We use Vision One XDR to provide managed security services to our clients by correlating logs from various Trend Micro products like Apex One, Cloud One, and Deep Security. Vision One acts as a central monitoring platform, providing a single pane of glass view of our clients' security posture. This simplifies monitoring and allows us to easily create playbooks and analyze alerts. While our EDR solutions, Apex One, Cloud One, and Deep Security provide robust security features like anti-malware, web reputation, and intrusion prevention, Vision One enhances this by correlating logs and leveraging threat intelligence to identify incidents missed by these individual products. Essentially, Vision One functions like a level three SOC analyst, providing an additional layer of protection and ensuring comprehensive security coverage.

Trend Vision One's centralized visibility and management are crucial for our managed security services because they reduce the overhead required for monitoring. As an XDR solution, it performs many of the tasks an analyst would typically handle, streamlining our workflow and allowing us to focus on in-depth analysis when needed. This reduction in workload is a significant benefit, enabling us to efficiently provide comprehensive security services to our clients.

The executive dashboard is a valuable tool for analyzing the threat level of specific assets, particularly for generating end-of-month reports that detail threat and alert volumes, and highlight high-security risks. This comprehensive analysis helps customers understand their security posture and take appropriate action to strengthen their defenses. However, it's important to note that the dashboard's usefulness may vary depending on the individual customer's needs and priorities.

The risk index is a useful tool that provides benefits, but its value depends on the specific needs of the customer. Some customers may utilize the risk index to identify assets with high-security risks, allowing them to address vulnerabilities and implement necessary patching. However, other customers may rely on alternative sources for vulnerability visibility and, therefore, may not prioritize the risk index. While not always a primary focus, the risk index remains a valuable resource.

Trend Vision One provides immediate benefits upon deployment. Its built-in XDR, which includes EDR functionality and integrates with existing security models like Apex One, Cloud One, or Workload Security, allows for seamless provisioning of endpoints and workloads. Rigorous testing confirms that Vision One effectively identifies and correlates alerts, including those missed by other EDR solutions. This enhanced detection capability is evident during post-deployment testing, as Vision One Workbench alerts are generated immediately.

We use Trend Vision One to consolidate security across hybrid environments.

We use attack surface risk management and often customize it in our reports to meet client needs. This service helps identify vulnerabilities and blind spots in their environments. For instance, we assisted a customer experiencing recurring attacks due to unknown vulnerabilities. Our attack surface management analysis provided the data to identify and patch these critical vulnerabilities, ultimately enhancing their security posture.

Vision One XDR significantly reduces threat detection and response time by automating the analysis typically done by a level two or three analyst. It provides a comprehensive view of the environment, incorporating behavioral analysis and intelligence sources to quickly identify unusual activity. This eliminates the need for manual investigation of logs and data, allowing analysts to focus on addressing actual threats. The XDR's automated workbench triggers alerts with a high degree of accuracy, minimizing false positives and further streamlining the security process.

We use security playbooks for certain low-level security alerts because many of these alerts, despite the large volume of data they represent, do not require significant time or attention. Playbooks are particularly useful in these situations as they automate the process of blocking the source or IP address associated with the alert.

Vision One offers several features I value. 

The threat intelligence sources enable it to automatically block domains known for command-and-control callbacks, effectively preventing attacks from those sources. 

Additionally, the security playbooks provide templates to block URLs or scripts, enhancing endpoint protection. 

Finally, the console allows for remote connection to endpoints, enabling direct investigation and remediation within the customer's environment. This flexibility and comprehensive functionality make Vision One a valuable tool.

Trend Micro is making many improvements, including addressing some of our feature requests. However, their reporting functionality needs improvement. The reports lack detail and customization options, particularly for XDR, which hinders our ability to provide tailored reports to clients. For example, we cannot generate reports on threat intelligence data from XDR, making it difficult to assess the protection received from external sources. This limitation also prevents clients from seeing the total value of XDR, including external factors contributing to their security posture. Threat intelligence is crucial, and clients want to understand its impact. Therefore, enhancing report customization, especially for XDR, would be a significant improvement.

I have been using Trend Vision One XDR for one and a half years.

Lagging does happen in Trend Vision One but it is infrequent and does not significantly disrupt operations. This is typical for many SaaS platforms and not a major issue.

Trend Vision One is scalable, allowing for flexibility from four licenses to a hundred or more, depending on how much or how fast scaling is needed.

The experience with customer service can vary depending on the case. Simple issues might involve referring to KB articles for resolution, while more complex issues might need backend support, which can take time. Overall, my experience has been positive.

Neutral

Trend Vision One is easy to set up and can potentially be handled by one person. However, teamwork is preferred to ensure accuracy, catch potential errors, and maintain a high standard of service.

Trend Micro's licensing is outsourced to third-party vendors, resulting in price variations depending on the vendor. Since Trend Micro doesn't directly handle pricing, I cannot provide specific cost details.

Trend Vision One XDR is an excellent security product that deserves a ten out of ten rating. It's surprising that more companies haven't adopted XDR, given its advantages over traditional SIEM solutions. XDR automates tasks like configuration, signature creation, and rule implementation, significantly reducing the manual workload required with SIEM. While I expect a shift towards XDR, many companies still rely on SIEM, which seems inefficient in comparison.

I use the solution primarily for EDR. The top challenges in our industry are the accuracy of the detections and the visibility of alerts and events.

We are accessing it via the cloud, and we are monitoring the endpoints and cloud servers. 

Vision One provides centralized visibility and management across protection layers, which is critical for tracking threats, viewing vulnerable assets, and understanding the overall security posture of the organization.

Vision One helps me a lot when it comes to reporting. The reports are very detailed and informative. There are recommendations and analyses of how to mitigate threats. We have comprehensive visibility.

The executive dashboards are very helpful for us in assessing our security posture. We can see what needs to be prioritized and mitigated first.

The risk index feature helps us make security improvements and implement security policies. It helps to have robust security.

Vision One helps to harden security controls and policy implementations.

Vision One improves our organization's security posture by allowing us to apply more robust security controls, implement security policies, and improve the security culture. The centralized visibility enables more efficient security operations.

Vision One makes it convenient to assess and mitigate or block threats across the organization. The XDR is collecting data from more than one client or company and correlating it. The XDR detects the loopholes or vulnerabilities of the system. It uses MITRE ATT&CK techniques to identify and respond to cyber threats or vulnerabilities.

Vision One improves our security posture because we can patch any vulnerable machines that are prone to risks and attacks.

Vision One has decreased our time to detect and respond to threats by 50%.

We use automation capabilities, especially when there is a breach or a risk activity with the user or the endpoint. It helps us by isolating devices automatically. This automation saves us about 20% of the time.

I love everything about the solution, especially the XDR features, the attack surface management, and the workbench alerts. It oversees vulnerabilities among the system and devices, prioritizing areas that need patching.

When I started working with it, I knew nothing about this solution. I found it very user-friendly and easy to understand.

There are limitations in terms of threat response actions. 

I have been using Vision One since December 2022. It has been about two years.

There are some errors with the solution. I would rate the stability a seven out of ten.

It is scalable. I would rate the scalability of the solution as eight out of ten.

We have clients of various sizes. Our clients are small, medium, and large organizations.

The customer service or technology is responsive, but they take a minimum of one day, and up to three days, which is too long.

Positive

I previously used Azure Sentinel. Vision One is an advanced solution compared to Azure Sentinel. I prefer Vision One because of the convenience and easy correlation.

The initial setup is complex due to the various cloud resources that we have. We have workstations, servers, etc. Its implementation can be simplified.

It did not take us very long. We migrated from Apex One to Vision One. It did not take long.

It provides returns on investment by saving about 50% of time, money, and resources.

I find it to be a cost-efficient platform.

I would recommend this solution. It helps a lot when it comes to security. It covers endpoint security, email security, web security, and data leak prevention. It has everything.

I would rate Vision One a nine out of ten.

Our primary use case is protecting our environment from malicious threats with antivirus protection. Additionally, we utilize Trend Vision One for its integrated solution, providing comprehensive visibility across the entire environment.

The organization implemented Trend Vision One to support best practices.

Trend Vision One is essential to our organization because it provides comprehensive security coverage across our entire environment, including email, network, and endpoints.

Trend Vision One offers centralized visibility and management across all protection layers, which is crucial for comprehensive environmental protection. This holistic approach empowers the SOC team to perform their duties effectively.

The executive dashboard is handy.

The risk index feature helps us identify issues and where to improve our environment.

The solution has improved our quality by enhancing the visibility into our estate and our ability to manage risk.

The consolidated security features of Trend Vision One improved the efficiency of our SecOps team by simplifying their workflows.

Improved asset visibility and enhanced risk management capabilities have raised our overall quality.

Trend Vision One offers centralized visibility and management across all protection layers, providing a holistic view of our environment and enhancing visibility across the entire infrastructure.

Trend Vision One would be enhanced by incorporating an SIEM solution as a built-in feature. This integration would streamline functionality and eliminate the need for us to acquire and manage separate SIEM solutions.

I have used Trend Vision One for over ten years.

Trend Vision One's stability is rated a six out of ten due to compatibility issues with other solutions and endpoint security interference.

The solution is scalable and there have been no issues with scalability.

I would rate Trend Micro's customer service an eight out of ten. While I experienced some minor issues, these are common with any technical solution.

Positive

We have not really seen a return on investment from this solution.

While the pricing and licensing for Trend Vision One are generally acceptable, the need to purchase additional features separately adds complexity. A single, comprehensive price for the entire solution is not available.

I would rate Trend Vision One seven out of ten.

Trend Vision One is deployed across multiple departments in our organization.

Trend Vision One requires maintenance.

Vision One access supports multiple modules, including endpoint protection, the XDR module, and the Cloud One module, which are the ones that particularly caught our interest.

We have been doing a proof of concept for Trend Vision One to assess its capabilities as a cybersecurity solution. Vodafone is partnering with Trend Micro to offer security services and products to our customers to secure their environments, similar to a SaaS solution. We are exploring it as a partnership opportunity to provide enhanced security solutions to our customers.

We conducted a POC and tested multiple use cases by downloading malicious files and observing their behavior. Trend Vision One successfully detected and blocked all threats, including malicious files, scripts, and even dormant scripts that later became active. All these threats were stopped at the endpoint level, demonstrating that Trend Vision One effectively defends against malware, ransomware, and malicious scripts.

Trend Vision One incorporates a machine learning agent designed to defend against advanced threats, such as zero-day attacks. This agent monitors endpoints for malicious activity and, if detected, automatically quarantines the affected machine to conduct further analysis.

It employs machine learning to quarantine devices during ransomware attacks, however, this functionality has not yet been tested.

Trend Vision One provides a single console with a unified dashboard that consolidates information from our entire environment.

The single console provides end-to-end visibility into our IT security environment. We tested the endpoint security, and the SDR performed exceptionally well, providing a clear topology and metrics of our environment. This allows us to monitor the status of each node within our network.

The Trend Vision One platform was integrated with a Linux-based Service Engine to facilitate integration with third-party IT security solutions.

Learning to use Trend Vision One was straightforward, thanks to the helpful courses available on their portal and the excellent support provided during product introduction.

Administering Vision One endpoint security is easy through the single console.

We successfully tested Trend Vision One in a hybrid environment, with components deployed both on-premises and in the cloud.

Trend Vision One offers virtual patching to protect against vulnerabilities while vendors develop permanent patches. This is crucial because vendor patches can be delayed, leaving systems exposed. Virtual patching provides immediate protection, acting as a temporary shield until the official fix is released.

Since we are still in the testing phase, we have not yet seen a reduction in viruses or malware. However, we anticipate potential improvements in security operations across hybrid environments if implemented fully.

Trend Vision One's greatest assets are its cloud-based platform and credit-based purchasing system, which eliminate the need for traditional licensing and procurement processes, enabling quick product acquisition within one or two days. Trend Micro's strong reputation and excellent threat intelligence further enhance the platform's value. The analytics are also good, particularly the XDR and cloud assessment tools, which correlate logs and information to consolidate alerts for the SOC team.

One area that requires improvement is the installation process of the agents, as it is not seamless. The installation sometimes requires multiple troubleshooting steps and is not straightforward.

We have been conducting the POC of Trend Vision One for approximately three to four months.

There were no major issues with stability, no bugs, glitches, or errors, except for the challenges faced with agent installation. I rate the stability of Trend Vision One eight out of ten.

I rate the scalability of Trend Vision One ten out of ten.

We did not engage with customer support during the POC phase, so we cannot provide feedback on that aspect at this time.

Positive

For endpoint protection, we have used Microsoft Defender and Cortex XDR. We encountered issues with those solutions, but Trend Vision One seemed to address these concerns effectively.

The initial setup was not complex. The prerequisites were set first, allowing integration to be completed in about a week.

The pricing is mid-range, neither cheap nor overly expensive. The cost is considered fairly priced.

I would rate Trend Vision One nine out of ten.

Our team from our organization includes three members involved in the POC testing.

I recommend Trend Vision One to other users based on our experience during the POC phase.

Trend Vision One is a comprehensive endpoint security platform that combines NDR, XDR, and MDR capabilities in a single dashboard. We deploy it in offline environments, such as power plants, using relay management to ensure system connectivity without internet access. This approach allows for implementing robust security workflows even in isolated networks.

Trend Vision One effectively protects endpoints from malware, ransomware, and malicious scripts by allowing for the configuration of policies and sensors that detect and prevent unauthorized file modification.

Trend Vision One offers advanced threat protection that adapts to new and unknown threats. Upon detecting a threat, it deploys a virtual patch to mitigate the issue.

Trend Vision One helps detect ransomware with runtime and machine learning capabilities and will alert us of the detection.

Trend Vision One provides us with a single console for cross-layer detection, threat hunting, and investigation and is easy to learn.

It enhances risk management by providing comprehensive visibility into our environment. This ensures all systems are up-to-date and vulnerabilities are minimized.

Virtual patching is extremely helpful because it provides proactive protection against vulnerabilities even before a fix is available for the underlying issue.

Trend Vision One has helped reduce the number of viruses and malware we received. It has also helped manage risk effectively across various products like workload security, email security, and others through a single dashboard, thus making it easier for the organization to manage risk.

The most valuable features of Trend Vision One are its capabilities for XDR, EDR, MDR, and NDR, allowing for network detection and response. It is a comprehensive solution, and even Gartner recognizes TrendMicro as a leader. Additionally, it offers excellent endpoint security and protection that can be easily managed with sensors and agents.

I would like Trend Vision One to incorporate more AI.

I have been using Trend Vision One for approximately two and a half years.

I rate Trend Vision One's stability ten out of ten. I have only faced downtime once and am confident in its stability.

Trend Vision One is scalable, and I have not encountered any issues scaling the solution to meet different client requirements.

I rate the scalability of Trend Vision One ten out of ten.

Customer service and support are excellent. The support team is very timely and helpful, offering solutions and assistance as needed.

Positive

The initial deployment can be done quickly and easily, especially for smaller deployments within one day. For larger deployments, like those with hundreds of endpoints, it might take a few weeks.

I am not directly involved with pricing, but I emphasize the need for competitive pricing to facilitate easier sales.

I would rate Trend Vision One ten out of ten.

Our clients range from small up to enterprise level.

I recommend Trend Vision One to others.

Trend Vision One has advanced sensors that collect telemetry from various sources like endpoints, email, and network. Workbench then correlates data to provide visibility across the entire environment. If there is any virus in the environment, it correlates the information, shows where it started, who the user is, and how it traveled through the environment, thus providing complete visibility and infrastructure correlation.

Trend Vision One consolidates security and saves time.

Trend Vision One is a cybersecurity platform in which Trend Micro has integrated every kind of solution. You have an MDR solution. You have an email security solution. You have endpoint protection. You have server protection. You have EDR. You get everything in one console, whereas vendors like Kaspersky and CrowdStrike do not have only one console. With Trend Vision One, you get all the solutions in one web console or platform. 

It helps with faster response. You have telemetry from different sources, which makes it easy to do analysis and respond. Its automation capabilities help to isolate endpoints and respond. You can respond in multiple ways. You can revoke permissions or terminate any process. You can isolate an endpoint. You can run a script. You can automate in different ways and integrate scripts, playbooks, etc. It saves time.

Centralized visibility is valuable. We can view what kind of virus or threat exists, where it has traveled, and how it started. A security analyst can use just this one console to view all the information.

Another valuable feature is its automation capabilities, which help in responding to any kind of alert swiftly.

Currently, there is nothing specific that needs improvement. Their support is very cooperative, and they provide an educational portal for learning the solution. However, deployment could improve by considering customer environments that are not fully updated.

I have been working with Trend Vision One for the last six months.

When I contacted Trend Micro support, they were very cooperative and quick in resolving and remediating any issues. I would rate their support a nine out of ten.

Positive

I have worked with Kaspersky, which offered only a single solution and not a fully integrated console. Kaspersky had multiple options but did not provide the same level of centralized visibility as Trend Micro. Kaspersky has graphs for visibility whereas Trend Vision One has both graphs and Workbench. Workbench provides a wider overview, whereas, with Kaspersky, you can only see a sketch of where a virus started or where it ended. Trend Vision One tells you how and through which user a virus came into your environment and how it traveled through your infrastructure.

There is a big difference in the price. Trend Micro solutions are more expensive than others.

It can be a bit complex. Trend Micro has a requirement that endpoints should be fully updated. In customer environments that are not connected to the Internet, that can be an issue. Trend Vision One is a cloud platform. If the endpoints are not updated, you can have multiple errors when you deploy the agents. We find such issues in customer environments.

The initial deployment time depends on the infrastructure. It took us about a month to cover 1,000 endpoints and 200 servers.

Trend Micro solutions are very expensive compared to other solutions. Even though everything is in one console, each feature requires a separate license.

If you do not have any compliance regulations preventing you from using a single vendor, I recommend adopting Trend Micro's cybersecurity platform for full security coverage and reduced management time.

The Risk Index feature helps with the attack surface and risk management. It detects vulnerabilities in your environment and calculates the risk in your environment, but I have not yet used this feature.

When you deploy such a solution in your environment, there is always a huge amount of false positives. The false positive rate depends on how your security engineer has done the configuration. After some time, the false positive rate reduces. The reduction in the false positive rate depends on your infrastructure. If you have a huge infrastructure, it would take some time. It also depends on your security resources who work on this solution. If you have only one person, it can take about six months, but if you have a team of five security people, it would take about a month.

I would rate Trend Vision One a nine out of ten.

We use Trend Vision One for the XDR and we absolutely love it, especially the full visibility into protected assets. It's incredibly easy to identify weaknesses across systems and manage any outdated software or areas needing attention directly within the user interface. Previously, we juggled multiple dashboards, but the new version has streamlined everything into a single, unified dashboard. This has significantly simplified our workflow and improved manageability. In essence, we can now manage multiple products seamlessly within the same Vision dashboard, which is a considerable improvement over the previous system. This year has brought significant and positive changes to our workflow.

We use XDR across Office 365 in the cloud and on-premises environments to safeguard our assets. This includes protecting our server environment, workstations, and Virtual Desktop Infrastructure, ensuring comprehensive endpoint security.

Our deployment utilizes a hybrid model, making agent deployment incredibly simple. We employ several different deployment methods: on-premise deployment through Active Directory and utilizing various tools. In case a system leaves the network for any reason, we have third-party solutions in place. We have multiple RMM solutions that can be rapidly deployed in these packages. For example, I've recently observed systems being spun up and sent home before antivirus protection was activated. We still have the opportunity to deploy these solutions in the cloud automatically. So, we have a few ways to work around this and deploy those agents, making it easy to deploy either on-premise or in the cloud. We can address several scenarios and push out to those endpoints.

Coverage is extremely important. We want to ensure visibility into all assets across the network, whether it's a workstation within the office or someone working remotely. This visibility is crucial even when they're outside the network or using cloud-based software, especially since we have no on-premise infrastructure. With the rise of remote work, having this extra visibility into devices, whether at home or abroad, is invaluable. We appreciate the ability to see what's happening on any asset, regardless of its location. This allows us to monitor running processes, identify vulnerabilities, and push necessary updates, ensuring we maintain connectivity and security no matter where devices are operating.

Trend Vision One offers us comprehensive visibility within a single dashboard, which is crucial since we manage numerous other products and security solutions with various dashboards. The simplicity and centralized visibility provided by Trend Vision One significantly streamline our operations. Managing a multitude of security products across our environment necessitates consolidated visibility to minimize back-and-forth navigation. Having all the necessary information in one place is essential for us.

We use executive dashboards to generate weekly or monthly reports that provide a risk score index. This index helps us identify areas needing attention and understand the teams' focus. We then share this information with IT senior management. In addition to our reporting, we receive a monthly report that allows us to compare our current status to the previous month's and highlight new challenges, team weaknesses, and ongoing efforts. This comprehensive view enables the executive team to monitor the team's continuous progress.

We utilize the risk index feature to monitor and mitigate potential environmental risks. One example of this is how we proactively worked to reduce the risk index score of a recently acquired company. Their antivirus product was expiring, so we opted to purchase additional licenses for our existing Trend Apex One product suite instead of renewing it. However, this integration significantly increased the risk index score due to numerous previously unmanaged devices on their network. To address this, we systematically worked through the risk index list, identifying outdated software and determining if it was still in use or could be safely removed. By leveraging the risk index in this way, we successfully lowered the score and ensured the secure integration of the newly acquired company into our environment.

It took some time to fine-tune Trend Vision One before realizing its benefits. A significant concern was integrating it into our virtual environment, a complex process. However, we gained significant visibility once set up in our VDI, leading to further adjustments. We fine-tuned the environment, removing unnecessary elements, which is especially crucial for our non-persistent VDI, where VMs reset if anything goes down. Through these tweaks, performance improved, and the extra visibility provided by Vision One highlighted areas needing attention, allowing us to optimize the environment gradually.

We use Trend Vision One within Azure, expanding its monitoring capabilities to both on-premises and cloud assets, including Active Directory, which is synchronized from our on-premises environment. This hybrid setup covers assets locally and in the cloud, including Office 365, and Trend Vision One effectively manages security across this environment. It has simplified the process, particularly for virtual environments, providing enhanced visibility and flexibility compared to previous products. The additional visibility has been invaluable, enabling us to address previously undetected vulnerabilities and mitigate risks.

During XDR and managed services pen testing exercises, we identified some weaknesses. They were able to automatically crack some accounts. As soon as one system was breached, the managed services team contacted us, escalating until they got a response. We could see their process in action - their steps and what they did in the backend. We provided them with details about the events and the ongoing pen test. It was an excellent test to see that the managed services worked as intended. There was a breach; they asked if we were aware and stated they would isolate the device if we weren't. We acknowledged we knew about the ongoing pen test. Throughout these exercises, they reached out immediately, demonstrating their focus on alerts, their process for triaging them, and their communication with clients.

The attack surface is directly related to exposure and risk. Any identified vulnerabilities, such as outdated software like older versions of Office or Google Chrome products, are flagged immediately. We use third-party solutions to address these issues across all workstations. Whenever we detect internal or internet-facing exposure, we prioritize remediation based on criticality. External-facing vulnerabilities are patched first, as they pose a greater risk than those affecting only internal assets. We rely heavily on exposure risk and risk index to determine priority and ensure the most critical vulnerabilities are addressed first. This helps us identify blind spots in our environment. Take the new acquisition as an example; many devices were unprotected and lacked crucial Windows updates. Numerous products and workstations required immediate attention. Security wasn't the initial priority, so we addressed that and ensured it became one. We implemented numerous changes with acquisitions to align them with our security standards.

Trend Vision One has significantly reduced our mean time to detect and respond to threats by 60 percent. It centralizes all information, enabling us to identify and address vulnerabilities quickly. For example, if we discover multiple devices running an outdated version of Office 2013 missing patches, we can easily compile a list of those devices and share it with the responsible team for remediation. This visibility allows us to proactively address weaknesses across the network, such as deploying updates or the latest release of third-party software to mitigate risks. Trend Vision One has been instrumental in enhancing our overall security posture.

The managed services significantly reduced the time we spent investigating false positive alerts. In uncertain scenarios, we consult the managed services team. If unsure about anything, we use the AI companion for questions. If we encounter an unfamiliar flag or event, we research it independently and involve the managed services team's professionals for deeper investigation.

We have implemented some automation but haven't fully explored its capabilities. We have a few playbooks for tasks like blocking user access based on IP addresses or email content. Since we use Office 365 in the cloud, there's also a lot of automation for handling incoming emails, such as blocking and sending alerts. While we've used playbooks to a limited extent, there's potential for further automation, and we plan to explore this further.

The most significant recent change has been the addition of the new AI companion. This feature has proven invaluable, especially when integrating with third-party products or resetting the dashboard, as it provides detailed step-by-step guidance. In fact, we were able to resolve all issues independently, without needing to contact support, thanks to the AI companion's comprehensive answers.

The only downside to Trend Vision One is its complexity. It's a comprehensive product covering a lot of ground, which can be a little intimidating initially. The user interface, in particular, can take some time to get used to, with menus that could be better organized and a dashboard that could be more user-friendly. Due to the sheer complexity of the product, navigating and familiarizing oneself with the environment requires some effort. While the initial learning curve might be steep, the product's vast capabilities justify the time investment.

I have been using Trend Vision One for two and a half years.

I would rate the stability of Trend Vision One nine out of ten. I haven't experienced any crashes or issues in the last few years since we started using the product. While there are occasional upgrades and minor changes that require adjustments, the overall stability is excellent. We have no complaints, especially considering the VDI environment, our primary focus, has been running seamlessly. The lightweight agent minimizes resource usage, further contributing to smooth performance.

I would rate the scalability of Trend Vision One nine out of ten. We successfully scaled it up by adding approximately 250 workstations and deployed the product within a week. We replaced their previous product, scripted everything, integrated it into their on-premise servers, and deployed the agents. The 250 additional assets were integrated within two or three days, providing complete visibility in the dashboard. The team then took over and identified any weaknesses. In summary, scaling up and adding 250 workstations was easy to implement.

The technical support and service are excellent. After our new acquisition, we encountered a few issues that we hadn't seen in our environment compared to theirs. Through troubleshooting, we determined that the problems weren't caused by the product itself but rather by corruption in specific systems. We systematically worked through the other products, disabling them one by one. The troubleshooting experience was excellent, and we reached a resolution within a couple of days of contacting support. They were very professional and provided direct answers, resulting in the issues being resolved correctly and in a timely manner.

Positive

In the past, we have used a few different products, including Sophos and Cylance, which we have used for the past couple of years. We also used Trend's older products, like OfficeScan, about eight or nine years ago. We eventually moved away from those products due to their lack of AI capabilities. After trying other products, we returned to Trend with Apex One and Vision One. We've been happy with the product, and its virtual environment capabilities were a major factor for us. Trend has consistently been the best performing product for us, so we decided to continue using their products with Trend Vision One.

The initial deployment was straightforward. We leveraged our existing products to force and uninstall the previous product, opting for a custom scripting approach rather than standard GPOs or internal solutions. This allowed us to uninstall the old package and ensure the new installation was reflected in the dashboard, streamlining the process and enabling us to proceed seamlessly to the next phase. Overall, the deployment was straightforward from our perspective.

We deployed Trend Vision One during COVID, which took approximately one and a half weeks because the server side required additional fine-tuning for all the exclusions.

We implemented the solution in-house. We repeatedly reached out to obtain basic information and guidelines on the VDI component and the virtual environment, specifically regarding steps for managing the virtual environment when closing a gold image and imaging numerous workstations with a single image. Due to the complexities involved, we requested documentation. However, our internal team completed the entire deployment with limited support from their support team, following the provided instructions.

The pricing is fair compared to other solutions. It's within the price range we're looking at for a single endpoint, and fair pricing is important to us.

I would rate Trend Vision One nine out of ten.

The Trend Vision team handles all maintenance on the SaaS backend. Internally, we only need to update the VDI environment occasionally because it's a non-persistent VDI, meaning it's locked down and reverts to its previous state upon reboot. We periodically open the gold images to perform maintenance, update signatures, and force program upgrades, but this is only a monthly task. So, we spend minimal time managing the solution.

Before implementing Trend Vision One, ensure you gather comprehensive documentation. Adhering to the guidelines will streamline setup, and any queries can be resolved using the efficient AI companion. Users can pose questions or access documentation directly from the Trend website. Initially, focus on familiarizing yourself with the dashboard, risk indexing, and the executive dashboard. Explore the product, ask questions, and continue experimenting and seeking assistance once deployed. The process is straightforward once you've had the opportunity to explore the system thoroughly. The primary challenge is becoming comfortable with the interface and navigating its features effectively.

We use Vision One XDR for our endpoint security. Our company has nearly 4,000 users. We have endpoint cybersecurity agents for which we can use XDR. 
Trend Micro has multiple subscription licenses for individual Vision One components. There are also licenses for XDR for endpoints. We have adopted four packages from Trend Micro: endpoints, workload security, mobile security, and email security gateway.  

We didn't realize the benefits immediately after deploying the solution, but we saw results quickly. When you install Vision One, the policies are set to the default setting. It scans your machines, and you get alerts if someone is attacking, there's a vulnerability that must be patched, or there's a Trend vulnerability you're patching somewhere.

It has reduced our detection time. The detection is quite fast, but the response at the SOC level might take time. Vision One can be used to conduct analysis first. It reduces the investigation time because Trend Micro has an advantage in Pakistan. They have local technical resources deployed here. Organizations can get heavy false positives, but Trend Micro can help you define the policies accurately.

Our primary focus is DLP, and Vision One has solid DLP features. We also use URL filtering and device blocking, and there's telemetry for identifying exploitable vulnerabilities.

It offers us centralized visibility. That's the advantage of Vision One's unified platform with data lake capabilities. They pull telemetry data from the endpoints, network devices, and cross-layered architecture, and Vision One performs filtering and analysis.

Additionally, Trend Micro can integrate third-party tools, such as Fortinet, Cisco, or any other vendor's firewall, to get the logs and alerts from them. Vision One is much more capable in that way.

Having that centralized visibility has improved our efficiency. The organization has multiple tools segregated into separate windows that give you a particular type of visibility. Multiple SOC team members can view the same window. The beauty of Trend Micro is its ability to integrate all of the systems in one cloud platform, right, in terms of Vision One. From your workbench, you can easily monitor and centrally manage alerts. My SOC team is happy with it. 

The risk index feature is a rich view that rates any alert on a scale of 1 to 100 and classifies it as internal or external. Few OEMs can provide that sort of capability. The index ratings provide a window into device health and how alerts can be resolved. 

The attack surface management is a fantastic feature with a proactive approach. Normally, organizations do pen testing quarterly or once a year, but attack server management proactively checks user authentication or changes in your environment. 

Vision One's functional capabilities are excellent, but the platform can be upgraded and simplified in many ways. We use multiple playbooks to automate many things, but I'm not sure there are mature cybersecurity applications. There are several external alerts, and their behavior changes daily, so I'm not sure automation can help you that much. We're using the playbooks, but it might require some improvement.

We have used Vision One for two and a half years. 

I rate Trend Micro support eight out of 10. They stick to the SLA and respond on time. They are cooperative and supportive. I'm very satisfied.

Positive

We have evaluated multiple vendors, and Trend Micro is among the best. You cannot have a typical apples-to-apple comparison. There are a lot of things which we need to compare. Other tools may not be at the network level or have the third-party integration that Vision One has.

Deploying Vision One is easy. You can deploy it with a few clicks and configure the policies or use the default ones. It's flexible and user-friendly, and there are no headaches. The deployment time depends on your environment. If you have thousands of endpoints, it takes some time, but it's just a few minutes if you have a couple. 

Trend Micro is pricey, but it has more capabilities than a standard XDR, so the customers consider it reasonable. The market has accepted it. Trend Micro has a 64 percent share. 

I rate Trend Vision One nine out of 10. 

Its main purpose is orchestration where I have full visibility into all the different Trend Micro products I use, and it is all centralized in a single dashboard. There is ease of use with this centralized dashboard. With this centralized management, I can dive into technicalities, and I am able to do all my workbench investigations. It is quite clear, and I do not have to sift through different logs. It makes our work so easy when we need to respond to or remediate a particular issue.

The main problem that we wanted to solve by implementing Trend Vision One was the blindspots. We tend to focus on endpoints, but we forget IoT devices such as printers and CCTV cameras. This is where we had serious blind spots simply because these devices do not have an operating system. For us, it was just about eliminating these blind spots. That was our number one focus.

It has been exceptional. If you look at the evolution of the Trend Micro products up until Vision One, you can see that they do what they say they do. It has worked for me so well. That is why I have had it all these years.

We have protection against zero-day threats. One of the things that pushed me towards Trend Micro was the fact that they have the R&D for the zero-day initiative. They are a pioneer in terms of classifying CVEs. It gives me comfort. When you go and check the workbench or the report, you can see the type of exploits that it was able to detect, which have even been classified as CVEs.

Apart from the things that I do in IT, my responsibility is to protect my company's assets. I am able to safeguard my data against ransomware. The company does not have to worry that they can be held at ransom. The assurance that they do not have to pay just to get their data back makes it easy to sleep at night.

We have a single console for cross-layer detection, threat hunting, and investigation. We have what we call the executive dashboard. This is what I share with the C-suite. It is quite easy for me to break down cybersecurity in a business way, and then, of course, we have the operational dashboard and the security dashboard where I centralize all the products into one single pane. From an orchestration point of view, I love Trend Vision One. We are able to orchestrate all of our different products from one single dashboard.

Trend Vision One provides visibility into different products. I have a 360-degree view of my entire IT infrastructure, which helps me understand my threat landscape and the way it looks. The beauty of it is that it has metrics. I can see how I am performing as compared to 30 days or 7 days ago in terms of the risk indicator. Is it going up or is it going down? This is important for me because I am able to forecast and anticipate behaviors or patterns from the people perspective and the process perspective. I know what I need to do and train people on, and in terms of processes, I know what I need to do to clean up my policies. In terms of technology, I can assess if there is any other thing of Trend Micro that I need to supplement to make sure I am fully protected.

Our response is instantaneous. I do not have an exact percentile in mind when it comes to the reduction in the response time, but our response is instantaneous.

I have integrated it with my NUC, my firewall, and my database monitoring tool. Trend Micro has a feature for virtual patching through Trend Micro TippingPoint. It instantaneously does the patching and cascades them across. Apart from what we call scheduled patching, on-demand patching is a part of their product features.

Trend Vision One is very easy to learn. This is the second organization where I am using this Trend Micro solution. When I introduced it, my team did not know about Trend Vision One, but within a month, simply with the help of the business portal where we have the e-learning, they were fully skilled and even certified at the entry-level of Trend Micro. Their feedback was that it was quite easy for them to adopt.

Trend Vision One is not at all difficult to administer.

We have seen a reduction in viruses and malware since implementing this solution. They provide you with the metrics for risk posture. You can see the reduction in your threat landscape. It goes granular to the point of telling you which type of malware or threat you are exposed to and the reduction. It is very definitive from a percentile marking. In my previous organization, we saw about a 75% reduction when we rolled it out. We were previously using something else there.

It reduces administrative overhead. I stopped adding additional headcounts from a security analyst and a security officer's point of view. It helps me reduce the overhead. On average, considering the annual wage of a security analyst, there is a reduction of about 7,000 dollars per annum.

I use Trend Micro's managed XDR services in conjunction with Vision One Endpoint Security. It reduces overhead. It is a fully-fledged managed service, so I do not need to have the business invest in an in-house SOC. It is a whole lot cheaper.

From an automation point of view, I find the ability to curate and deploy playbooks very helpful. I find that very convenient for us. It gives away the manual process. There is the ease of use.

I love what they have done with their Trend Companion AI, where it becomes so easy to have it do something for you instead of sifting through different tabs. So, the automation element and their new AI feature are top-notch for me.

I find the virtual patching that they offer superb.

There should be a bit more dynamism when it comes to their playbooks in terms of the action triggers. That is the only thing that I would want to see a bit more. There should be a bit more dynamism, especially when you are creating your own playbook. This is something I have also discussed with Trend Micro.

I have been using Trend Vision One since 2020 when it was rolled out. I have been using Trend Micro products since 2015.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

I would rate their support a ten out of ten.

Positive

I have used a plethora of other solutions. I moved to Trend Vision One for multiple reasons:

• The ability to do what the solution says it does
• The ability to orchestrate all different solutions into one single pane
• The ability to have automation when it comes to detecting and responding to threats

It is deployed on the cloud. For me, the deployment was easy. For the endpoints, we just did a GPO push through Active Directory. For the cloud, we used just simple tenancy APIs and we were good to go.

It took us a week simply by virtue of how big the organization was.

In the IT team, there are 10 people working with this solution. We also have other departments such as risk and audit that use it. Overall, there are about 20 people directly working with it. The remaining are users for whom it just works silently in the background.

The maintenance is not done in-house. It is handled 100% by the OEM. They do share notifications, but we as users do not feel it, so whatever maintenance is required is handled 100% by the OEM. That is the beauty of a cloud service. You are not overly bothered by it.

In my previous company, over the four years, I believe we had seen about 81% ROI.

There are cost reductions because of the simple fact that I have automation. It means that I do not need to spend a whole lot on headcount for security analysts. From a commercial point of view, it has helped me reduce my operational costs, and then there are also security cost reductions because of the fact that it is automated and it responds in real time.

When I compare it to its peers that can do the same, it is cost-effective.

The evolution has been great. When I started using Trend Micro Vision One, the product feature was what they used to call business worry-free. It has evolved from an EDR to a fully-fledged XDR. You can see that the R&D is putting in work, and there is evolution. In terms of product coverage, they do not look at only endpoint protection. Right now, we have bespoke server protection. We have cloud asset protection and email security. You can see the growth of Trend Micro when it comes to its cybersecurity offering.

Based on my experience, I would recommend this solution. The ease of use, elimination of overhead, and return on investment are the reasons why you should have this solution.

I would rate Trend Vision One a ten out of ten.