Trend Micro Deep Security alternatives and competitors

We deployed the solution for a client for both Windows and non-Windows servers.

They didn't want to have a complete prevention feature. They were using it for any anomaly detection on the critical host and for complete system lockdowns for a few of the database servers.

The beauty of the product is the complete system lockdown feature. It ingests all the logs over a month, including the daily processes, tasks, legitimate users, and activities. The tool will then detect any anomalies, such as an intruder who has breached the network, which can trigger the system lockdown feature if it's enabled and meets the defined threshold.

The prevention feature, for which we could restrict the users, is useful. Let's say there were one Lotus Notes or there was one Domino server that had the directory of all the email users in the organization, and there were around 40,000 users with email accounts in that particular customer location. Apart from a few on top, for example, trusted administrators, no one in the organization should have access to be able to change anything. Even the server admin owner who has created that server cannot do anything and cannot apply a dot or delete that dot from the directory through this particular tool.

We configured it in such a manner so that, apart from those five administrators, no one from the entire organization or an attacker will not be able to make any changes in the directory itself. They cannot spoil it, and they cannot use the information. Even the read access of that particular directory can be revoked from an administrator. 

The negative aspect of that particular product is the fact it has a very, very, very complex policy structure. A user or administrator making the policy in the DCS should have a very thorough knowledge of the operating system or policy making. You have to be very specific about the data structure.

If you want to secure a Linux server, an administrator should be very confident about how the directory structure of Linux, how Linux works, and where it puts the important logs. You have to be very cautious about the complete path, and you have to write it over there in the policy part. If you are not very specific, there will be a lot of noise in the system. You're going to receive thousands of events that are false positives. The fine-tuning of the policy is a very complex thing in the DCS itself. 

Another negative aspect that I have observed is if the product gets installed on the kernel level of any non-Windows server, it has some issues, comparability issues. Sometimes the product doesn't work properly, so it shuts down the machine and crashes the system. There are many cases in which I've observed the DCS crashing the system.

I've worked with the solution for approximately four years. 

It's not stable. You install this particular product to secure your most critical assets of the organization, and if this particular product is not allowing them to work properly as they're intended to, it shuts them down or can corrupt their Kerberos files. Every time we reach out to Broadcom or Symantec, they say, "Please share the kernel K dump of that, the kernel level dump of that particular machine." After checking, every time, they give us the same answer: "You have to upgrade the version of the product." 

If you are using an RHE machine, Red Hat Enterprise Linux 7.1, and you have installed a DCS agent, after applying some patches or if you find that particular server has vulnerabilities, you need to upgrade to another version. However, it might be possible that a particular version of the agent is not compatible with the RHE server. It can eventually bring that server down. That's a major negative aspect of this product.

I'd rate the stability a two out of five in terms of its reliability. For Windows, it works well. However, for non-Windows options, it is not stable. 

The scalability is unnecessary as it provides you with all the out-of-the-box features. You don't need to look for another type of scalability apart from what they offer. You don't need to scale or add anything. I'd rate the scalability three out of five.

The company has 40,000 users and five admins.

Technical support is decent enough. that said, I found that many of their good engineers or engineers from the BlackLine team have already left the organization. There were a few people I was working with since 2015. Since this Broadcom has taken over, the support has deteriorated. I would not recommend the support. 

Neutral

Now, our customer is moving away from Symantec Data Center Security, and they have the license of Trend Micro Deep Security. That particular tool also has HIDS features within it. Since it's a lightweight agent, it does not crash any production server, so they want to replace the existing solution Symantec solution with Trend Micro Deep Security. However, Trend Micro Deep Security lacks full system lockdowns. It, unfortunately, allows a user apart from the administrator to make the changes over the critical server.

The product installation is straightforward. However, the policy configuration is highly complex. For the initial deployment, I rate the tool five out of five in terms of ease of setup.

the deployment was very easy. It typically took 20 to 25 days, and that was due to the fact that we had dependencies on other teams. We depended on the SQL team to create a particular instance of SQL DB. We depended on the network team to provide the IP address and open the ports on the firewall. Due to dependencies, it took around one and a half months. 

The post-installation activities that require PCs and which require some policy testing, configuration, and agent installation, took more than six months.

Since we were running 24/7 operations, I cannot commit how many people were required from beginning to end.

Maybe in another organization, the customer could easily provide the product on time - if they have redundancy or a well-established HA network. At least four associates are required for the deployment part and policy configuration, and you have to monitor the events daily as well, eventually. There would be a lot of events.

We're providing maintenance for the company currently. We have two people responsible for maintenance tasks. 

I handled the installation and deployment myself alongside the OEM.

One person from Symantec was aligned with me. That said, the post-installation activity required the complete team. Every day, we had some downtime. Every agent that needs to be deployed on the critical servers required downtime. They had to reboot the server, pre-installation, and post-installation. 

That is something that affects the customer; you don't get downtime very easily from the customer. That's the main challenge we were having. 

I'm not aware of the licensing costs. I do not handle the financial side of the product.

We looked at a few OEMs like McAfee, Symantec, and Trend Micro. Out of those products, we chose Symantec Data Center Security. 

We are just a customer.

I rate the solution six out of ten. 

If you are a customer, you need to have a dedicated team who can maintain the product with the operating system upgrades. Otherwise, you will be facing some consequences.

You have to plan for the upgrade of the DCS tool first eventually. If you can plan out several reboots and maintenance of that product, and you have those admins who have a deep knowledge of the operating system, then this tool is very useful. It will go very well with the organization. 

However, if you are a user who doesn't have that much technical knowledge of the operating system, you don't have any dedicated team, and you want some automation and require no physical effort required to check the logs, you'll have issues. You'll face a lot of problems and noise, and you will not be able to configure the policies according to the requirements. It will not be a good product for you.

We offer this solution to financial institutions. It complements the infrastructure of Cisco, routers, switches, and endpoints. 

This is part of the suite of solutions that we offer.

The solution is very user-friendly, which clients appreciate. 

The UI and GUI are fine.

It's stable. 

We can scale the product.

Technical support is helpful and responsive. 

I'm in pre-sales. I have no technical complaints in regard to the product.

The integration could be better, especially with different types of solutions.

I've dealt with the solution for about ten years or so.

The stability is good. There are no bugs or glitches. It doesn't crash or freeze. 

The product can scale well. 

Technical support is good. We are satisfied with their level of responsiveness. 

Positive

I also have experience with Trend Micro. 

Trend Micro's just a niche solution. Cisco has more capabilities

The solution's setup process isn't too easy or hard. It is moderate in terms of ease of implementation.

It's best to have one to two people available to handle deployment and maintenance. Even though one person can handle the process, it's good to have a backup if they go on vacation or take PTO. Usually, engineers can handle any task. 

We don't really look into ROI.

We are Cisco partners and resellers.

Normally, we deal with the most up-to-date version of the solution. It's typically a requirement of the client that we provide the latest.

I'd advise potential users to watch some webinars in order to understand the tool. Normally, we offer these solutions with training. That paying a premium for a new tool is always very good advice.

I'd rate the solution eight out of ten.