Share your experience using Crystal Eye XDR

The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.

Use our online form to submit your review. It's quick and you can post anonymously.

Your review helps others learn about this solution
The PeerSpot community is built upon trust and sharing with peers.
It's good for your career
In today's digital world, your review shows you have valuable expertise.
You can influence the market
Vendors read their reviews and make improvements based on your feedback.
Examples of the 83,000+ reviews on PeerSpot:

Hassam-Uddin - PeerSpot reviewer
System Administrator at a financial services firm with 10,001+ employees
Real User
Top 10
Provides a centralized dashboard, protects older servers, and reduces our time to detect
Pros and Cons
  • "The zero-day vulnerability is valuable."
  • "The automation capabilities on-premises could be improved, as we currently have to manually activate servers and push policies."

What is our primary use case?

We use FireEye, Microsoft Defender, and Trend Micro for our endpoint solutions. Trend Micro.

We implemented Trend Vision One because we have many production servers and wanted to secure all endpoints.

We are planning to move our XDR to the cloud, but all of our production servers are currently on-premises. 

How has it helped my organization?

Trend Vision One's ability to cover all our servers is important because we can detect and quarantine any vulnerabilities as well as block and isolate third-party applications from being installed on our servers.

The centralized visibility empowers us to monitor and manage all our servers from a single console. This includes generating reports, deploying security updates, and identifying offline or outdated servers.

The centralized visibility and management across protection layers have helped increase our efficiency. We receive alerts and make changes all from one place.

Trend Vision One helps us protect our servers, specifically our older servers that are not supported by Microsoft.

It has reduced our time to detect by 50 percent.

Trend Micro XDR has reduced the time spent on false positive alerts by up to 40 percent.

What is most valuable?

The zero-day vulnerability is valuable. As end users, we may not be aware of exploitations and Trend Micro makes suggestions to update to protect our endpoints from attack.

What needs improvement?

The automation capabilities on-premises could be improved, as we currently have to manually activate servers and push policies.

I would like the uninstall process of agents to require two-step verification.

For how long have I used the solution?

I have been using Trend Vision One for ten months.

What do I think about the stability of the solution?

Trend Vision One is stable.

What do I think about the scalability of the solution?

Trend Vision One is scalable.

How are customer service and support?

The technical support is good but we sometimes face delays because they will only respond to our partner who then relays the information to us.

How would you rate customer service and support?

Positive

How was the initial setup?

The migration from on-premises to the cloud allows us to access the cloud and on-premise servers from the cloud. The migration is not complicated but some rule-based ports require a lot of approvals and assistance from our network team.

The migration can be done in a few hours if all the ports are available.

Two people are required for the migration.

What about the implementation team?

We used a third-party service from JVS for the migration.

What other advice do I have?

I would rate Trend Vision One a nine out of ten.

For the on-premises deployment, maintenance is required because we have to manually check the connectivity of the agents. One person is required for the maintenance.

I recommend Trend Vision One, especially for older servers that are not supported by some other endpoint solutions.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
AndrewAdams - PeerSpot reviewer
Cloud Security Engineer at XSOLIS, LLC
Real User
The observed attack techniques feature lets you see what an attacker is doing or how malicious code is operating
Pros and Cons
  • "I like Vision One's observed attack techniques feature. It lets you see what an attacker is doing, how they have tried to exploit a machine, or how malicious code is operating. It helps us discover indicators of compromise so we can write better rules for detection."
  • "We've received some mild complaints that the documentation is sometimes not up to date."

What is our primary use case?

We use Vision One for antivirus, endpoint protection, and identifying misconfigurations in our cloud platform. It secures our servers and endpoints and detects any sort of malicious software or inappropriate user behavior. It's a cloud solution with agents on the machines for endpoint protection. 

How has it helped my organization?

Vision One gives us more insight. When we implemented the solution, we didn't have a mature security platform, so we couldn't see what was happening on our servers or what our users were doing. It has decreased our time to detect and respond. Initially, we didn't have as much insight into any attacks that came through. It gives us more data points to work with and guidance about the remediation efforts. We aren't dealing with eight or nine different systems to identify one issue. It's all centrally located in one place.

Their managed XDR service acts as our security operations center. It helps us sleep a little better at night. We know that they can call us on the phone when a significant alert comes in after hours. It makes things more efficient because we know there's someone on the other side who can look at alerts for us and at least do the preliminary analysis if anything comes in. Multiple teams are notified when an alert comes in. We can allocate security resources more efficiently and plug more data sources into the Vision One platform. We don't need to dedicate personnel to continuously monitor the dashboard because we know someone is looking at it with us.

The platform has allowed us to identify blind spots and see where there are holes in our network. It suggests remediation steps in many cases.  There is typically a link in the documentation. That has been a significant benefit because it tells you what to do. For example, it might suggest running a command in the terminal to identify the issues or take x output and put it into y input. 

The solution reduces the time spent investigating false positives by around 65 to 75 percent. For example, when we are pushing out custom code, the workbench tells us the risk level. If it's 70 or higher, we check it out. At 69 or lower, it could be a false positive, so it might require some poking around. It gives us enough data in the alerts that anyone who knows the system could say, "Oh, that was me. I was running patches," instead of checking nine different systems to identify what triggered the alert. It's all there in the alert, including the hashes, commands, impacted web files, etc. We can instantly dismiss it as a false positive and flag it as resolved.

Vision One's playbooks help us save time but I can't say how much because we're still maturing those. For instance, we know what those patching commands look like, so we're working on a playbook to automatically ignore or close those false positive alerts as they come in. We're still trying to fine-tune those playbooks. 

What is most valuable?

I like Vision One's observed attack techniques feature. It lets you see what an attacker is doing, how they have tried to exploit a machine, or how malicious code is operating. It helps us discover indicators of compromise so we can write better rules for detection.

Migrating to the Vision One platform helped us because we no longer need to look at eight different screens to find data. It's all just consolidated into one location. Having everything in one place is critical. I've been in the industry for almost a decade now, and it's a struggle to find that single pane of glass for all my alerts, logs, and anomalies like random users clicking on a link or downloading a file. It's nice to have it all in one location. Having centralized visibility saves the time we would spend checking various systems to look for things. I can also correlate data points more effectively and make data-driven decisions about the remediation and mitigation of any internal or external threats discovered.

The executive dashboard is nice. It's consolidating all of the tools into the Vision One platform, giving you a high-level overview. Executives love dashboards and pretty colors. The ability to drill down into XDR detection from the executive dashboard his handy. I don't have to go fishing. We get an alert that says a machine did X, and I can fire it up. It's on the dashboard, so I can click on that machine, and it lets me drill down into the logs. It cuts down on the time required to do any kind of forensic analysis on anomalous alerts or behavior. 

The Risk Index gives you an overview of the risk and how it compares with others in your industry. It's nice to be able to quantify the risk, and it enables you to justify the spending on these tools to your executives by showing that it pays off. Also, if we start plugging in more data points and the risk score goes up, we can conclude that there are some issues with the new data source that we just hooked up to our platform. The goal is to have a risk level of zero, but that will be hard to achieve. 

What needs improvement?

We've received some mild complaints that the documentation is sometimes not up to date. 

For how long have I used the solution?

I used Vision One at my last job, and I brought them on board when I joined this company, so I have been using the platform for about two years. 

What do I think about the stability of the solution?

I haven't had any issues with stability. 

What do I think about the scalability of the solution?

We run several different AWS accounts, and Vision One keeps up pretty well. I haven't noticed any downtime, lagging, or crashes.

Which solution did I use previously and why did I switch?

They were using something else, but my team wasn't in charge of it. Vision One offers a more mature platform. I had used it at my previous job. My boss brought it in because we had both worked with Trend Micro in the past. We know the platform and the engineers. 

How was the initial setup?

Deploying Vision One was relatively straightforward. We were on the legacy platform. They had written a script, so all you had to do was hit the play button. We recently moved to their all-in-one VisionOne platform, which was super simple. The deployment team included two on our side and two on the Trend Micro side. Their engineers hopped on a call and walked us through the process. The setup process primarily entails deploying the agents globally. 

What's my experience with pricing, setup cost, and licensing?

Trend Micro's licensing is fair. 

What other advice do I have?

I rate Trend Micro nine out of 10. This is a SaaS product, so you can do a trial period. If you like it, contact their sales people and try to develop a good relationship with the company. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate