We have deployed Trend Micro XDR on all our endpoints. It is deployed as an agent because we are using Trend Micro Apex, the antivirus agent, and the SaaS agent. This means that we receive notifications from XDR for any suspicious activity related to endpoints. For example, if a user connects to a suspicious website, XDR should alert us based on our rules. It can also generate alerts for malicious Windows activities.

In addition to deploying XDR on our endpoints, we have connected Vision One XDR to our Office 365 email platform. This allows XDR to read incoming emails. We can then configure rules to remove emails from mailboxes if they have certain properties or are particularly suspicious.

We have also connected XDR to our Azure platform, which is our user authentication platform. XDR can monitor for risky user sign-ins, such as sign-ins from unusual locations. If it detects any risk, it will notify us.

Finally, we have integrated XDR with a third-party tool to receive indicators of compromise. When we receive an IOC, Vision One will automatically run a check in our environment to see if any endpoints have been compromised. It will also check to see if any emails have been sent from any of the senders in the IOC listing. If it finds any matches, it will notify us.

We can also configure playbooks to automatically take action when XDR detects a threat. For example, we could configure a playbook to force a user to reset their password or isolate an endpoint from the network.

We are using the Trend Micro Vision One XDR agent. This agent component is installed on all of our endpoints, including servers, workstations, desktops, and any other computer elements. Vision One also has an API-based element, which we have connected to our email system, such as Azure.

Before Vision One, we had limited visibility into our security posture. Things were happening all around us, but we couldn't see them. With Vision One, we have centralized visibility and management across all of our protection layers, so we can see and respond to threats quickly and effectively.

I cannot imagine my day-to-day operations without the visibility that Vision One provides. It makes all the difference. No other platform compares to Vision One in terms of simplicity, ease of use, and importance.

Vision One has improved our efficiency with centralized visibility. Before Vision One, we had to go to different platforms and tools in our environment. Sometimes the information was missing and sometimes we were searching with the wrong terms. But because I can now see everything at once, it has helped. The decision we are making now is simply to go there, and whatever we have been faced with, the console is enough to make a decision.

We just signed a contract for Managed XDR services. We were managing our security before, but we'll start using their managed services next year. We've received a few escalations from them already, but that's because they're proactively searching for threats, which is a good thing. For example, I got an escalation from them last week for something that we wouldn't have discovered on our own. It wasn't something that the tool would have generated an alert for either, because it was very similar to what a user would normally do. But they were able to find it because they're looking into all of the addresses that they have. This led to us being able to control incidents that would have happened otherwise.

The XDR service has saved us time, enabling us to work on other tasks. The environment is quite complex, so before we had XDR, we didn't have any tool that considered all possibilities or provided any visibility into our environment. When we first started using the tool, it was new to us, but after a couple of years of using it, we've found that it is a legitimate tool that provides valuable information. Instead of seeing it as adding more work to our workload, we see it as helping us to be more proactive and prevent future incidents. For me, it has been a great help and has added real value to our work.

XDR helped us reduce our time to detect and respond to threats. With a single click, I can isolate a computer from the rest of the compliant environment. I had to do this last week when I had to support two escalated computers. Without XDR, there would be hundreds of things that we would not have seen or known about. But with XDR, we can see everything. And that even includes coverage of devices or computers that are not owned by us, such as those used by vendors. If a vendor brings a malicious device onto the property and downloads something malicious, we can detect it as early as possible.

Trend Micro XDR has helped us reduce the time we spend investigating false positive alerts. I am 100 percent confident that everything that comes out of the platform is legitimate. We had a few false positives when we first started using the solution, but because Trend Micro allows us to whitelist specific items, we were able to build our policy accordingly. Sometimes, there are malicious items that we need to allow because of our environment, such as certain security tools. Trend Micro allows us to build a policy that excludes these items from alerts, so we no longer receive alerts for them.

We use the XDR automation capabilities extensively, including playbook automation for tasks like isolating computers, and API-based automation for most other tasks. For example, we are a member of the retail ISAC information-sharing platform, and we have automated scripts from that platform that pull in all malicious senders, IPs, and domains, and pool them into XDR. XDR then automatically scans all computers to see if any of these malicious entities exist. If they do, XDR generates an alert and allows us to take action, such as removing the file. We generally set XDR to allow only, so that we have visibility into all malicious activity, even if we don't take action on it.

I would like to have the capability to export the information we receive from the XDR into Microsoft Excel.

I have been using Trend Micro XDR for almost four years.

Trend Micro XDR is stable. We have not experienced any stability issues when using the console.

I do not have access to the backend, so I am not aware of the specific technical details. However, from an end-user perspective, the scalability of the system appears to be excellent.

I reach out to technical support almost every week to address any questions I have. I also have a bi-weekly meeting with their technical team. They guide open tickets and address any concerns we may have. Additionally, we have a monthly meeting with Vision One developers where they discuss upcoming features and seek input. I know exactly who to contact for any assistance I may need. Sometimes, I can simply email them directly instead of opening a ticket. The process is always straightforward and efficient. At times, the prompt responses make me wonder if they are using AI assistance, but I hope that's acceptable. I usually receive a response within a minute or two, which suggests AI involvement. However, the signature at the end of the IT person's email confirms that an actual person is handling my request.

We had Carbon Black, but we're using it only for application control. With Trend Micro XDR we can detect and respond.

The initial deployment was straightforward. I have extensive experience in deployments across various companies and platforms. However, Trend Micro XDR surpassed all my expectations. We had previously deployed on-premises, and all we had to do was access the designated console and click a button to migrate all on-premises agents to cloud agents. It was incredibly easy. My team of two and I handled the entire process without any involvement from the teams and properties. I right-clicked and moved everything over. A few agents remained unmovable due to their outdated versions, but we successfully migrated close to 99 percent of all agents.

The implementation was completed in-house. Trend Micro provided a document link to help with the deployment.

Trend Micro XDR is reasonably priced for its value, comparable to other products like VMware Carbon Black.

We evaluated an additional option with Carbon Black because we already had that agent in our environment. We also considered Cisco, which has its own XDR platform.

I would rate Trend Micro XDR ten out of ten.

We tried to use the risk index feature, but I didn't have the resources to focus on it at the time. I was more focused on the actual findings that were happening. I have since hired someone who will focus on the risk index, as the primary reason I hired them is to focus on the risk element coming from Vision One, as well as from other third-party intelligence platforms that we work with or have contracts with. Now that I have someone here, we will be focusing on the risk index.

No maintenance is required.

It's a perfect tool for monitoring infrastructure, including endpoints, servers, and potential attacks via networks. That's especially true for internet-visible hosts, which we can monitor directly from the tool.

We had problems with users not using legitimate tools, such as pendrives. We needed to protect hosts from external threats and third-party actors. That included monitoring behavior, scanning our infrastructure, and exploitation of vulnerabilities.

The solution has enabled us to completely reorganize our work. I was the first person using this tool in our company, and I completely changed user behavior to become more restricted. In Poland, but also in the United States, we are very strict about abnormal usage of our tools or attempts to download tools that shouldn't be on desktops, laptops, or servers. From my point of view, we are now a completely different organization than when I joined it. Trend Micro is one of the most important security tools we have implemented.

We don't need to use an external vulnerability scanner because Trend Micro XDR has a module for that, and we can save that money.

Trend Micro's Managed XDR is quite nice because I can manage more than 2,000 endpoints. I use the playbooks with particular scenarios for incident management. It's a very nice tool. It competes with anyone on the market. Sometimes, when we detect some kind of threat and we have no idea how we should investigate, troubleshoot, or mitigate the risk, we use the managed service team with Trend Micro engineers. I'm very happy with this team. They are very good professionals.

We respond much faster thanks to the intelligence used by Trend Micro. They have very good knowledge because they have many threat sources. That is why we are reacting much faster than we would if we had to dig deeper without that knowledge and this tool. It would be absolutely impossible to manage this infrastructure by a single admin or even two security admins. We are able to detect and respond about 80 percent faster. It's not only the monitoring and alerting for classic signature threats; there is also a tool for monitoring user behavior. It would be utterly impossible to find abnormal user behavior without this type of tool.

And we have mitigated most of the false positives—more than 90 percent. About one out of 10 alerts may be a false positive. In the beginning, we had to learn about Trend Micro, what was a legitimate action and what was a suspicious or malicious action. We had to learn what the right approach was.

This product is simple to use. Sometimes, especially when new features come out, I need to spend a little bit of time discovering how they work. But overall, it's simple. The interface is quite nice.

The integration is also nice because there are many external tools that we can connect to the platform, such as configuration management tools. Because the platform is integrated, I can manage almost the whole company across our global organization. I can almost manage the infrastructure alone. We have minimized the need to expand our team.

It also handles vulnerability management.

We use Trend Micro to cover endpoint protection and server protection. That's one of the key points for our company. And Trend Micro Vision One absolutely gives us centralized visibility and management. Especially when we integrate it with Active Directory, we get full visibility of our endpoint and server infrastructure. That is very important; a 10 on a scale of one to 10.

We also use the solution's Executive Dashboards. We present the findings in steering committees periodically. Sometimes, there is a repetitive alert or event. Directly from this dashboard, I can see the groups of this type of event. For me, it's quite a nice tool for presenting the results to the C level and the whole company for those who are not technically experienced.

And especially because of the new European regulation called NIST 2, we are using the solution's Risk Index feature. We calculate our risk score and we can see how it is changing in the timeline. Is it growing? Is there a new vulnerability detected? We can also compare our risk score with organizations of the same size or in the same industry and see if we are better or worse.

The area for improvement is mobile security. We have just finished a proof of concept for Zero Trust Secure Access. We withdrew from this PoC because it does not have that many points for proxy across Europe. Our organization is across Europe, and it will be nice when it is possible to have Trend Micro proxies across many more countries. At this time, they are only located in Germany and the UK. For us, it's not enough. We are waiting for them to increase the points of contact, and after that, we will return to this project.

From my experience, it was quite a nice tool, and I could manage almost all of the actions that I could not manage in a traditional way. Traditionally, I could allow or block usage of an application. But using the Zero Trust Secure Access tool, I could manage the schema of the usage. I will wait for this tool to change in the next few months.

I have been using Trend Micro XDR for almost 20 months.

It's a stable product. We haven't detected any issues other than the false positives, but that's normal.

We use it in multiple locations because our company is spread across Europe and Asia, as well as the United States and Canada. We have more than 2,000 users, and the solution covers 400 or 500 assets.

If our company were to increase over two to three months to 10,000 users, it would not be a problem. We have the ability to extend as we scale our users. It's very simple and absolutely flexible.

Their technical support is nice. On a scale of one to 10, it's a 10. They respond fast using email, phone, and the customer service portal.

I used competitors' tools, Secureworks, as well as Carbon Black. These are nice tools, but they are very heavy to implement and heavy on daily operations. Trend Micro is much better, much more flexible, and I have much more visibility. It is a cost- and time-saving tool.

Our deployment is a hybrid. We have advanced our implementation a lot. The first implementation was only one of the features called OfficeScan. That was a few years ago, and the implementation was in the United States. After that, we moved forward with the implementation across servers and endpoints, including Mac and Microsoft endpoints.

The whole project took about three months, with the custom discovery and the fine tuning. We had two people involved, one in Europe and one in the US.

Sometimes, maintenance is required if there is a new feature. It needs to be restarted. But this function is done by Trend Micro engineers because we are using the XDR in the cloud. We don't touch it. There is maintenance on our side for Deep Discovery because that part is an on-prem solution. But it's simple to manage.

They are implementing new tools, like Trend Micro Apex One and DDI. They are ready for implementation on the console, and we are waiting to transition to these tools.

For the new features, I prefer doing a proof of concept, like we did for the Zero Trust Secue Access platform. That was a good move because we saved time when it came to resolving issues on the user side. We had a few users in every department, and we tried to discover what would happen if we implemented this tool. That is my approach to being safe with such products. We can do things without any technical training and can disconnect users around the world using one switch. For new features, I'm a big fan of using a proof of concept.

We use Trend Micro XDR for endpoint detection, endpoint user protection, and virtual security.

We have deployed Trend Micro XDR across our entire environment, which is important for our organization's threat detection capabilities.

We use Trend Vision One to monitor our environment 24/7. Centralized visibility is very important to me and my management. In addition, management wants to see centralized dashboarding. This is very important.

The centralized visibility and management across our protection layers have improved our efficiency.

The executive dashboard is important to our organization. I use the dashboard each morning and evening.

Trend Micro XDR has helped our organization improve its defenses against external and internal threats.

The Managed XDR service has positively affected our team's workload by providing 24/7 monitoring. This has saved our team 20 percent of their time to focus on other tasks.

The time to detect is under one minute.

The proactive approach is the best feature. When Trend Micro XDR detects a virus in our system, it stops it and secures our branches.

The centralized dashboard has room for improvement.

I have been using Trend Micro XDR for almost two years.

Trend Micro XDR is stable.

Trend Micro XDR is scalable.

The technical support is good. We receive a response within ten minutes.

We switched to Trend Micro XDR from Kaspersky because it is a better product and we have not faced any issues.

The deployment took one week and required a few people to complete.

Trend Micro XDR is expensive.

I would rate Trend Micro XDR ten out of ten.

We have over 100 Trend Micro XDR users.

We use Trend Micro XDR for rapid response to end-user computing and security concerns.

As a health system, one of our core challenges is ensuring full visibility into our attack surface. We have many thousands of endpoints and end users that must be properly secured and protected. Our primary use case was to improve visibility, and response time, and reduce complexity. That is why we chose Trend Micro XDR.

Trend Micro XDR is deployed on Trend Micro's private cloud.

We are using Trend Micro XDR on our endpoint and server infrastructure. The coverage is extremely important to our organization.

Trend Micro XDR provides us with centralized visibility and management across protection layers.

The centralized visibility and management across protection layers have helped our efficiency. The most significant advantage is that we used to manage these platforms with three or even five engineers, and now we're managing them with one.

It is extremely important to us that we can drill down from the executive dashboards into XDR detections. This provides us with the single pane of glass view that I mentioned previously. Being able to see at a high level that there may be systems that are behind on patch levels or need additional service or support, and then being able to drill down specifically to an individual machine, which may be unique in our environment, is very helpful.

We use the risk index to evaluate ourselves holistically, including our performance against best practices and security, as well as our performance against other healthcare systems around the world. This allows us to identify areas where we may have vulnerabilities or where we are particularly strong so that we can focus on improving in the areas where we need to.

Trend Micro XDR has helped us improve our resource utilization through automation, reducing manual effort and enabling faster response times. In under a week, we had tuned our environment to perform optimally.

Trend Micro's Managed XDR service has significantly reduced our team's workload by nearly 50 percent, providing a big improvement in our overall threat intelligence and endpoint security.

The Managed XDR service has enabled our team to work on other tasks. This additional availability for our staff has allowed us to reduce our need for contractors. If we are overburdened, we will hire contractors to assist in other areas of the business. However, because we have become more efficient, I have been able to hire some of those contractors and reduce the burden of contract labor.

Attack surface work management capabilities have been extremely valuable. The user and identity services provided by CREM help us to focus on and improve visibility into end-user behavior, including that of endpoints such as laptops and desktops, the network, cloud infrastructure, and applications.

The ability to detect our blind spots has significantly improved our security posture. Seeing everything clearly in a single, easy-to-understand dashboard allows us to allocate our resources directly to where they are needed most, enabling us to respond faster.

The biggest advantage of Trend Micro XDR is that it has helped decrease our time to detect and respond to threats by around 50 percent.

Trend Micro XDR has helped reduce the amount of time we spend investigating false positive alerts by 60 percent.

Trend Micro XDRs automation capabilities save us around ten hours per week.

We are very impressed with the single pane of glass visibility that Trend Micro XDR provides. It allows us to work from a single console instead of having to use four or five separate tools to maintain the same level of security. This is extremely helpful.

The manageability and artificial intelligence built into Trend Micro XDR are extremely helpful.

I've seen a lot of improvement in just the year that we've been with Trend Micro. However, I think that continued optimization of the environment towards automation and orchestration, a kind of layer that sits underneath all of the technologies, would be extremely important. When we look at the speed and sophistication of attacks today, such as ransomware, malware, and cyber threats, we need tools and technologies that can react faster. So, I think integration with automation, orchestration, and artificial intelligence will help tremendously.

I have been using Trend Micro XDR for one year.

Trend Micro XDR is remarkably stable.

Considering our growth rate of nearly 30 percent per year, Trend Micro XDR is scalable enough to keep up, so we have no concerns.

Technical support is exceptional. They are extremely engaged and supportive of everything we have needed.

We previously used Sophos but switched to Trend Micro because of its enhanced capabilities.

The initial deployment was straightforward. The deployment took between one and two weeks to complete.

Moving between security tools requires an analysis of the existing environment to understand the current configuration, rulesets, and architecture. This analysis is quickly followed by implementation to improve the security posture and validation to ensure that the infrastructure is not only properly protected, but better protected than before.

Three people were required for the deployment.

We have been able to reduce some labor costs and use our resources more efficiently. These savings of hours per week are definitely a return on investment.

The solution is fairly priced.

I would rate Trend Micro XDR ten out of ten. The solution works extremely well for us. In a healthcare environment, the types of data and the sheer size of the attack surface are somewhat extraordinary. Having the enhanced capabilities of the Trend Micro toolset has been very important to us, and I strongly recommend it.

We have 11,000 users, five acute care hospitals, and around 80 clinics.

Two people are required to maintain Trend Micro XDR for the investigation of threats and incidents. When threat intelligence comes in from Trend Micro or we receive an alert, we validate or respond to it. A lot of this process has been automated, which has helped tremendously.

I strongly recommend Trend Micro XDR and advise doing a proof of concept against any current tool on the market, as it works extremely well and a POC can clearly demonstrate this in a short period of time.