Trend Vision One use cases are mostly related to endpoints, such as detecting registry modifications or new software being added, as well as monitoring for malicious activities including PowerShell scripts, double extension files, ransomware, and crypto miners. Since I work for the financial sector, it is crucial to ensure there are no remote software programs running, especially regarding banking security.

Trend Vision One has two types of alerts that help reduce the time to detect and respond to threats. The first is based on alerts and workbench ID, while the second is host-based detections, allowing me to see all different threats on particular endpoints over a selected time frame. I can check for various endpoints affected by different alerts and customize this for specific time frames. Monitoring critical assets, threat hunting, and running queries are feasible tasks, providing a comprehensive overview of endpoint security and the ability to remove malicious files quickly.

One of the best features of Trend Vision One is its ability to let me remediate endpoints without disturbing branch users, as long as the endpoint is online and connected. I can delete files or take control through the console by informing the bank's security team to get approval. Another great feature is viewing alerts, segregating them by type and host, which makes it easier to fine-tune security and monitor critical resources. Additionally, the ability to create reference sets for known malicious hashes enhances detection capabilities across endpoints.

Trend Vision One saves resources and time. It provides better visibility of endpoints compared to other security management tools, which makes it invaluable. For smaller organizations that may not afford multiple tools, an XDR solution can handle their security needs effectively.

Trend Vision One allows mitigation of threats without interrupting branch users' regular work, which is its unique selling point.

The area for improvement is to provide more clarity on the query part, including examples for creating reference sets and documenting capabilities thoroughly so future users can benefit without needing to experiment.

Documenting the capabilities of endpoint consoles would also be beneficial for new users understanding what can be done effectively.

I initially used the first EDR approximately two years ago, and now I have been using Trend Vision One for eight to nine months.

The stability of Trend Vision One is good; I would rate it an eight.

I would rate the scalability at eight and a half.

I have not worked with technical support yet, so I cannot rate it.

I have not worked with other solutions yet, so I can only speak to my experience with Trend Vision One XDR, which I find to be good for handling threats across endpoints.

I am not aware of the deployment process since I have not been involved with it.

Only a few of us are using the solution currently—my manager and I. Due to my background in threat hunting, I have admin access to monitor various alerts and create reference sets for potential threats effectively.

Only three or four users have access to Trend Vision One, including my manager and me from the vendor side, and two from the bank end.

I am a vendor hired for SOC security and threat hunting, working for IBM clients.

I cannot estimate the return on investment accurately, as I do not have insight into the financials. However, I can say that the tool is good, particularly the basic subscription which provides me with necessary tools and knowledge to protect security.

I do not have any information regarding the pricing, so I cannot comment on that.

Every organization typically installs antivirus agents on their endpoints and servers.

My false positives have decreased, but reducing them requires thorough investigation. For example, each endpoint has its own scanning device, such as Windows Defender.

Apex Central is attempting to stop the services of Windows Defender, leading to alerts when malicious behavior is detected. Through thorough investigation, I have identified that while Apex Central might not directly stop processes, it does so using CMDlets. Hence, I decided to whitelist that.

Trend Vision One reduces endpoint risk by approximately 60 to 70 percent; the remaining 30 percent can be due to other factors such as phishing and web interactions.

For small organizations, implementing Trend Vision One is a wise choice because it delivers great visibility and clarity on endpoint threats, enabling effective monitoring and quarantining regardless of the environment.

Trend Vision One sensors are being used on the endpoints.

I do not know if Cyber Risk Exposure Management comes under the basic subscription, as I mostly focus on threat hunting and do not recall using it.

If the suggested improvements are implemented, it will be even more flexible and feasible.

I give this review an overall rating of 9 out of 10, and I definitely recommend Trend Vision One to other users because it provides solid security for endpoint protection.

I have experience with Trend Vision One, specifically using endpoint security, email security, and all of the modules that are used most commonly.

We mostly install Trend Vision One endpoint security in all client organizations, configure everything covering endpoints, servers, emails, and then work on the alerts for them as the need arises.

We are using the sensors that are included in Trend Vision One.

Trend Vision One has helped me to consolidate my use of security vendors quite a lot. Many of my clients were using different brands of antivirus for the server security and endpoint security, and another product for email security. Because of Trend Vision One, they were able to combine all of them in the same console. This reduced a lot of siloed tools.

I am quite impressed by the speed with which the server policy gets deployed. While the endpoint policy takes about 15 minutes to get assigned to the system, server policy is quite quick in that regard.

The coverage of these sensors is quite vast. When compared to other antiviruses, we found that Trend Vision One does cover quite a lot of ground.

The endpoint security policy for standard endpoints with Trend Vision One takes a lot of time. It would be beneficial if there were DLP features in it, as many customers require that. While Trend Vision One's full suite is quite impressive, customers have to find another product for DLP and file monitoring. Trend Vision One does have a not fully-fledged DLP in the endpoint security part, and it sometimes hangs up the PC when we apply it.

The alerts could be better because when an alert comes for an email that has been compromised and found on the dark web, we cannot quite find where it got compromised from.

The network part is something that needs to be worked on because most of the time we have to look at the firewall to get the full scenario or coverage.

We have found a lot of performance issues with Trend Vision One agents. They are not lightweight. The first time I used Trend Vision One, the agent was 500 MB. Now that I am using them, the initial size is 800 MB. Sometimes the CPU utilization is so high that the computer crashes or lags behind. This is a really big concern for everyone using Trend Vision One.

Trend Vision One is quite a good tool because there are not any issues in scalability. We can easily add more licenses to it and increase our organization security. Scalability-wise, it is good.

I have contacted the technical support or customer support of Trend Vision One quite a lot.

The engineers are quite helpful when they respond, but I have found that sometimes the assigned engineer responds to the first query a bit too late. I can see in the portal that the engineer has been assigned to my case, but we have to prompt them to give us a reply because nobody is answering. We have to call Trend Vision One support sometimes. Once we start the case, the responses are quite helpful, though we have had to escalate some of the cases quite a lot when customers need it.

I have not basically used any alternatives to Trend Vision One. I have tried CrowdStrike and Symantec. Symantec is so far out of Trend Vision One's reach and CrowdStrike, I have not used it much, but it is a bit harder to configure than Trend Vision One. I find Trend Vision One's UI much easier.

The initial deployment of Trend Vision One is quite easy since it is basically a cloud-based app, and you just have to deploy the agent.

If integrating AD with Trend Vision One, I am sure only one person would be needed. If you have to deploy and install the agents directly into the systems, at least four to five people are needed if the size of the organization is for 1,000 to 2,000 employees.

It would take one or two months to deploy Trend Vision One for a client, but mostly because sometimes things get delayed on the client side.

No maintenance is required on our side for Trend Vision One.

I am not into sales, but we have lost a few customers because of the pricing of Trend Vision One. They seem to gravitate to Symantec and others because their pricing range is quite less than Trend Vision One, and we have lost them because of that.

My review rating for Trend Vision One is 9 out of 10.

My use case is to monitor my entire infrastructure, investigate the latest vulnerabilities, identify loopholes, and monitor live threat detections to mitigate these threats.

Trend Vision One's best features are the ESRM and its email gateways, along with its playbooks, which are useful for testing any threat or vulnerability.

It helps in identifying blind spots by providing comprehensive knowledge about risk assessment and a method to compare our organization with others, allowing us to understand our current stage in cybersecurity.

Trend Vision One needs to work on its logging system as the logging systems are very complex, and they need to reform their logs in a more informative way.

I have been using Trend Vision One for the last three years.

I would rate the stability an eight.

I would rate the scalability a nine.

Their response rate is approximately 80 to 90%, and they mitigate the issue.

I would rate the technical support a nine.

I compare Trend Vision One with Trellix and Kaspersky, and compared to both of these, Trend Vision One is very useful with one-window operation and is a market-gaining product.

The deployment is easy and very moderate, taking approximately one month.

It was a partner purchase.

The ROI is positive, and I see a reduction of 100%.

Trend Vision One is not so expensive; it is very moderate.

Trend Vision One is very effective and very market competitive, which is why we are using it.

I will definitely recommend this product because of its deep knowledge and deep features, such as ESRM, playbooks, and other email gateways.

We have approximately 50 users.

I do use Trend Vision One sensors, and they totally cover our network as we are using network sensors and service gateways to scan the whole network and gather information about our loopholes, mitigations, and vulnerabilities with respect to the latest CVEs.

I give this product a rating of 9.

I work on Trend Vision One endpoint security in the XDR part. I have been working with Trend Vision One for approximately two years. We manage multiple endpoints, approximately 3,000 endpoints. We collect telemetric data from there and check all the servers in our inventory, whether they are online or offline. We troubleshoot whether there is unusual activity happening on the endpoint. Trend Vision One generates alerts for any suspicious activity, and then we mitigate accordingly. We are using Trend Vision One's sensors on endpoints and servers.

The versatility of Trend Vision One is what I like the most; we have a lot of options. The segregation is best, with endpoints divided into separate parts and servers into different parts. The policies are well-figured and well-maintained. We have the threat hunting part, the mitigation part, and the sandboxing capabilities. The areas to explore in Trend Vision One are fabulous. We can divide the endpoint on our own, and the server part is also great. It is very user-friendly, and we can segregate it on our basis. We can generate alerts on the basis of what we want. We have the option of playbooks, which makes it a more user-friendly and understandable environment that gives us exactly what we want.

Trend Vision One is very critical for us because we do not use an EDR tool; we use an XDR tool only, and we have integrated it with the SIM solution. If we did not have Trend Vision One, we would not be receiving the traffic or SIM data, and if there is any individual traffic or any individual behavior in the network, we would not be able to recognize it without it.

The biggest challenge is that users take care of their laptops approximately 80% of the time, but when there is an outbound connection, the user is not able to do anything. The user does not understand if he gets redirected from a legitimate site to another site through backtracking. At that time, the user is not itself involved in this, but Trend Vision One blocks the site on its own. It blocks the traffic on its own, which is the greatest thing and the live working thing with Trend Vision One that helps us.

We have the Cyber Risk Exposure Management capabilities in Trend Vision One. It shows us how much risk is in our environment based on the data it takes from the endpoints and the environment. We check that on a regular basis and develop a report every day on the basis of that. It is very great and gives us much more visualization. We do not need to go anywhere; we just need to open that and check where it is happening, and it gives us the best results.

In exposure management, we have multiple parts covering spyware and malware. Approximately six or seven months ago, one of the users was trying to access a website and it was getting linked to another website which was carrying grayware, which is a kind of spyware. Usually, the EDR solution does not track that because it is a web traffic issue, and EDR solutions are not able to track spyware much because it is only a bit suspicious without anything malicious in it. However, in the exposure management part, we received an alert of unusual traffic. We checked the telemetric data and all other things through our VTA and other tools. We did not find much that was malicious, but Trend Vision One was generating an alert again and again. We deep-dived into it and found that the website itself was not malicious, but it was carrying some spyware and was redirecting to something different. That was the best experience I had from the past two years.

When we started to use the product, the policies were not fitted properly. At that time, we used to receive a lot of false positive alerts. After doing some fine-tuning and adjusting some playbooks, the noise has been reduced to 80 to 90 percent. A lot of data has started coming in, and the data we get now is mostly true positive. We get to segregate it easily because the noise is reduced.

The AI of Trend Micro is really very good. If we are getting an alert and analyzing it, people sometimes ask to charge ChatGPT, but that is not good because that data is going to ChatGPT and that is not safe either. If we are asking the AI model of Trend Micro only, that is the best thing because our data is not going to anyone external, and Trend Micro already has that data. At that time, the threat gets less. However, the area where it should improve is that it gets stuck. It does not have that much amount of data. It does not understand easily, and we have to explain it more. I suggest that you make sure to train that model a bit more.

Apart from that, the rest of the things are really very fine. Only the AI part needs to be learned more. The AI should be given more data and should be made to understand more how to work. The rest of things are great, really great.

I have been working with Trend Vision One for approximately two years.

On Diwali, I do not remember the exact date, but it may have coincided with the AWS outage. We were not able to log into Trend Vision One due to a problem in the back end, which I believe was due to the AWS outage. We were not able to log in for approximately an hour or two. At that time, it caused us a lot of crisis because anything could have happened at that time. Fortunately, everything was on its case after we logged in. No attack happened during that one to two hours, and everything was fixed.

I found Trend Vision One to be very scalable because it is adaptive in nature. It takes care of vulnerabilities on its own. Its core services and AI-driven capabilities are also good. It has threat management on its own, and its effectiveness is also good; it is efficient.

I would rate customer service as 4 out of 10.

The setup process of Trend Vision One is pretty quite easy. We set up a path and keep the sensor there and then run it as an illustrator and perform some basic steps. We check the telnet of the URL and ping the IPs. If everything is working fine, then the connectivity is perfect and we are good to go.

I work in the Cybersecurity department. We do the deployment and take care of the security part end-to-end. I have not personally done the implementation myself, but I have done this work and I have knowledge about this all.

I have used Centra one, which is a very small product compared to Trend Vision One. Trend Vision One has many things in it and takes care of many servers. In Centra one, we have global sites and endpoints, but all the policies are at one place with all the endpoints and servers at one place, which is a bit of a hurdle when we take care of compliance. In Trend Vision One, we have that at different places, which makes it help us a lot. Centra one is an EDR solution that takes care of endpoints only and does not take care of the network. Trend Vision One takes care of the network also. If we have ten laptops in the environment and only eight of them are integrated with the XDR, then the remaining two will sometimes generate an alert on the basis of network. In EDR, if the eight endpoints are integrated, we will get the data of those eight only. That is the plus point here. If there is anything in the network, we will get to know. I also use other India solutions like Sentinel One and CrowdStrike.

I gave my highest consideration to Trend Vision One based on its integration and its user-friendly nature. Everything is segregated properly. The servers we get on the different part, and the endpoints we get on the different part. The alerts for the servers we get on the different part and for the endpoints we get on the different part. One more thing that is great is the workbench part. We have OAT, we have EPR, we have other things, but the best thing about it is its workbench. If we get an alert anywhere in the EDR XDR part and if that is much critical and it is getting an alert again and again, then Trend Vision One on its own generates its workbench. What makes it easy is the check that this one is more critical, and we should go and check this one first and then move to another part. It helps us to reduce the time to check which one we should go first and which we should check second. As an incident responder, it is very good to segregate the criticality of the function. If Trend Vision One gives that on its own, it becomes really very helpful.

We do face vulnerabilities. I know of Zbot, which is one vulnerability. We were getting an OAT alert over that vulnerability, and we were getting many more alerts also. We got approximately 40 to 50 alerts in an hour. For an incident responder, it becomes hard to decide which one to pick first and which one to resolve first. The workbench came here and analyzed all of the data and generated one workbench indicating that we should first go for this host and check the details here because it is more crucial than the other one. Security is never complete, so we can go for the more critical one which will be affecting the business more, and then we should resolve that first and then move to the other part. That is the best thing ever.

Whenever Trend Vision One gets connected to any malicious IPs or URLs or anything, it blocks it first and then generates the alert. If it is not blocked, it generates the alert, and then we analyze the telemetric data and find the URL and IPs from it. We then make sure to block it from our end, not from the XDR only, but from the SIM and other firewalls and all the tools. We do threat hunting from it. We check the telemetric data on a regular basis and find some URLs and IPs, and then we block it from the firewall and our SIM, EDR, XDR, and another tool. What happens from it is we know that this IP is malicious. We get the advisory, we block it from our side, and we give these IPs and URLs to another security tool so they block it. In the future, if a user clicks that malicious IP or visits those malicious links, Trend Vision One will block it on its own.

I would also like to mention that we do isolate the machines from the back end when they are not compliant or when the version is older. After isolation, the network gets completely isolated, the user tends to work faster, and our compliance gets maintained much more easily. The data encryption and access controls across the isolated system for the non-compliance does not get much of the risk, and our data also gets out of the control. The inconsistency of security comes into the point, and then our compliance gets maintained properly, and it is all because of the silo performance. I know that Trend Micro works for the hybrid environment, but right now we do not use that. We have on-premises for all the things. We are thinking to shift over the cloud, but right now we have not shifted.

One thing I would like to suggest is the user login and log out time. If we have ten users integrated with the XDR solution, it should show us when the user was last logged in and when it was logged out. That time should reflect over the console. The blocking capability works most of the time, but it does not work every time, which is a bit problematic.

I rate this product 9 out of 10.

Trend Vision One provides a platform where everything is consolidated. I started with the proxy and then moved on to the XDR, which Trend Vision One provided. We collaborated with them, had POCs for the customer, and they liked it, going ahead with it. The main scenario was to integrate with the cloud security platform since the customer had a hybrid platform and needed one-point access to view the whole infrastructure in one place rather than having different solutions for each cloud and device.

The best feature of Trend Vision One that I like the most is the investigation graph, which was the main point demonstrated during the POC. If an attack happens and data is exfiltrated or an attacker finds a backdoor into the system, I need a graph of it rather than going to third-party sources. Trend Vision One XDR provides this graph, which helps visualize and make RCA and incident understanding easier, especially when presenting the findings to management.

Trend Vision One has greatly reduced my time to detect and respond to threats. After the implementation, I see how it integrates with the SOC team, and the XDR is so consolidated, making it easier for the SOC team to analyze tickets since it does not export logs from different components. The logs from Trend Vision One are easy to understand, which has helped me reduce false positives and determine whether they are true or not without checking each system individually, which made my job much easier.

The ability of Trend Vision One to provide centralized visibility and management across various protection layers is the best part for me. Many may not appreciate everything under one roof because it creates confusion, but once you get familiar with the dashboard, it becomes easy to navigate. However, it can create confusion because everything is under one roof, showcasing both pros and cons.

Aside from the investigation graph, I find that sometimes when we collect data, the UI seems a bit laggish and is not that interactive during that process. When we extract logs, it can be a bit slow, but everything else is acceptable.

The UI does lag a bit.

The implementation of Trend Vision One was not easy; it is not a one-click process. I prefer it for larger organizations that can allocate team resources because the implementation can be complex. Resource utilization is quite high, and there is a scarcity of resources focused on Trend Vision One. The availability of troubleshooting guides is not as high as with some other vendors, creating some difficulties, but it is manageable because their support is good. When I open a ticket, they respond quickly.

I have been using Trend Vision One for two years in my previous organization, and right now, I am implementing it as a system integrator at our customer location.

Stability-wise, I feel there are times when it is not a stable solution, but I also had another client where it worked smoothly, and I did not have to revisit it often. However, in hybrid setups, I do face multiple issues, but the on-premises platform works quite well.

Trend Vision One is scalable. We have deployed it for the maximum users, around two hundred to two hundred fifty, and it handles that well.

For Trend Vision One's technical support, I would rate it around seven point five to eight, so let us give it an eight.

I have worked with SentinelOne and multiple other solutions, and from a user experience perspective, I find SentinelOne to be more convenient compared to Trend Vision One. However, for consolidation, the fact that I can find everything under one roof is a plus for Trend Vision One, despite my preference for ease of user experience in other products such as SentinelOne.

The implementation of Trend Vision One was not easy; it is not a one-click process. I prefer it for larger organizations that can allocate team resources because the implementation can be complex.

In my organization, there are only four Trend Vision One specialists, including me.

I would estimate that overall, I have seen approximately a twenty percent return on investment.

I would not say Trend Vision One is cheap; I always recommend it for mid-size to large-sized enterprises, not for SMBs, as I have other solutions suited for them. I have never pitched Trend Vision One to SMBs because I believe it fits mid-sized to large-sized businesses better.

I have worked with SentinelOne and multiple other solutions, and from a user experience perspective, I find SentinelOne to be more convenient compared to Trend Vision One.

I actually believe that it has reduced false positives by more than fifteen to twenty percent.

The switch to Trend Vision One did reduce risks significantly. Deploying XDR created a spiderweb effect, monitoring every endpoint and node, which mitigated many attacks and helped prevent some.

The built-in AI is important, and I am currently working on certifications from Trend Vision One to better pitch it to AI development companies to demonstrate its benefits. I need hands-on experience with it before I pitch to those companies.

Overall, from implementation to operations, I would rate it a seven.

I do recommend this product; it depends on the case-to-case scenario. If a customer wants everything in a single platform, I recommend Trend Vision One without hesitation. Its good support and lack of major issues influence my decision to pitch it to customers looking for a consolidated platform. My overall review rating for Trend Vision One is seven.

My use case for Trend Vision One is in a SOC, specifically for Security Operation Monitoring. I am a SOC analyst responsible for over 200 clients. Trend Vision One works effectively for us because it alerts us when suspicious activities occur, such as ransomware attacks. For example, if a possible spear-phishing attack happens where a phishing email comes into our organization, Trend Vision One monitors it as a SIEM tool. It captures logs from servers, desktops, and users, generating alerts for suspicious activities. If a malicious phishing email arrives, we investigate where it originated, such as if it came from external sources in London or Germany. We contact our clients to determine if they have any relationships with those regions, and if not, we block the malicious phishing email.

Trend Vision One is deployed on-premises and also in the cloud, depending on what clients prefer. Some clients use cloud workload security while others rely on on-premises setups. With more than 200 clients, I log into each client's Trend Vision One setup based on their environment.

The best features of Trend Vision One include its ability to provide virtual patching. Virtual patching protects an organization's systems. For instance, if a hacker attempts a ransomware attack, Trend Vision One detects vulnerabilities in the system, such as outdated Windows 10 versions. If ransomware is launched, Trend Vision One informs the hacker that the system is already patched, preventing the attack. Additionally, it alerts developers to update any outdated applications or network settings.

The time to detect and respond to threats has been reduced significantly. For each alert, I typically need 30 minutes or even 15 minutes to investigate, prepare a report, and send it to clients, especially for high-priority cases. We categorize alerts into P1, P2, P3, and P4, where P1 is critical, and we prioritize those. We focus on critical alerts and can report back within 30 to 15 minutes. Overall, we have managed to reduce our resolution time by approximately 99% due to our multiple teams working 24/7.

We need to improve the reports generated in Trend Vision One. Currently, we prepare our own reports after alerts are triggered, which is time-consuming. It would be beneficial if Trend Vision One offered automated reports summarizing alerts over a specified period, such as one month, which would simplify reporting to clients.

I have been using Trend Vision One for approximately two years, and I have experience working with Trend Vision One.

Trend Vision One has a stability rating of ten out of ten.

I find the scalability of Trend Vision One to be ten out of ten. As a partner, Trend Micro provides educational resources that allow users to learn through various templates and videos available on their portal.

I rate the technical support from Trend Micro as a nine out of ten.

The initial setup process for Trend Vision One typically takes about two to three days but can vary. It depends on the client's infrastructure and whether they require support from their network team or need cloud integration. Smaller organizations might complete deployment in one or two days, while larger organizations could take about 10 to 15 days.

Trend Vision One is expensive. While it provides extensive services for clients, including integration capabilities, the overall cost is high. It is an XDR, and while some other products such as Trend Micro Deep Security and Apex Central are somewhat cheaper, the comprehensive nature of Trend Vision One contributes to its higher pricing.

Compared to other products in the market such as CrowdStrike or Azure Sentinel, Trend Vision One excels. While Azure Sentinel relies on complex KQL for deeper analysis, Trend Vision One provides accessible insights for both junior and experienced analysts, making it comprehensible even to those new to cybersecurity.

The false positives have been reduced by about 60 to 70%. Many clients experience low-category alerts. For instance, if someone such as Olga logs into her laptop and enters the wrong password multiple times, Trend Vision One triggers an alert for suspicious login attempts. We hold all related logs and investigate but often find these to be legitimate activities, which we confirm before closing them as false positives.

The ease of use is quite significant. Trend Vision One simplifies processes for junior analysts, offering clear diagrams of data analysis and providing sandbox analysis. It features a user-friendly design that aids learning for those less familiar with cybersecurity.

There are about 200 clients, and 30 employees monitor Trend Vision One. We maintain a 24/7 operation, with eight people scheduled for morning, afternoon, and night shifts.

Trend Vision One sensors are not critical but are quite easy to use. The sensors collect logs from desktops, laptops, servers, and cloud services, storing them in an encrypted database, making the gathering of data seamless.

I am a partner with Trend Micro and utilize their partner portal. Trend Vision One was purchased through Trend Micro's website and partner portal. If a client intends to create a SOC environment or work with many clients, they can consult with Trend Micro's team to establish a proper SOC setup to serve their clients effectively.

My overall rating for this review is 9.5 out of 10.