Trend Micro XDR Reviews

I was team lead with incident responses and incident management. We used the solution for that.

We were already using Trend Micro endpoint, NGAV by Trend Micro, and we got that upgraded to the XDR version. There was not much of a change after that. The only good thing about upgrading to XDR from NGAV was, having those real-time logs and network activities in front of us.

My reviews with Trend Micro are somewhere average. I won't rate it as an excellent tool or utter nonsense. I won't rate the two extremes, however, I would say it's in between them. It was mostly fine.

XDR provided a much more deep view into what is actually happening.

The rest of the features were pretty simple. There's nothing glamorous about them, however, it works. Nothing much really stood out amongst what the others were giving and what Trend Micro was giving. They are all pretty typical.

The dashboard was pretty easy to navigate. It was pretty convenient and user-friendly.

Results were delayed. We had all the logs in our hands. We were pretty quick in giving out the results and coming up with a conclusion. Trend Micro was pretty delayed on that front, however.

Their turnaround time or the response to their MDR services was slow. While doing POC, we did MDR as well. They could improve the response time on that. That was my view back then, as it used to take a lot of time to get that case generated, get that case analyzed. In the end, we were more interested in the responses from the actual human analysts. Instead of having a machine-generated thing, we were banking on understanding how an incident is treated and how a response is being given. For us, for example, we were able to do our analysis and come to the same conclusion maybe four or five hours before we received Trend Micro's report. Almost all the results were identical.

There was one feature called Sandbox that I wanted to try on, however, at that time, they had not released it yet. 

Since last August, I have been working with another organization, so I am not sure how Trend Micro has developed within the last ten months.

I was never able to test the live response feature, wherein I could take access, remote access of the infected system, and send some commands to kill the processes, or maybe to grab the artifacts, to triage the artifact. By the time it came online, I was moving to another organization.

We'd like a bit of freedom or flexibility on the portal. If I'm the end-user, and I see something bad which might not be bad from Trend Micro's perspective, however, for my organization, was an abnormal activity.

Executing things via PsExec might be something that is normal for some organizations, however, for my organization, it is a highly suspicious thing. If I want to investigate that, having the flexibility for me to investigate it in a deeper sense would be ideal.

That was something that was not possible at that time. I don't know if they have given more freedom to Trend Micro admins. 

We'd love more flexibility in terms of implementing some of the configurations, estate-wise. That is something that I would have loved to see in Trend Micro.

I used the solution for a month and a half, maybe. Or six weeks.

The response time, the analysis, or the human part was something which was requiring improvement. From the tool perspective, there were a lot of things that were to be released at the time I was using it.

We used to see those on the dashboard. For example, the sandbox. They had a sandbox, just like what CrowdStrike does where you can have a license for the sandbox. You can run those EXEs or whatever files, or malicious artifacts through those sandboxes and get a result.

That was something that was under development, though it was being displayed on the dashboard as "coming soon". There were a lot of features that were to be implemented. It was notified to the end-user as "Okay, that these features are coming in, and we are not sure how long it will take." 

The trend lines were pretty extensive - like a year or maybe seven months, eight months. Those were the timelines for the actual deployment of those features into the dashboard. Therefore, it's hard to speak to the stability of the product.

The scalability is good. It was just a matter of installing the agent, which was pretty easy to deploy via a group update. Scalability was not an issue. The more licenses we purchased, the more systems we could get coverage upon.

There were endpoints plus servers covered. 

We were heavily dependent on them. The reason was, that we had Trend Micro NGAV and we upgraded to Trend Micro XDR. 

Their technical support isn't that great. 

I used to speak with their CSMs quite frequently. They used to take a lot of feedback from us, asking about how things were, as their detection improvement was something which, also we were part of, not directly, however, we had one more team who used to do VAPT.

We used to post those results and say, "Okay, this is what we did. We did not get any alerts from you. We did not get any communications from you. What if this was an active hands-on keyboard activity and we were under attack?" They used to take that feedback. They used to get it implemented. Detection was then pushed in. They were in that development phase. I am not sure how well they are doing right now.

Negative

I've worked with CrowdStrike and Sophos and they provide a much better way to handle things than Trend Micro.

We never had any other tools or other antiviruses, other EDR solutions, that were playing any roles in the infrastructure. We only had ESET, and we were phasing those ESET servers out to Trend Micro. The only tool that we worked on, or XDR that we worked on, was Trend Micro.

The initial setup was pretty straightforward. They had given us one file which we could push through group policy updates. It was implemented throughout the organization. Implementing was pretty easy and it was pretty lightweight.

I was happy about that as it was not a resource-hungry agent which was running in the background, and we could not kill it, we could not limit it. Typically, XDR agents can be a bit resource-hungry, however, this one from Trend Micro was very light. 

I'm not sure how long the deployment itself took.

Our IT team was pretty huge. It was around 30 odd people who used to work on it, however, I'm not sure how many of them were dedicated to working on Trend Micro for maintenance.

We had our internal IT team who we used to do the installation.

The company I worked for did not lose its money as Trend Micro was a low-cost tool. The features which we were getting were justified by the cost. It was not too costly to have those features.

I'm not sure of the exact price, although it is moderate. I'd rate it 3.5 out of five in terms of affordability.

You could get new features with an added cost per license, or it used to be bulk. Having that modularity helped in choosing and protecting our systems, and keeping the cost down. That modularity helped us in the beginning.

We also evaluated CrowdStrike with Trend Micro. CrowdStrike was phenomenal. I have all the good answers for them. If I have to rate them, I will rate each feature four out of five and above since they were that good.

CrowdStrike was too costly for our organization to have, as we had started building the Infosec inside, having Infosec in-house. Previously, it was outsourced.  I was the first person who was enrolled for Infosec.

I was an end-user.

I'm not sure which version we were using it. 

The solution was on the cloud. We were discussing having it on-prem, however, the cloud made much more sense for such a small organization rather than utilizing the resources on-site.

I'd rate the solution six out of ten.

Basically, you use it to check the complete telemetry for the endpoints, cloud network, and email solutions. If you integrate this product with your endpoints and on a third product that is available. It can completely share the telemetry of that. Trend Micro will apply the AI and ML of that. On that, we will get the Workbench. Therefore, it is just helping us to check the attack factor, et cetera, in detail, in a complete view in one single platform.

From the user's end, the implementation is okay. The development is ongoing. 

They are already working on the development and then planning to add new features. They're also fixing the feature request. Currently, there's a feature like remote shell and we can take the Remote Shell of the machine directly from the console with no need to take the machine on the access or IDP. They have enough feature sets out there. 

The solution has multiple useful features. For example, the endpoint Isolation is great. The remote shell has been very helpful as well.

We can directly disable a user account or delete a user account if we find any malicious activity with the domain account. This feature is available and quite useful. One of the most important features is third-party integration. We can integrate our firewall, DAD, and our Sandboxing solution.

There are multiple third-party products we can integrate, and we can transfer that tech there. 

The solution is stable.

It can scale. 

The setup is fairly simple. 

For some time, if you were installing this XDR solution, there is a Sensor. Sometimes we need backend support for some scripting parts. They're applying it from the backend for us. Therefore, there's a dependency on the backend from that point of view. I don't like that feature. The option for deploying the scripts should be available on the platform itself, so there is no need to raise the case with the backend team. 

We'd like to see some security playbooks. Currently, Auto-Remediation is not there. Only Manual-Remediation is there. We have to create a Security Playbook. However, they are just planning to add the Auto-Remediation part.

They are just also planning on adding the Security Playbooks as a complete feature. In the preview mode, it is available; however, it is not released. 

I've been using the solution for more than a year. 

We haven't had any issues with stability. There are no bugs or glitches. It doesn't crash or freeze. 

We can scale the solution. We just have to provide a request to our sales team.

I haven't escalated anything to the support team yet.

That said, the product is pretty new, and if we do get stuck, we may reach out to get clarification. We can raise a ticket and get support within 24 hours. Within one or two days, we will get an answer.

I only work with Trend Micro products at this time. 

The initial setup is very straightforward. We just enable two or three steps to check boxes, and we can deploy this sensor easily. It is very simple. Any user can understand what they have to do within five to ten minutes. It is very easy to understand the product.

We can deploy the sensor on the endpoint on-premises. We can deploy on the cloud as well. The sensor can be enabled anywhere. That said, the platform itself is hosted on the cloud, including Azure.

The maintenance is completely taken care of by the Trend Micro backend team. We don't need to do any management.

I don't manage the pricing aspect of the solution. 

I've recently been looking into CrowdStrike Falcon for a client. 

I'm the implementer. I'm working with the operation, and I'm working as an implementation engineer here.

I'm working with the latest version of the solution. 

If a customer is planning on using the cloud solution, they should definitely purchase this product. That said, if it is on their own device, I would not recommend this product. Also, if you're integrating with anything on-premises, you cannot completely utilize it and will not receive the ROI for this investment. If you are on-premises, it's better to go for EDR, not XDR.

I'd rate the product nine out of ten.

One of the features I like in Trend Micro XDR is that you can drill down on the root-cause analysis for anything you find on the solution. I also like that it works for detection purposes. Behavior analytics is also what I like most about Trend Micro XDR. I love that it has features such as behavior detection, program detection, and memory scanning. By default, the solution protects against spyware, apart from the normal virus scan. Smart Scan and DLP are also available in Trend Micro XDR which I like as well.

A room for improvement in Trend Micro XDR is more visibility into the alerts. We do get alerts from the solution, but when we are away, we need to have more visibility.

An additional feature we'd like to see in the next release of Trend Micro XDR is reporting, particularly RCA reports because those will help us a lot. Right now, we need to log into the portal to drill down the RCA. For example, when an alert comes in, it will be blocked immediately by Trend Micro XDR. We get the message "This has been blocked", but when we want to drill down in terms of where it started, we need to log into the server, do the RCA, and drill down on it. While doing the RCA and drilling down on it, it would be good if we could get a report directly from Trend Micro XDR because that report could help us.

We've been working with Trend Micro XDR for more than one year, and we're still using the solution.

During the first time we used Trend Micro XDR, we had some issues in terms of stability, but later on, everything became stable.

Trend Micro XDR is a scalable solution.

My impression of the technical support for Trend Micro XDR is good.

We compared Trend Micro XDR against CrowdStrike and Palo Alto, but in terms of the features and pricing, we went with Trend Micro XDR. The solution had a really good price and we are getting almost all the features.

The setup for Trend Micro XDR was easy and didn't have much challenges, especially because we have centralized management so it was easy to manage.

The first time we implemented Trend Micro XDR, we had an integrator because we were on Trend Micro Apex One, then we wanted to migrate that existing solution to Trend Micro XDR, so during that time, we needed an integrator for the implementation of the solution.

Trend Micro XDR has a good price, and on a scale of one to five, I would rate it a four out of five in terms of price.

My company evaluated CrowdStrike and Palo Alto.

My company is working with Trend Micro XDR, an advanced version of the EDR solution.

There are around six hundred users of this solution, but only one person required for its maintenance. Normally, my company deploys this agent. There's another tool from where my company pushes this agent to the end user, pulls to the end user system, then scans from this console, then my company gets all the reports.

I would rate Trend Micro XDR seven out of ten.

We primarily use the solution as security against ransomware as ransomware now has become the biggest threat for our customers.

Our central customer had a breach on the ransomware side. Even production is stopped by ransomware - which is why it's so important to protect against it.

The solution has similar features to Sophos. Every parameter security of Trend Micro sends the telemetry to the cloud. Then they try to analyze on the cloud. There's something like Deep Discovery for the sandboxing. Every parameter security will send the telemetry as well to the cloud.

The IPS prevention is great.

It's easy to set up the product.

The solution is stable.

You can scale the product.

It's affordable. 

Trend Micro doesn't have the next-generation firewall. They have the IPS TippingPoint, however, interms of the next generation firewall, Trend Micro doesn't have this as a part of their solution. 

We've been using the solution for three or four years. 

The solution is on the cloud and that makes it pretty stable. The accessibility of the cloud is better. They maintain the uptime so we don't have to worry about it. It's reliable. There are no bugs or glitches. 

The scalability is very good. Once again, being based on the cloud makes it very scalable. Right now, many, many people are using the product.

Most clients will start very simply with the basic functionality, like endpoint security. Then, they will move on to Deep Discovery for the sandboxing. Then they will move to another solution, like the IPS prevention system for the TippingPointing solution. Typically, they keep scaling and expanding to get more options and services. 

Technical support has been helpful and responsive in the past.

Positive

I Have also used Sophos, which does have a next-generation firewall. They are very similar solutions, however.

The implementation process is straightforward. It takes effect in eight days. For the Endpoint solution, it just depends on the number of endpoints that we deploy to customers. If it is small in size, like 50 to 100 endpoints, then it will take between ten and 20 days. If the endpoint number is around 1,000 endpoints, it will take more days to complete the deployment.

Typically, we have five to seven people that manage the implementation process. 

I'd rate the ROI at a four out of five. It offers good ransomware protection.

The pricing is okay. I'd rate it three or four out of five in terms of affordability. They are competitively priced. 

We are partners. We're also partners with Sophos. 

We are using the latest version of the solution. While we still use an on-premises version, most of the solution is now on the cloud. 

I'd advise potential new users to start using the basic check and move up from there. 

I'd rate the solution eight out of ten. 

It is for endpoint protection. It is essentially a modern updated version of antivirus that has more heuristic and behavioral detection components. 

We are using its latest version. In terms of deployment, it is a combination of cloud and on-premises. There is a local install on the endpoints, but it is controlled through a cloud interface.

Its detection rate is valuable. It is really an easy product to install and manage. It is quite effective at what it does, and if needed, it can also be co-managed, which means 24 hours and seven days a week monitoring through a SOC.

There isn't a lot I'd do to change it. The web interface could be improved to sort of make it a little easier to manage multiple clients out of one location. It could also be made a bit easier to sort of manage the licensing side of it.

In terms of additional features, probably the only thing would be a rollback function. They are actually working on it because they're halfway there with it.

It is a new product. We have been using it since they released it. It has probably been about 6 to 12 months.

It is a very good product. I've been working with Trend Micro as a company for probably 20 years. Their products are pretty rock solid.

It is easy to scale. We've got about 150 or 200 endpoints at the moment.

I have contacted their support, and they are very good. Their response time is quick.

It is very straightforward to install. It is pretty clear, and it takes a couple of minutes per device. You can automate that process of rollout as well.

Because it was a new product, I reached out and spoke with technical and obviously salespeople and so on within the company to do some basic training and get my head around it to be able to deploy it. I could've researched that myself, and it would've been fairly easy, but I chose to sort of speak to my company rep and so on. He organized a bunch of short get-togethers with some of their technical staff, which was useful.

It would be nice if it was a little bit cheaper, but I think it has a fair price. It is comparable to others in the market.

It is basically Trend Micro's response to other products in the market such as SentinelOne and so on. I don't know how it stacks up against SentinelOne and others, but I suspect that it is sort of right up there.

Trend Micro is a very large company. They put a lot of money into the development of their products and so on. I would recommend it to others, and I have already been recommending it to others because our clients pretty much are on Trend Micro products. So, there would be legacy ones. To those who are coming for renewal, I recommend moving to XDR.

I would rate Trend Micro XDR about a nine out of 10.

We primarily use the solution for the XDR.

We have integrated this with all of our endpoints. Basically, we are using it for incident response. We have a SOC team here, so we are using it in a SOC and the Workload solution. For two or three months, we have been migrating to Workload Security. It is mainly for incident response.

We are able to observe attack techniques and targeted attack detection. 

We need to explore more on it since it is still a new product for us. 

It is quite advanced, and it can help us protect our organization against threats. The targeted threat detection is great.

My understanding is the initial setup is pretty straightforward. 

The solution has been stable. 

We can scale the product as needed. 

Technical support is helpful.

It is easy to maintain. 

We'd like to see a few more integrations. Specifically, we'd like to see more IOC integration tools. 

We haven't implemented the automation piece just yet; however, we will go through that soon. We just need more time to see how it all works. 

I've been using the solution for six or seven months. 

This solution seems to be pretty stable so far. I haven't come across any issues. There are no bugs or glitches. It doesn't crash or freeze. 

The product is scalable. When we started, we had a few agents and very few endpoints. At this point, we've integrated with most of them. We haven't seen any issues as we've scaled up.

Support has been quite helpful overall. We've dealt with them multiple times, and they have always been helpful. We tend to get the help we need within two or three hours. They ask many questions and get down to solving the problem at hand. 

Positive

I also work with Microsoft Defender. 

We were using OfficeScan and ApexOne as well. 

We decided to work with this product as it had a good reputation.

While I wasn't directly involved with the setup, my understanding is it was straightforward. I do not recall hearing about any complexities coming up. The deployment itself took a few months.

In terms of maintenance, we do get hotfixes every once in a while. It's pretty simple to maintain. 

Trend Micros assisted our team with the setup process. However, it was mostly handled in-house. 

I can't speak to the exact cost.

I'm an end-user. We are using the latest version of the solution. 

The support is pretty good. It is really straightforward. It is very easy to understand, and therefore, I highly recommend the solution.

I'd rate the solution nine out of ten. 

We have about three clients who are running Trend Micro XDR. It can be deployed on-premises, in the cloud, or wherever you want. As an endpoint detection and response solution, it is used to identify attack points that reach even beyond the individual endpoints, such as the network environment itself.

What I like the most about Trend Micro XDR is that the detection and response domain extends to the network. It goes beyond the endpoint and includes data about the network which lets you pinpoint patient zero as well as the root cause of an attack. Thus, it gives you full visibility from end to end. 

In new versions I would like to see better implementation of the reporting features, especially in regards to EDR visibility. However, Trend Micro XDR has only been around for a year or so, so I know it's still being developed and I think it will get more mature given time.

I have been using Trend Micro XDR for about a year, as it is still a new product.

Despite that it's a new product that is still being worked on, it's a stable product overall. There aren't any major problems with it.

So far it has been scalable to our needs.

Their support is good. 

The installation wasn't too hard. It's obviously a bit more difficult than installing something like Microsoft Office, because it's a security product. But in comparison to other security products, it is not that difficult.

It did take a little bit more time than expected to get it all set up, but that was primarily because it's a new product and our guys aren't as experienced in it as they would be with similar products. I would guess it takes about 20% longer than the rest, but that's only due to the learning curve.

In our case, maintenance of Trend Micro XDR in general requires around two engineers, because it's a bit more complex and you will need more configuration done than what you would do on a single endpoint.

We have an annual subscription and I believe there is no option for monthly billing at the moment.

While Trend Micro XDR is still new and can be rough around the edges, I would like to emphasize that it is a good product and it's working fine. I can definitely recommend it.

I would rate Trend Micro XDR a seven out of ten.

Everybody is working from home, so we wanted to ensure that there was an additional layer of security put into every end product. Since we were using the Trend Micro antivirus and antimalware, we wanted to upgrade it with the XDR as well. We did that about nine months ago.

Trend Micro XDR is stable, scalable, and reasonably priced.

The product needs to have a lot more maturity, and they need to improve the overall technical support framework for getting the value out of XDR.

They need to improve their overall market presence and make sure they are bringing value for the company that is spending money on them. From the business side, there are a lot of areas for improvement, like improving their business relationships. That will help them increase their customer presence as well.

I have been using Micro XDR for nine months.

The solution is stable.

The solution is scalable.

Technical support is not good. Their technical team should be more competent. I have reached out to their product manager, but they weren't very responsive. They need to improve their own technical competency in terms of supporting customers with complex environments because our environment is very complex. The product is not that user-friendly for the complex environment.

They are doing the hybrid environment, and that is where the complexity goes up. Earlier, it was halfway on-prem and halfway to the cloud, and that was causing a lot of issues. That is when we decided to have everything migrated to the cloud. Post-migration to the cloud, the complexity has reduced significantly.

The price is reasonable. It's not exorbitant. CrowdStrike and other players are on the higher side.

I would give Trent Micro XDR a 5 out of 10.

I would not recommend it, but in a situation where somebody has already invested in antivirus from Trend Micro, then it would be okay to go for Trend Micro XDR just to ensure that you are extending the platform. But if somebody is evaluating everything from scratch and looking out for something fresh, then I would not recommend Trend Micro as a go-to-product.