we needed to migrate all of our endpoints. The on-premise agent needed to be placed in the cloud and we had some problems as some clients did not have an opening to the internet, et cera. There was some preparation we needed to do. We needed to do some upgrading before migrating. 

There were two to four people performing the implementation. 

The solution requires maintenance and we have a person that manages that. 

We had help from Trend Micro professional services. 

We have noted an ROI. Having them monitor our IT solutions allowed us to have fewer people on the team. It's saved us in man hours. 

The solution is affordable. You do need to pay additional fees for some of the functionalities.

We also evaluated Microsoft's solutions. 

I'm a customer and end-user.

We realized the benefits of the solution pretty fast - within a couple of weeks. We knew the benefits beforehand which is why we chose Trend Micro. The possibility of having the solution monitored by the vendor itself was quite helpful. 

I'd rate the solution nine out of ten. 

I would advise others to prepare your needs beforehand. If you know those, you will know Trend Micros is the right fit for you. It's great. If there's a problem with central management or monitoring, Trend Micros is quite useful. 

We had a SIEM in place, but we wanted to do some behavioral analysis of the files that are getting deployed. We wanted to check to ensure that it was nothing with the external registration side. We needed an EDR solution for checking and monitoring everything deployed on this target machine or our host machine site. It will check and detect if any malicious files are there or not. We are getting alerts related to that kind of thing. So we used to check those alerts on the XDR, and we used to, like, do the incident and response to that kind of thing there.

If you have a SIEM in place, you will only get the network logs. XDR gives you more control over what files are getting deployed, how they are being executed, and how they can potentially harm your system. XDR doesn't work like a normal antivirus solution, which uses signatures to detect and block threats. XDR detects based on behavioral analysis and blocks most things.

It reduces the investigation time because it gives you everything, including how the file was executed, which processes it called, the file name, the stemming, and the time. When we have the endpoint name, we can reach out directly to the endpoint owners and communicate with them regarding those alerts.

I like XDR's workbench feature and observed attack technique. It generates an alert once certain conditions are met. For example, let's say there's a threat called malicious.exe being deployed on your system. It will generate an alert with information like the file path, location, hash, etc. You also see a relational matrix showing how that file was executed and which processes were installed.

It's a SaaS solution that covers endpoints, email, and cloud. We have agents installed wherever data is being pushed, so it used to give us a payload. Cloud functionality is one of the most critical things because we don't generally have visibility for cloud applications. Once we install the agents, we gain visibility into all the things integrated on the cloud or any SSH attempts.

XDR offers visibility across layers. This is critical when you want to implement some policies and apply exclusions for particular parts of the system that should not get scanned. It's easy to implement those things. Let's say you want to deploy policies for multiple systems. Using Apex Central, you can directly push the policy to various systems and cover the logs of several systems at a time. 

Sometimes, there are some false positives. For example, once a user had a file in their system named recovery.txt. The solution was flagging that as a ransom note, so we were confused. It isn't that serious, but it should be improved. 

Also, XDR should improve its coverage of the latest IOCs. Their suspicious object management works, but the coverage should be improved. It will take one or two months to get those things covered. XDR will detect on a behavioral basis, but these databases will not get updated daily like some other solutions. If you're dealing with new ransomware or malware, it may take around a month before it's covered by Trend Micro. 

I have used XDR for two years.

Trend Micro XDR is stable. We've never had downtime. 

Trend Micro XDR is scalable if you can pay more for licenses. 

I rate Trend Micro support seven out of 10. Their technical support is good. They reply regarding your cases. However, if you don't reply to them properly, they may close your case if you are not reviewing that kind of thing. 

Neutral

 I previously used Crowdstrike, which is an MDR, so it was totally managed by the Crowdstrike team. They were monitoring every alert that was generated, so it's hard to compare it to Trend Micro XDR. It was somewhat similar, but CrowdStrike is more proactive than Trend Micro, and it has greater coverage of IOCs. I have also used SentinelOne.

It's a SaaS solution deployed across multiple locations covering 20,000 endpoints. It doesn't require any maintenance aside from updates. 

I rate Trend Micro XDR seven out of 10. If you plan to implement XDR you should be aware of the IOC coverage and follow up with the Trend Micro team. Most things are covered, but it takes time to add and deploy all that stuff.