Trend Vision One Endpoint Security Reviews

It serves as a comprehensive solution for antivirus scanning across all endpoints. It facilitates the deployment of the application portal within the access center, ensuring device control for vulnerability protection which enables the implementation of device-blocking measures to enhance security.

It safeguards endpoints by detecting threats like malware or malicious scripts, employing features such as behavior monitoring and machine learning. This includes detecting zero-day attacks and analyzing application behaviors for enhanced security. It delivers excellent products for effectively safeguarding endpoints, utilizing advanced features that enhance protection and mitigate various threats. It is equipped with advanced ransomware detection capabilities through real-time machine learning. 

This detection is not solely reliant on signatures; instead, it incorporates built-in features for proactive identification of ransomware threats, offering an advanced and pre-emptive approach to detection. A single console facilitates cross-layer detection, and access to the central console is necessary for on-premises solutions. In the SaaS-based model, the EDR console serves as the unified interface. 

This single console allows for threat hunting, investigations, incident management, playbook creation, and incident response. It is essential as it provides end-to-end visibility into the entire IT security environment, especially in EDR. However, challenges may arise when dealing with endpoints that contain files lacking signatures or behavior detection capabilities. To address this, a sandboxing solution becomes crucial to analyze and understand the behavior of such files. 

It offers the capability to swiftly deploy updates to endpoints, allowing for the immediate deployment of patches or signature files in response to incidents or attacks. In scenarios with no existing signatures, the support team from the OEM can provide the necessary signatures, and these can be promptly pushed to the Apex One Center. 

Timely updates are crucial for us as they help us maintain security. 

Since transitioning to Apex One, we have observed a notable decrease in viruses and malware. 

Our product now detects threats much faster, leading people to express confidence in the effectiveness of our custom machine-learning capabilities, evident in the significant reduction in detection times. Utilizing an independent cloud has significantly reduced the workload for our staff by eliminating the need to manage hardware, operating systems, and applications. 

Daily tasks such as console endpoint restarts, application protection, and agent communications compliance become more straightforward. The ease of managing these aspects is a notable advantage. 

Moreover, the SaaS solution proves particularly beneficial when customers are unable to provide on-premises infrastructure for applications. Users can effortlessly log in, deploy agents, and manage tasks without the complexities associated with on-premises solutions, which depend on factors like hardware, databases, operating systems, networks, proxies, and other variables.

The standout and highly valuable feature of Apex One is its XDR capability. 

Featuring advanced protection capabilities that dynamically adapt to defend against evolving and emerging threats, Apex One stands out. Detecting ransomware and utilizing machine learning capabilities are crucial features, especially for safeguarding customer environments. 

It stands out as a pioneer in incorporating these features within its antivirus solution. Trend Micro was the first to integrate behavior-based analysis, signatures, and reputation-based detection to enhance protection against ransomware and other threats. 

The learning curve for Apex One is minimal, as it is a straightforward and user-friendly product. The graphical user interface is simple, making it easy to navigate without the need for additional training or complex documentation. 

The terminology and features are presented in a common and basic language, ensuring that anyone can comprehend and work with the product easily. 

Administering it is also a straightforward process. It offers virtual patching capabilities to safeguard against significant vulnerabilities. This involves an active signature-based approach to virtual patching. 

The added value that managed XDR brings to our Apex One deployment is significant.

There is room for improvement in the reporting aspect. Custom-level reporting is crucial for in-depth analysis and its significance is evident in the effectiveness of managing and prospecting products.

I have been working with it for fifteen years.

In terms of stability, Apex has proven to be a reliable product with no reported downtime requirements. In my experience, I haven't encountered any significant challenges. The only instances of the console being down were typically related to database issues, such as log saturation or routine database maintenance.

It's a scalable solution with good performance.

The support has been challenging, particularly when utilizing bots during customer calls, as it often results in ineffective solutions. The primary issue revolves around prolonged resolution times. Even with ongoing follow-ups, cases remain unresolved within the anticipated timeline. The consistent request for logs implies that multiple submissions may be necessary for a potential solution or resolution. Enhancements in specific areas are required to improve the overall support process. I would rate it seven out of ten.

Neutral

Deploying the on-premises solution is a seamless process, especially when dealing with the application components. Apex One or Apex Central is the management console, with Apex One managing antivirus consoles, groups, and parts. Policies can be efficiently pushed through Apex Central. The agent itself is equipped with XDR capabilities for on-premises solutions. Conversely, an additional service installation on endpoints is necessary for cloud-based implementations. The deployment process is relatively quick, typically taking around half an hour

Opting for cloud solutions can provide a more cost-effective and efficient alternative, with fewer dependencies on physical setups and unexpected costs associated with on-premises tasks.

Integration capabilities exist for Trend Micro with its own suite of security products, allowing seamless collaboration. However, integration with Apex One may not be supported regarding other security products from different vendors or OEMs, such as Central One, CrowdStrike, or Palo Alto. Overall, I rate it nine out of ten.

Our experiences involve troubleshooting and resolving problems related to proxy services, contributing to a diverse set of use cases in our efforts. We currently utilize the complete premium suite and have not integrated it with any other security plans. The learning curve for Apex One is minimal; the user console is user-friendly. Effectively using the administrator console poses no significant challenges, and no specialized training is necessary. We utilize Apex One as a service, yet the workload remains consistent.

It is an excellent defense against various threats like malware, ransomware, and malicious scripts at our hospital. Given the numerous open options we have, we still maintain a high level of protection. It functions as a robust barrier, effectively safeguarding our organization from potential risks from the external environment. 

With advanced protection capabilities that dynamically adapt to safeguard our crucial data, it is of utmost importance to us. As a hospital, the significance of our data cannot be overstated, making the robust protection provided by Trend Micro vital for our operations. 

It offers a unified console for comprehensive cross-layer detection, site hunting, and investigation. The console's efficiency is noteworthy, serving multiple purposes seamlessly, and holds significant value for us. 

The singular console offers comprehensive visibility into the entire IT security environment, providing internal visibility as well. This end-to-end perspective has significantly reduced our response time. 

The latest version is particularly effective, delivering a substantial improvement of at least sixty to seventy percent.  The benefits of Apex One are evident, particularly in its enhanced security and overall usefulness compared to other solutions. 

It has proven to be a stable product, with minimal issues over the past few years. 

While it took some time to grasp its full potential, especially in understanding and aligning policies to effectively filter various elements, the initial challenges faced in 2010 have been overcome. Integration and policy-related issues that required about eight to nine months of familiarization, in the beginning, are now resolved, and the product is functioning seamlessly. 

We've observed a noticeable decrease in viruses and malware since transitioning to Apex One, highlighting a significant improvement in the overall strength of our protection. There wasn't a significant decrease in administrative overhead.

The most valuable aspect is achieving zero attacks and zero data compromise. Prioritizing the prevention of zero-day threats serves as the foundational element for attaining the highest level of security. 

The virtual patching capability holds significant importance for us. It enables us to assess the potential impact before implementation. This proactive approach allows us to understand the workings of the patching process without having to wait for its actual deployment, making virtual patching a crucial aspect of our security strategy. 

There is a need for enhancement in certain reporting formats. For instance, if I need information about the impact of a specific virus or a particular email in terms of infections over the past two or three months, the current reporting system lacks this capability.

Currently, I have to manually input the details, generate a report, and then extract the information from the entire Excel sheet. I would prefer an improvement where this filtering capability is available directly in the initial report. 

There are two notable points that need consideration. Firstly, the technicalities of Trend Micro are evolving due to the software's cloud nature. Secondly, as a client, such as a hospital and not an IT-focused organization, we require a more user-friendly approach. Trend Micro should consider simplifying processes for clients like us, acknowledging that not every organization is an IT company. We want to maintain our focus on our core business rather than having to divert attention to IT.

I have been working with it for thirteen years.

I would rate its stability capabilities nine out of ten.

While it has the potential to expand its capacity and functionality according to your requirements, the downside is that the associated cost is higher.

Technical support requires improvement, particularly in terms of providing swift responses and recognizing that our needs are not standardized; instead, they necessitate customization based on our specific requirements as a client. It is crucial for Trend Micro to be adaptable in meeting client needs without placing the burden on clients to customize the product independently. I would rate it six out of ten.

Neutral

The initial setup was complex. It was completed within a duration ranging from eight to twelve months, typically spanning from eight to eleven months.

We previously utilized an on-premises version, and Trend Micro is currently encouraging a shift towards the cloud. However, we are encountering numerous issues during this transition. These problems are proving to be time-consuming, with some taking more than two months to resolve. We implemented it with the assistance of a third party, involving a team of six people. For maintenance, we have a renewal agreement with a Trend Micro partner, and they handle the technical aspects in collaboration with our internal technical team.

The pricing was previously considered affordable, however, currently, it is on the rise due to a new licensing segregation policy. The renewal process has become more complex, and each license is more expensive than before. This situation prompts us to consider exploring alternative products to Trend Micro.

After evaluating various alternatives, we opted for Apex One because of its rich feature set and competitive pricing.

I would advise to conduct a comprehensive comparison, considering not just the initial cost but also the renewal and support costs of Trend Micro in comparison to other companies. From a technical standpoint, it is undeniably a stable product. However, commercially, there are some challenges. Overall, I would rate it seven out of ten.

We are using Apex One as a service. We are in the manufacturing industry, and we are using Apex One on our clients.

I am the administrator of Apex One as well as a user.

I can easily manage all our endpoints from a single console. Apex One is very helpful for us.

Apex One is excellent for defending endpoints against threats such as malware, ransomware, and malicious scripts. We have not faced any issues till now.

Apex One detects ransomware with runtime machine-learning capabilities. It is a very important feature because the main attack these days is ransomware.

Apex One provides us with a single console for cross-layer detection, threat hunting, and investigation. It is important because I cannot go to every APC and scan them and look for notifications. From a single console, I can manage each and every endpoint. We can also manage reports.

This single console provides end-to-end visibility into the entire IT security environment. We can see the percentage of compliance of our PC security. This end-to-end visibility has reduced our response time by 50%.

Apex One is very easy to use. It also depends on the knowledge of the person managing it, but for me, the management of the console is very simple and very user-friendly.

We have seen a reduction in viruses and malware since we started using Apex One. There is about 50% reduction.

We use Apex One as a service. It has helped to reduce the staff's workload. The single console helps to reduce the workload by 30% to 40%.

Its real-time features are valuable. It is in real-time, and it works fine.

We need some features as per our scenario and requirements. We want to manage the policies in the group. Currently, if I am at one location and other users are at other locations, the main problem is that we cannot manage policies location-wise. The policy management should be improved. I should be able to group them based on the location. If one location has four policies and another location has the same policy, currently, I have to scroll the screen to find out the policy as per my location.

If we have 10 locations, such as locations A, B, or C, and each location is separated geographically and has four policies, the total number of policies is 40. If a user from location C wants to manage their policies, he has to scroll the screen and find out their location's policy. If I can group the policies based on the location, it would be easier to manage.

We have been using this solution for the last two years.

It is stable.

It is scalable. It is being used at 10 locations. 

I am satisfied with their support. I would rate their support a nine out of ten.

Positive

We use it as a service. Its initial setup was straightforward.

It does not require any maintenance from our side. Everything is automated.

We had a consultant. We had two people for deployment. There was me and one person from Trend Micro. 

We have seen an ROI. We can save our time, and we can also save our money.

It is a little bit more expensive than other solutions.

Policy management needs to be improved. Overall, I would rate Apex One a nine out of ten.

We use Trend Vision One Endpoint Security to protect our systems from unwanted attacks. Malware attacks, encryption, zero-day attacks, and other threats are all happening in the world today. Therefore, the main purpose of using this product is to protect our systems.

Most of our customers deploy Vision One Security as a cloud service, except for government agencies, which always deploy it on-premises.

The XDR feature helps detect and defend our endpoints against threats.

The protection features can help defend against unknown threats. When an unknown application is detected, we can send information about it to the Vision One Security team for analysis and signature creation, which will be shared globally.

The machine learning capabilities help with the detection of ransomware which is important.

Vision One Security provides a single console for cross-layer detection, threat hunting, and investigation.

Vision One Security provides end-to-end visibility into the entire IT security environment. We can use the added visibility to decrease our response times.

Vision One Security integrates with other security products. When a threat is detected in the network sandbox, Vision One Security can deploy rapid updates to the endpoints. It's important that the solution can identify the threat and provide a rapid update.

Vision One Security has helped our organization by protecting us against unknown threats and reducing our response times.

It uses virtual patching to protect against vulnerabilities before vendor patches are available.

We have seen a reduction of 20 percent in viruses and malware since moving to Vision One Security.

Vision One Security as a service has helped reduce our staff workload by 30 percent.

We used Trend Vision's managed XDR services in conjunction with Vision One Security and they helped with the integration and patches.

Real-time scanning is a valuable feature.

Patch management is an important feature that helps protect our machines.

The XDR feature which provides us with real visibility into our environment is the most valuable.

I would like to have DLP features implemented into Vision One Security. We have a lot of customers asking about DLP.

I have been using Trend Vision One Endpoint Security for almost four years.

Vision One Security is a stable solution. I would rate the stability eight out of ten.

Vision One Security is highly scalable.

The technical support is good but we sometimes experience delays with some tickets.

Positive

We previously used Sophos, but its console was resource-intensive and impacted the performance of our Windows machines. Vision One Security is more resource-friendly than Sophos.

Deployment is complex, and most organizations use scripts to automate the installation process. Each environment is different, and deployments typically take two days to complete.

Vision One Security is expensive but we manage to work with the cost.

I would rate Trend Vision One Endpoint Security nine out of ten.

Trend Vision One Endpoint Security can be challenging to learn due to its extensive features, but it is easy to manage once we are familiar with the console.

Our customers range from small to enterprise businesses.

Maintenance is required for packet releases on the servers.

Many customers are moving to this type of centralized system, and I recommend Trend Vision One Endpoint Security.

We provide Trend Micro Apex One to our customers to protect their endpoints.

The database engine is more efficient than other endpoint solutions and this helps protect against threats.

There are advanced protection capabilities that adapt to protect against threats, and its AI helps detect unknown threats and user attacks.

Trend Micro Apex One detects ransomware using its runtime machine learning capabilities. It can identify suspicious or infected machines and help to remediate them.

It provides a single console for crossfire detection, threat hunting, and investigation. The single console UI provides end-to-end visibility into our IT environment.

Apex One integrates efficiently with other security products. We can connect with the vendor that provides us with the API needed for the integrations.

The learning curve for Apex One is short. The steps required are easy to understand and follow.

Administering it is not difficult.

It has helped our customers by providing many features that help them scan their environments and provide recommendations to improve their security posture. These features include an intrusion prevention system, application control, and a firewall with filtering.

Trend Micro Apex One has helped our customers reduce the number of viruses and malware by 80 percent.

Trend Micro Apex One as a Service has helped reduce staff workload by providing reports that alleviate the headaches of security teams.

The AI and machine learning feature is the most valuable because it helps mitigate threats based on an organization's behavioral patterns.

Some of our customers need to add cache file signatures in Trend Micro Apex One, but it is currently not a supported feature.

Trend Micro Apex One can become the market leader by improving its signature base, patterns, security profiles, engines, and integration with multiple vendors.

I have been using Trend Micro Apex One for three years.

The technical support is slow to respond.

Neutral

The deployment is straightforward. First, we deploy an SQL database to consolidate all of the organization's databases into a single, easy-to-manage database. We then download the Apex One Security Agent to the Apex One portal and install it on the target endpoints. Once the agent is installed, we receive the ports, IP addresses, and IIS names of the endpoints. We then install the Apex One Security Agent on the Trend Micro Apex One site and configure it to scan the agentless operating systems for integration with Active Directory.

Three people are required for the deployment.

From what I understand the pricing is not expensive for Trend Micro Apex One.

I would rate Trend Micro Apex One a ten out of ten.

Our customers in the oil and gas industry deploy Trend Micro Apex One across their environments.

We use Trend Micro One Endpoint Security for endpoint security. We are using the SaaS version of One Endpoint Security. 

I am confident in One Endpoint Security's capability to defend endpoints against threats like malware, ransomware, and malicious scripts. 

One Endpoint Security has predictive machine learning and behavior monitoring, which are essential for endpoint security. Our file scan also scans the memory for malware. Behavior monitoring is particularly effective at detecting ransomware attacks because it can check for unusual encryption methods.

I like the way Trend products integrate with each other. The servers are all tied into Central, which is now integrated into my Vision One console. The on-premises stuff is also integrated with Azure.

We use a single dashboard through The Central to view detections, threat hunting, and investigations. The visibility through the single console is important. When we open the dashboard, it tells us what it has found. For example, I am currently looking at the SaaS version. If I go to One Endpoint Security, I can see all of the agents that are currently connected. It takes a few moments for all of the agents to load. We are currently in a downtime during the summer months. We are a school board, so there are fewer staff members on-site, and not all of the schools are open. We have 12,000 employees and 80,000 students. However, not all of the students are online right now as they would be during the school year. Next Friday, we will have more staff members in the office. When school starts after the Labor Day long weekend in Canada in September, everyone will be back online. Currently, the dashboard only shows 9,140 agents. Last week, it showed 6,400 agents. I have the system set up to remove inactive agents so that the system does not have to constantly scan a bunch of systems that are not even there. I have seen up to 17,000 endpoints on our system.

Vision One is now monitoring my Cloud One workload security and My Cloud Central. This means that Vision One is collecting data from both systems and giving me a comprehensive overview of my security posture. When I open Vision One, I will be able to see visibility into my entire organization. I have configured Vision One to send data to our Syslog server and receive data from our Qualys server. The Qualys server scans my servers for vulnerabilities and reports back to Vision One. I have also set up a service gateway and a workload security data center gateway. The workload security data center gateway feeds data from my VMware ESX servers into Vision One. This allows Vision One to see the real-time status of our VMs, including which ones are powered on, which ones are running the Deep Security Agent, and which ones are still running on my on-prem Deep Security server. Vision One provides me with a risk overview, an exposure overview, and an attack overview. This information includes details about credential access, lateral movement, collection impact, and suspicious mail forwarding rules.

We have our Azure system for Office 365 and on-premises Azure Active Directory also connected to Vision One. This means that Vision One can see all logins to our Azure system and our on-premises AD. I have agents running on our on-premises directory controllers, so this data is also being fed into Vision One. Vision One can also see our Azure domain controllers and our DMZ. I receive alert emails when something serious happens. I haven't received any of these emails since we started using Vision One. However, I receive emails about endpoints that have had files quarantined. The file on the endpoint was too large to move to the main server quarantine, so Vision One just gave me a small error message. Currently, the endpoint protection dashboard shows that out of 19,678 endpoints, agents have been deployed on 13,675. This includes Macs. The dashboard shows one Linux endpoint, which is my service gateway. There are 882 Mac OS endpoints, which is lower than the usual number of 1,100 because not all of them are turned on. There are 12,792 Windows endpoints. The dashboard also shows that 6,003 endpoints have no security protection. These endpoints likely include network equipment, certain Linux servers that are not running Trend Micro software, and proprietary operating systems that are used by our network team and other IT groups. There are also endpoints that are listed in our Active Directory, but they are either turned off or do not have any active systems.

Updates are applied on an hourly basis. If an exploit gets through and an endpoint has not been updated, it will receive the update on the next cycle. The most common reason for an endpoint not receiving an update is a network issue or the endpoint being powered off. Once an endpoint goes online, it is configured to automatically retrieve security updates from the server, or directly from Trend Servers over the internet if the server is unavailable. The first thing the endpoint does when it goes online is update its security patches, signatures, and scan engines. When a detection is made, the endpoint first deletes the file and quarantines it. It then blocks the action of whatever the file was trying to do. The endpoint's virtual patching, behavior monitoring, and predictive machine learning then stop any unusual activity. This may even include an activity that is supposed to happen. We have had members of our ICT department complain that they were unable to install software because the antivirus protection was blocking it. In some cases, we have groups within our organization that are responsible for maintaining their own servers. When they are doing upgrades, they may schedule us to temporarily disable the antivirus protection so that they can complete the upgrade. Even if malware does not get detected by the web reputation system and is downloaded by a user, it may still be detected by the signature-based malware detection system. If it is not detected by either of these systems, it may still be blocked if it tries to contact its master. These master addresses are often common addresses on the internet that are used by bots to communicate with a server that is maintained by the threat actor. If a bot is blocked from contacting its master, it will be unable to function. If we see a large number of bots being blocked, we will investigate the system to see what is causing the issue. In many cases, it turns out to be a legitimate activity that is being blocked by the system. For example, we may have custom scripts running on certain servers that look suspicious to the system. We can manually whitelist these scripts so that they are not blocked. Overall, the system is designed to be overprotective. This is because it is better to block something that is legitimate than to let malware through. We can always fix a false positive, but it is much more difficult to fix a security breach.

I started using One Endpoint Security in August 2020. I learned how to move agents, install software, and get the agent onto the server. I also learned from the documentation, knowledge base, forums, and other users. I found One Endpoint Security to be more difficult to learn than PaperCut because the terminology and concepts are different. PaperCut is just about printing and monitoring, while One Endpoint Security is about cybersecurity. There are also many caveats to consider with One Endpoint Security. I found the scan settings to be particularly challenging. Trend Micro has helpful best practices documents, which I used to learn what the normal settings are for servers and workstations. For example, servers don't need to be scanned for office document exploits because they typically don't have Office installed. I also learned that it's important to balance security with performance. We don't want to scan servers so heavily that it slows them down, but we also don't want to skip important security checks. In January 2021, we changed our policy on security settings. We now tell users that if there are any problems, we will fix them. We would rather have a small problem that we can fix quickly than have to restore a server from backup, which can take days.

One Endpoint Security provides virtual patching, also known as vulnerability protection, to protect against vulnerabilities before they are exploited. Deep Security and Workload Security call this feature intrusion prevention, but it is essentially the same thing.

Workload security now has a feature called Activity Monitor for each endpoint. This is a free version of their Endpoint Basecamp product that is automatically installed with every One Endpoint Security agent. Even if we are not licensed for Endpoint Basecamp, it will still be installed. On the servers, I had to remove the Endpoint Basecamp and then deactivate and reactivate the workload security agent to get the Activity Monitor working properly. However, I am glad that we get free monitoring for our servers, even though we do not get it for our workstations.

The agent program version column in the agent screen, we could never sort by. It's so handy to be able to sort by that now. We can go to one end of the scale to see the lowest agent version, and then go to the other end to see how many are updated to the latest agent.

Microsoft's new Azure Code Signing is causing a lot of issues for us with One Endpoint Security. We currently have two systems in operation, on-prem and SaaS, and many of the agents won't upgrade beyond version B11564 because these newer versions require Azure Code Signing compliance on the endpoint. If we are not up to date with our Windows updates, we don't have this compliance. Irrespective of the Windows version we are running, we have to apply patches to the machines, if the OS is not damaged, to make them compliant. After that, we can upgrade to the latest version of the respective agent. This process also applies to both Deep Security and Workload Security.

I have two production servers: one for Windows and another for Mac. These servers are available in both on-premise and SaaS versions. Additionally, I have a test server that is located on-premises. The significant distinction with the SaaS version is the absence of a test server where I can install a new version. This means I can't allow the agents on it to upgrade and then perform testing. In contrast, with the production SaaS version of One Endpoint Security, I have numerous agents transitioning and coming online. It's essential that these agents upgrade to a newer version. Among these agents, there are five or six different versions, not counting the really old ones that have yet to upgrade due to ACS non-compliance. I can't leave the testing phase for an extended period because I still have outdated agents that need to be updated. These agents can't be left hanging while I wait to test the newest version that has just been released. New versions seem to come out every couple of months in the SaaS environment. In the past, when I solely used the on-premises version, I would review security bulletins for the SaaS version to identify any issues. I'm apprehensive about potential future situations involving this, primarily because the majority of our agents now operate on the cloud version. If a problem is discovered, rolling back on those agents would be challenging. It would require careful operation to revert them to a different version.

The on-premises version of One Endpoint Security has an update function that allows us to manually update a bunch of servers. For example, if I just turned on a policy, I can force the agents to quickly download the policy and start following the update procedure or update settings. However, this function is not available in the SaaS version. This is because the system cannot communicate with the agent through the firewall. The SaaS version has an automatic update function and an update source entry in the update agents sub-menu, but it does not have a way to force agents to update. This is a problem because we cannot automatically update the agents. We have to manually log in to the machines and give them an update command. Currently, we have no choice but to wait until the agents find the updates themselves.

I have been using Trend Micro One Endpoint SecurityOne for three years.

I have the enterprise version, so I can usually talk to someone in the Philippines even during after-hours. I only do this when it's something that can't wait until the next day. If it can wait, I'll let it go until then. But if something is broken and needs to be fixed right away, I'll get in touch with the Philippines team. They have some good people there, and the support is really good. I think Trend's support is probably the best of any of the vendors I work with.

I have a few open tickets, and one of them involves the developers. They keep coming back to me with questions that they have passed on to the service representative I'm working with. The developers want to know why I'm seeing something that they think I shouldn't be seeing. I'm generating a report that is supposed to show me all the endpoints on our workload security server that do not have agent self-protection enabled. This is part of the Vision One report. One of the endpoints that the report identifies is our service gateway. It is running Ubuntu Linux and has a Deep Security agent installed, but agent self-protection is not enabled by default. There is a way to enable it, but it's not typically done for Linux systems. Agent self-protection prevents unauthorized configuration of the Trend Deep Security agent service settings. This means that we can't change or stop the service without first disabling agent self-protection.

Positive

I would rate Trend Micro One Endpoint Security ten out of ten.

My concern arises when an endpoint lacks One Endpoint Security, as we are not actively monitoring for this. While we possess a scanner, this is why I intend to maintain the on-premises system's functionality. I plan to transition away from the deep security system and migrate the application team to the cloud version, although this transition process is currently pending. I need to retain the on-premises One Endpoint Security primarily for assessment scanning purposes. This involves scanning all items listed in our active directory, along with the subnets for our VPN, to identify unprotected endpoints. During a recent scan, I identified nine such endpoints and proceeded to install the agent on them. Occasionally, there are instances where the agent won't install, but no error message indicates a connection issue or existing installation. Some of them show as not having the agent installed, even though they do, which can happen when the endpoint is booting up during the assessment scan and the agent hasn't yet been loaded. Resolving this is relatively swift, although there are instances where devices not compliant with ACS will trigger a message stating that the agent cannot be loaded. These devices are then flagged, and I work on making them ACS-compliant to ensure proper agent protection.

The noteworthy aspect of One Endpoint Security is that we didn't begin using it extensively until the third quarter of 2021 when vulnerability scanning was initiated. Although we had an Central server, we were not using any policies on it. To enable Vulnerability Protection, we needed to implement endpoint policies in Central. Vulnerability protection involves virtual patching, where regular scans check our operating system's vulnerability to known exploits. It also includes monitoring applications for vulnerabilities and guarding against those vulnerabilities until they can be patched. This process is largely automatic, as the rules to counter cyber threats are introduced until the system is patched, at which point they are removed automatically. In contrast, on the Deep Security side, I need to execute this process manually. A weekly automated scan takes place, followed by an emailed report. This report aids in identifying missing policies or necessitated rule adjustments based on scan findings.

We have to constantly monitor the systems to make sure it is okay. I have email alerts coming in from Trend Micro One Endpoint Security, and Central Systems. I have folders for workload security, deep security, and Trend Micro in my inbox. I check these folders even when I'm not online to make sure there are no major alerts. In a way, this gives me peace of mind. As long as the agents are running properly and there is enough memory and disk space, everything is fine. However, I still have to manually check the System Event Log to see if any One Endpoint Securityendpoints are running out of memory or disk space. We also use SCCM. I set up a scheduled script to create a report of all endpoints with less than 1 gigabyte of disk space. I put this report in a folder that is accessible to all of our school techs and team leaders. This way, they can check the report periodically to see if any endpoints need to be reimaged or have some garbage removed from the disk.

We normally use it as an antivirus and antispam solution. We use it to block USB ports on PCs and do other things like that.

By implementing Trend Vision One Endpoint Security, we wanted to block all the USB ports on the computers. That was our first target. We also wanted a centralized system where we could track and see all the computers at the same time.

It is a tool that is required for our company's security. There were some cases when the software brought it to our attention that we received some documents with malware that we should not open. It blocked the threat. It is very important for us.

Trend Vision One Endpoint Security has advanced protection capabilities that adapt to protect against unknown and stealthy new threats. The ability to adapt to protect against unknown and stealthy new threats is very helpful. We do not need to be concerned with some threats because it is blocking them. It is easy for us to track all the changes. We cannot install some of the applications by ourselves. We need to get approval from the top company.

Trend Vision One Endpoint Security can detect ransomware with runtime machine-learning capabilities. We do not need to be very concerned about attacks because the software is blocking them and protecting our machines internally. It also automatically sends reports.

It provides us with a single console for cross-layer detection, threat hunting, and investigation. We can have just one console and one system to track all the attacks and threats we have. For us, it is a matter of opening just one system and not navigating through a lot of systems to check what is happening. Everything is consolidated in one console. It saves time.

This single console does not provide end-to-end visibility into the entire IT security environment because we have another one for web filtering. Apex One is there as an antivirus and anti-malware solution for protection from threats.

We have integrated One Endpoint Security with Active Directory. It saves a lot of time for us. It is a worldwide solution. It saves a lot of time and a lot of work, especially for IT.

One Endpoint Security gives us the track for the attacks, and we can prepare our end users to be alert about the threats. We can also give them training.

One Endpoint Security is easy to learn, but when it comes to administration, it is not the easiest tool. It requires some adaptation to the system. Especially, if we do not use it every day, we tend to forget how to go to the system and obtain all the results that we need. It is average in terms of working with the system. It is not the easiest one.

It does not take much time to realize the benefits of One Endpoint Security. After we install the software, all the information automatically pops up on the console, and we can track everything from there. Because it is integrated with Active Directory, it is an easier way of managing the work.

It provides us with virtual patching to protect against vulnerabilities even before a patch is available for the source of the issue. This virtual patching is important.

It gives us safety. In spite of the training, users can forget and click on something they should not. We need the security that One Endpoint Security provides.

There has been a reduction in the alerts that we see. We still get some alerts, but not as many as we used to have before moving to One Endpoint Security. There is about a 75% reduction in alerts.

One Endpoint Security reduced the workload. It is integrated with Active Directory. It is much easier to manage and be aware of any threats. It has reduced about 85% of the workload.

Trend Vision One Endpoint Security saves a lot of time in configuration and management.

It is updated automatically without much intervention from our side. We can also get some reports easily.

The menus can be more user-friendly or easier. For example, if we want to enable access to the USB ports, it should be more user-friendly. It is not easy. We need to navigate through several menus to be able to give access.

I have been using Trend Vision One Endpoint Security for the last 5 years.

It is very stable. I do not remember any issues with One Endpoint Security over the last year. For us, it is very stable.

It is good. Most of the time, we do not notice any changes or upgrades. For us, it is straightforward. 

We do not have plans to increase its usage by a lot.

I have interacted with them just for updates, etc. My interactions were not a lot on the technical side. I would rate them an eight out of ten.

Positive

We had Trend Vision locally installed, and it was advised by the company to change to the Trend Vision One Endpoint Security. We wanted to centralize the corporate office.

Before that, I used Kaspersky. In a different company, I also used a cloud-based and centralized solution where we could track all the machines. Before that, I used to work with McAfee, but it was not centralized. It required individual management.

I was involved in the local deployment of One Endpoint Security and not the corporate one. We have several offices, and I was just involved in this one. It was straightforward.

It took five days because we had to go to all the computers and implement it one by one, but we did not spend the whole day just doing that. We were doing it in phases and by departments.

In terms of maintenance, we had to change the version. It took two or three days to perform the change.

We had two people for deployment. We deployed it across multiple locations.

Overall, I would rate Trend Vision One Endpoint Security a 9 out of 10. It is one of the best solutions in the market. It gets integrated with Active Directory. It is on the cloud. It provides good protection from threats and viruses.

We were using it for our endpoints. We had more than 1,000 points. 

We were using it for anti-malware, DLP, and device control. We also used encryption, which did not work well, but the anti-malware, DLP, and device control capabilities worked very well.

By implementing Apex One, we wanted malware protection for our endpoints. We also had a requirement for a data loss prevention solution. It was integrated into the Trend Micro suite, so we got three capabilities: malware protection, DLP, and device control. The Trend Micro suite worked for these three use cases for us.

Device control worked as expected. We tried other solutions too, but they did not work the way we configured them, whereas with Trend Micro, it was not difficult.

Apex One was good at defending endpoints against threats such as malware, ransomware, and malicious scripts. In the five to six years that I used it, I did not have a single issue. All the endpoints were protected. I did not have any outbreak or anything else. It was effective.

Apex One had advanced protection capabilities that adapted to protect against unknown and stealthy new threats. It was pretty good. In the reports, we could see the outbreaks mitigated by Trend Micro. It automatically provided an alert.

Apex One provided us with a single console for cross-layer detection and investigation, but I am not sure about threat hunting. As I understand, threat hunting is something that comes under the SIEM solution. I am not sure whether it has threat-hunting capabilities or not. I did not deal with that.

Apex One integrated well with other security products. It was good. We integrated it with our SIEM solution. It was seamless. When a threat was detected, it deployed rapid updates to endpoints. It was very critical. I could see that every two hours, definitions were getting updated.

Apex One has consistently been a good product. It consistently performed well for me. It kept getting updated for any new evolving threats and ransomware. I did not have any issues.

Apex One provides virtual patching to protect against vulnerabilities even before a patch is available for the source of the issue. Because we did not have any issues, we were not very concerned about that, but the feature was there.

Device control works well, and the anti-malware updates are also pretty good. Every two or three weeks, you get updates. The frequency of the release of new definitions is quite good. We had peace of mind.

It was easy to administer. It was easy and user-friendly. When new technicians joined, we just provided access to them. They could efficiently manage it. It was not very difficult to train them.

Trend Micro's encryption is not up to the mark. We tried their encryption product, but we did not like it. Encryption was difficult to manage.

Other than that, I do not have any input. We did not go into XDR. We were planning, but then we moved to another solution. The product is stable, and they should keep working on handling new threats.

I used it for five to six years. I stopped using it three months ago.

It was pretty stable. We never had any problem related to stability, where it was not performing or not updating. 

It is easily scalable. If an organization has 500 endpoints and they are expanding to 1,500 endpoints, the migration is not very difficult. It is easy.

We had a support partner to support us. Whenever there was a technical issue, they helped to resolve it. I never went very deep into it because our partner used to handle the technical support service.

We were using McAfee. We switched because the pricing of Trend Micro was competitive at the time. 

We were happy with McAfee, and we were happy with Trend Micro. We did not have any issues with either product. We did not see any reduction in viruses and malware after moving to Apex One.

It was an on-premises solution. My team and I were involved in its deployment.

It took us about three to four months to completely implement it. We took our time. We first implemented it on some of the machines and saw the results. We then implemented it on other machines. Within one year of implementing it, we could realize its benefits.

We work with a consultant. He supported us with any technical issues. The initial configuration and installation on a certain number of machines was done by the consultants, and later on, my team handled it. Overall, we had seven to eight people who were involved in its deployment.

For managing it, I had two resources for managing servers and different applications. They could manage Trend Micro along with them. I did not have to have a separate resource for it. The same two people could handle it along with their other responsibilities. They were responsible for monitoring, updating clients, and checking the client status. They checked how many clients were updated and troubleshooted the ones that were not updated. They looked at the compliance reports and alerts.

Its price is competitive.

We did not evaluate other options because Apex One was already being used in other groups in my company. They were satisfied with it, and it also had better pricing, so we just went for it. We did not evaluate other products.

It is pretty good. We did not have any surprises. We did not have any kind of attack. Trend Micro provided good protection. It gave us confidence.

It has a lightweight agent. The installation is not very difficult, but the partner should be competitive enough. The product is good. It does not require much maintenance, but you should have a good partner to support you. 

Overall, I would rate Apex One a nine out of ten.