Trend Vision One Reviews

It's a perfect tool for monitoring infrastructure, including endpoints, servers, and potential attacks via networks. That's especially true for internet-visible hosts, which we can monitor directly from the tool.

We had problems with users not using legitimate tools, such as pendrives. We needed to protect hosts from external threats and third-party actors. That included monitoring behavior, scanning our infrastructure, and exploitation of vulnerabilities.

The solution has enabled us to completely reorganize our work. I was the first person using this tool in our company, and I completely changed user behavior to become more restricted. In Poland, but also in the United States, we are very strict about abnormal usage of our tools or attempts to download tools that shouldn't be on desktops, laptops, or servers. From my point of view, we are now a completely different organization than when I joined it. Trend Micro is one of the most important security tools we have implemented.

We don't need to use an external vulnerability scanner because Trend Micro XDR has a module for that, and we can save that money.

Trend Micro's Managed XDR is quite nice because I can manage more than 2,000 endpoints. I use the playbooks with particular scenarios for incident management. It's a very nice tool. It competes with anyone on the market. Sometimes, when we detect some kind of threat and we have no idea how we should investigate, troubleshoot, or mitigate the risk, we use the managed service team with Trend Micro engineers. I'm very happy with this team. They are very good professionals.

We respond much faster thanks to the intelligence used by Trend Micro. They have very good knowledge because they have many threat sources. That is why we are reacting much faster than we would if we had to dig deeper without that knowledge and this tool. It would be absolutely impossible to manage this infrastructure by a single admin or even two security admins. We are able to detect and respond about 80 percent faster. It's not only the monitoring and alerting for classic signature threats; there is also a tool for monitoring user behavior. It would be utterly impossible to find abnormal user behavior without this type of tool.

And we have mitigated most of the false positives—more than 90 percent. About one out of 10 alerts may be a false positive. In the beginning, we had to learn about Trend Micro, what was a legitimate action and what was a suspicious or malicious action. We had to learn what the right approach was.

This product is simple to use. Sometimes, especially when new features come out, I need to spend a little bit of time discovering how they work. But overall, it's simple. The interface is quite nice.

The integration is also nice because there are many external tools that we can connect to the platform, such as configuration management tools. Because the platform is integrated, I can manage almost the whole company across our global organization. I can almost manage the infrastructure alone. We have minimized the need to expand our team.

It also handles vulnerability management.

We use Trend Micro to cover endpoint protection and server protection. That's one of the key points for our company. And Trend Micro Vision One absolutely gives us centralized visibility and management. Especially when we integrate it with Active Directory, we get full visibility of our endpoint and server infrastructure. That is very important; a 10 on a scale of one to 10.

We also use the solution's Executive Dashboards. We present the findings in steering committees periodically. Sometimes, there is a repetitive alert or event. Directly from this dashboard, I can see the groups of this type of event. For me, it's quite a nice tool for presenting the results to the C level and the whole company for those who are not technically experienced.

And especially because of the new European regulation called NIST 2, we are using the solution's Risk Index feature. We calculate our risk score and we can see how it is changing in the timeline. Is it growing? Is there a new vulnerability detected? We can also compare our risk score with organizations of the same size or in the same industry and see if we are better or worse.

The area for improvement is mobile security. We have just finished a proof of concept for Zero Trust Secure Access. We withdrew from this PoC because it does not have that many points for proxy across Europe. Our organization is across Europe, and it will be nice when it is possible to have Trend Micro proxies across many more countries. At this time, they are only located in Germany and the UK. For us, it's not enough. We are waiting for them to increase the points of contact, and after that, we will return to this project. 

From my experience, it was quite a nice tool, and I could manage almost all of the actions that I could not manage in a traditional way. Traditionally, I could allow or block usage of an application. But using the Zero Trust Secure Access tool, I could manage the schema of the usage. I will wait for this tool to change in the next few months.

I have been using Trend Micro XDR for almost 20 months.

It's a stable product. We haven't detected any issues other than the false positives, but that's normal.

We use it in multiple locations because our company is spread across Europe and Asia, as well as the United States and Canada. We have more than 2,000 users, and the solution covers 400 or 500 assets.

If our company were to increase over two to three months to 10,000 users, it would not be a problem. We have the ability to extend as we scale our users. It's very simple and absolutely flexible.

Their technical support is nice. On a scale of one to 10, it's a 10. They respond fast using email, phone, and the customer service portal.

Positive

I used competitors' tools, Secureworks, as well as Carbon Black. These are nice tools, but they are very heavy to implement and heavy on daily operations. Trend Micro is much better, much more flexible, and I have much more visibility. It is a cost- and time-saving tool.

Our deployment is a hybrid. We have advanced our implementation a lot. The first implementation was only one of the features called OfficeScan. That was a few years ago, and the implementation was in the United States. After that, we moved forward with the implementation across servers and endpoints, including Mac and Microsoft endpoints.

The whole project took about three months, with the custom discovery and the fine tuning. We had two people involved, one in Europe and one in the US.

Sometimes, maintenance is required if there is a new feature. It needs to be restarted. But this function is done by Trend Micro engineers because we are using the XDR in the cloud. We don't touch it. There is maintenance on our side for Deep Discovery because that part is an on-prem solution. But it's simple to manage.

They are implementing new tools, like Trend Micro Apex One and DDI. They are ready for implementation on the console, and we are waiting to transition to these tools.

For the new features, I prefer doing a proof of concept, like we did for the Zero Trust Secue Access platform. That was a good move because we saved time when it came to resolving issues on the user side. We had a few users in every department, and we tried to discover what would happen if we implemented this tool. That is my approach to being safe with such products. We can do things without any technical training and can disconnect users around the world using one switch. For new features, I'm a big fan of using a proof of concept.

Our biggest security challenge was the number of alerts. It has helped with the reduction in alerts. We had too many alerts in the past that were false positives. The reduction in alerts was definitely a big benefit to us.

With Vision One, we have a platform view and all alerts go to one place. It gives us a much better understanding.

We definitely have better visibility. We can now detect things that we could never detect in the past using traditional AV platforms. That is definitely the biggest benefit. The second one is the risk score where we can see where the risk is in the business, and we can actively call and address it.

We use it on all of our endpoints. We use it on our cloud, on our email, M365, SharePoint, and OneDrive. We have been using it pretty much everywhere.

Vision One provides us with centralized visibility and management across protection layers. It is critical to us. Without it, our staff has to work harder because we are in multiple dashboards, and we do not have a giant picture between the systems and the security layers. Vision One connects it all together for you, and it can show us an attack from start to finish. It allows us to defend that much better.

Vision One has definitely increased our efficiency by reducing the number of alerts and correlating them. It is almost impossible to put a real number on it, but we definitely see things that we could not detect without it. There is probably 50% efficiency.

We use the Executive Dashboards. It is important to us that we can drill down from the Executive Dashboards into XDR detections.

We use the Risk Index feature. We look at the highest risks to the business, and we actively address those risks. There is a little bit of gamification with it. We have engineers looking to reduce the overall score of the business. They are targeting the biggest risks that Vision One has given us and that are most likely to be exploited. By addressing that, we reduced our risk score, and, as a side effect of that, we improved our business' security posture.

We use the Attack Surface Risk Management capabilities. We can see what is being actively exploited in the wild, and if we see some of that in our perimeter, we are going to do that straight away. We have full visibility of what is vulnerable, which allows us to prioritize.

Trend Micro XDR has helped to decrease our time to detect and respond to threats. With the combined visibility of Vision One, we get a lot of better-quality reports. In the past, with products like SIEM, we used to get a lot of noise. We would get thousands of alerts that were never risks to us, whereas XDR is all joined together. It gives you a much more confident data set, and from our data set, we can then start addressing the real risks to the business, which we have never been able to do in the past. It is the primary driver for business change. We get great visibility and high-quality alerts. We never measured the time to detect in the past, but I know that we are now detecting things within an hour or so, whereas in the past, it might be in hours if not days. We would have never detected some of the things in the past because we did not have a tool to do it.

Vision One has helped to reduce the amount of time we spend investigating false positive alerts. It has saved a lot of time. Traditional tools give you completely out-of-context alerts, which take time. We had thousands of alerts to look at, but 99% of them were just false positives. People sat on those alerts all day long that were never going to be an issue for us. When you get an XDR and Vision One in place, you start getting good-quality alerts. It just frees up countless amounts of time, but I cannot give a number.

We use its automation capabilities. Some of the playbooks have saved us days. They have taken action without the security being involved. 

It is definitely the center of our detection and response these days. We are seeing things that we have not seen before or never detected with other tools. It has made us far more aware of what is on our estate. It provides better visibility and allows the threat detection team to stop anything that might even be a suspect well in advance. It has definitely improved our response times.

I like the workbench. It is a view of all the alerts or problems in your estate. The visibility that it provides to engineers is very useful. It is one thing having lots of alerts. It is another thing to have something to correlate all your alerts into a workbench for you so that you can see what is going on. 

Integration is very good. There are lots of integrations. There are third-party products that we use, so the integrations are beneficial.

Within five minutes, even a new engineer can understand how to use it. It is very intuitive. You can easily learn how to use the platform and get the most from it. 

It is very good. It is very simplistic to learn. It is very intuitive to learn. We do not spend a lot of time training the staff on how to use it. They can just pick it up and use it themselves quite well.

On the reporting side, we use quite a lot of reports and dashboards. This visibility is very beneficial.

Playbooks are very good, but on the automation side, they could always improve. Having more variables within the playbook would be useful. It would allow us to have more refined playbooks for the business. It would allow us to take stronger action through a playbook. It will give us confidence to target a particular area of business where our risk tolerance might be higher or lower. We would like to have more granular playbooks.

Further integrations with other products are always beneficial.

I have been using it for four years.

It has never been down for us, so it is very stable. I would rate it a ten out of ten in terms of stability.

We have never had any scale issues. It has been absolutely fine. I would rate it a ten out of ten for scalability. 

Their support is great. Whenever I have called them, the support teams have always been fast to respond. They are always helpful and willing to talk by email, phone, or WebEx. The escalations are always good as well. If we need further support, they are always there to promote that.

I would rate their support a ten out of ten. I do not think it can be improved. It is excellent.

Positive

We had a SIEM from LogRhythm. We almost replaced that entirely. We went for Trend Micro for a lot of reasons. The product was definitely the number one reason. It went through some rigorous testing with us, and we proved it to be very good and helpful to the business. Trend Micro's support model from their sales and delivery and their pricing model just worked for us. They were a good fit with our business.

Deployment on the cloud is always easy. Deploying the agents to the endpoints can take time due to the size of your estate, but it is not a Trend Micro issue. It is purely down to the size of your environment. If you have 1,000 endpoints, it is not going to take as long if you have 100,000 endpoints. It is just a bit of a scale thing. You have got to deploy it out. It is not the worst deployment we have ever seen.

It is fairly straightforward. Cloud-to-cloud gets done in minutes. With all such tools, it is always about how long it is going to take the IT team to deploy the agents to all of their endpoints. It was not a massive issue for us.

We spent a few months getting it working.

We had about four people for implementation and maintenance. We had about 11,000 endpoints. We have offices around the world. We have the UK, India, Canada, Australia, and many others. We have a full global team there. 

In terms of maintenance, the cloud does not require maintenance. The rest of it is about looking at the agents in terms of how the agents work, how they are deployed, and whether they are doing what we are expecting.

We do not calculate return on investment as such, but we have detected things that we may never have detected in the past. Those things could have turned into an actual real attack. We have probably saved far more than the cost of the system by not having an attack. The cost of being attacked, being exploited, having downtime, and reputation damage would be huge. It easily pays for the product.

It is definitely not cheap. I do believe you get what you pay for to some degree. It is cost-effective. The money we spend on it is justifiable. It is not the most expensive product in the market. It is definitely not the cheapest product in the market. You have got to weigh that off as part of your business risk and understand what the risk to the business is if you do not spend and invest in modern tools like Vision One.

I would definitely recommend this product. We would not be without it. I would definitely recommend doing a proof of concept in your environment. Once you have done that, you will realize the value of it, and once you realize the value of the tool, there is no going back. You would have to purchase it.

I would rate Trend Vision One an eight out of ten. They have room for improvement, but that is not at all unusual. It is still very good, and we would not want to get rid of it any time soon.

We use the solution for event correlation.

We are deploying a server inside our network to use it as a data collector.

The solution provides all the information in only one dashboard. We have integrated with Lumen, NETSCOUT, and other MDM products such as Microsoft Intune and ManageEngine MDM. We have also integrated Chrome with VisionOne.

The login system could be improved. We must pass two different dashboards to log in to the solution. We have a second-factor authentication. We need to check the platform, which delays three or four minutes because of logging, checking email, and returning to the platform. If you multiply the entire team, we lose a lot of time daily.

I have been using Trend Vision One for two years.

I rate the solution’s stability an eight out of ten.

I rate the solution’s scalability a nine out of ten.

We have used Symantec before. We switched to Trend Vision because Symantec cut off support for Windows XP. We still have Windows XP in our environment.

The initial setup is easy because our assets are in interactive directory.

We’ve seen ROI because we controlled a malware attack in our network with Trend Micro two weeks ago.

We have tried other malware solutions. We chose Trend Vision because it supports Windows XP.

Overall, I rate the solution a nine out of ten.

Normally, we use the solution for day-to-day investigations. We get alerts when something is going on in the environment. Right now, we are using that tool for the asset management team to identify services or applications that are not allowed for governance and all of these purposes. In addition to that, we use it for isolating devices. We also have a service with them, an MDR service. They analyze information, and they do investigations for us as well.

Mainly, we were concerned with the visibility of the environment. We didn't have a tool that was able to allow us to see or have visibility of what the endpoints were doing on the servers in the environment. That was the main reason to adopt this solution - to have visibility on the environment as, in the past, we didn't have that capability.

The isolation of devices has been really important. We like all the attack surface-managed NPEs. It's helping us to identify devices and protect us on the network. That's in combination with third-party integrations as well. We have integrations that are helping us to identify devices using our vulnerability management services. It's scanning the network and it's sending all that data to VisionOne. With that information, we identify devices that are protected on the network and the environment.

The reports are a really good feature for showing results to upper management levels.

The search features help us try to correlate information and identify any suspicious activity. That's another feature that has been really important.

We are using it everywhere except for the network, so we don't have the network discovery service from Trend Micro. However, we have it on endpoint servers and email and also the cloud as well. We use cloud conformity to connect that piece.

Trend Micro has a feature called Vision One, that provides us with centralized visibility management across all protection levels. That's helping us to have a centralized view of the console. That's the main reason why we still have that product.

Centralized visibility is important. When we are doing investigations, we can do everything in one console instead of moving to different screens or different windows. The centralized visibility and management across these protection levels helped with our efficiency. It helps us to identify quicker, any potential threat, or any special activity.

They have this feature called Risk Index which I use sometimes to validate the level of rates we have. We don’t use it often - maybe once every one or two weeks. We use it to rank our security operations overall. Mostly, we just check it out of curiosity.

We use the managed XDR service that they have. It relieves a lot of workload especially during investigations or interim reports about any particular activity - especially with the coverage after hours. It is helping us with the capability there. Also, if something really bad is happening, we have eyes watching all the activity, which is nice.

Using this managed XDR service enables our team to work on other tasks - especially when we, in certain ways, allocate some of the investigation pieces. We basically create a request for them to investigate things, and that allows us to focus on other things to optimize our security toolset. That's really helpful.

We use the attack surface risk management capability they have. We use that heavily right now. It was a big use case in the past few months. We use it to identify multiple devices without protection, the applications that have been used by our users, and which ones are risky. We are using that on a regular basis. It's helped us identify blind spots and more assets. It's positively affected our security posture by improving a lot of our visibility.

XDR helped us decrease our time to detect or respond to threats. In the past, we didn't have that visibility. When we enabled that tool, at the beginning, it was a little bit noisy. That's something to be expected coming from a new tool. However, after testing through these years, things are improving, and now we can see better results, especially during investigation alerts.

The solution has helped us to reduce the amount of time we spend investigating false positive alerts. In the beginning, there was a large amount of false positives. Right now, we are day to day trying to reduce them. At this point, they are lower compared with the beginning of the implementation. Things are improving. We are reducing false positives as we go which is great.

We do use the automation capability a little. However, we noticed some limitations, especially on the playbook side. The API we use. We are integrating that with another product, a SOAR product. The playbooks are a little bit limited in what they can do at this point. Let's say that we want to connect on a specific API. The templates we cannot modify very well. When we noticed that limitation, we decided to go and use Trend Micro VisionOne API and connect it to other tools to develop that activity using another product.

Under attack surface management, when you go to the specific sites or applications that the users are accessing, the capability of downloading that report could be better. Let's say, as an example, we want to identify users using chatGPT, for example. We want to download that data through an API or through the GUI. Right now, it's not available as an option. Maybe having the capability of extracting data from VisionOne for specific areas of the tool could work. That's something that could be useful, especially if we want to generate that report and send it to specific teams. Often, we don't want to provide DX to all the people. Sometimes it's easier to just have that file and share that file with the people who need to have that information. 

I've been using the solution for around three years now. 

The stability is good. It's not very common to have any outages. Sometimes there may be a glitch, however, it's rare. Normally we have 95% stability.

The scalability is good, especially when we are talking about third-party integrations. We can have visibility and control of all different assets. So we can have good scalability and visibility and know more about the environment in places where we didn't have any idea things were happening. It's a SaaS tool, and we don't have to do any maintenance, and it's easy to deploy. It's pretty straightforward.

When we have specific issues or problems connecting some products we ask for support. They respond really fast. They always try to mitigate and resolve all the issues we have. If they cannot resolve the problem, they normally share some suggestions on how we can mitigate future problems.

Positive

We did not use other solutions, although we did use Apex One for a long time. We have also used an EDR product.

I was involved in the deployment. I was the one leading the data during the implementation. The process is pretty straightforward. It was a little tricky to reduce the false positive alerts, however, the portion of deploying to the environment and connecting the pieces was simple. 

From our side, we had three or four people involved in the implementation. 

We had some help with the deployment and we had some guidance in the beginning. We requested some support from our account manager.

The pricing is good if you look at all the compatibilities and features offered by the product. There are features that can increase the pricing. We can put some credits to some features, however, if we want to enable them. With the amount of credit we have, we are covered for all of our needs.

I'd rate the product eight out of ten.

It is a really good product and easy to deploy. They allow you to have more visibility on your environment, especially if you have any kind of XDR solution. It will increase the visibility of what's happening in the environment. Also, from the perspective of doing maintenance updates or patches, the cloud is the way to go. The product management team does a really good job of increasing the features, and they are listening really closely to what the customer needs via feedback. 

I was team lead with incident responses and incident management. We used the solution for that.

We were already using Trend Micro endpoint, NGAV by Trend Micro, and we got that upgraded to the XDR version. There was not much of a change after that. The only good thing about upgrading to XDR from NGAV was, having those real-time logs and network activities in front of us.

My reviews with Trend Micro are somewhere average. I won't rate it as an excellent tool or utter nonsense. I won't rate the two extremes, however, I would say it's in between them. It was mostly fine.

XDR provided a much more deep view into what is actually happening.

The rest of the features were pretty simple. There's nothing glamorous about them, however, it works. Nothing much really stood out amongst what the others were giving and what Trend Micro was giving. They are all pretty typical.

The dashboard was pretty easy to navigate. It was pretty convenient and user-friendly.

Results were delayed. We had all the logs in our hands. We were pretty quick in giving out the results and coming up with a conclusion. Trend Micro was pretty delayed on that front, however.

Their turnaround time or the response to their MDR services was slow. While doing POC, we did MDR as well. They could improve the response time on that. That was my view back then, as it used to take a lot of time to get that case generated, get that case analyzed. In the end, we were more interested in the responses from the actual human analysts. Instead of having a machine-generated thing, we were banking on understanding how an incident is treated and how a response is being given. For us, for example, we were able to do our analysis and come to the same conclusion maybe four or five hours before we received Trend Micro's report. Almost all the results were identical.

There was one feature called Sandbox that I wanted to try on, however, at that time, they had not released it yet. 

Since last August, I have been working with another organization, so I am not sure how Trend Micro has developed within the last ten months.

I was never able to test the live response feature, wherein I could take access, remote access of the infected system, and send some commands to kill the processes, or maybe to grab the artifacts, to triage the artifact. By the time it came online, I was moving to another organization.

We'd like a bit of freedom or flexibility on the portal. If I'm the end-user, and I see something bad which might not be bad from Trend Micro's perspective, however, for my organization, was an abnormal activity.

Executing things via PsExec might be something that is normal for some organizations, however, for my organization, it is a highly suspicious thing. If I want to investigate that, having the flexibility for me to investigate it in a deeper sense would be ideal.

That was something that was not possible at that time. I don't know if they have given more freedom to Trend Micro admins. 

We'd love more flexibility in terms of implementing some of the configurations, estate-wise. That is something that I would have loved to see in Trend Micro.

I used the solution for a month and a half, maybe. Or six weeks.

The response time, the analysis, or the human part was something which was requiring improvement. From the tool perspective, there were a lot of things that were to be released at the time I was using it.

We used to see those on the dashboard. For example, the sandbox. They had a sandbox, just like what CrowdStrike does where you can have a license for the sandbox. You can run those EXEs or whatever files, or malicious artifacts through those sandboxes and get a result.

That was something that was under development, though it was being displayed on the dashboard as "coming soon". There were a lot of features that were to be implemented. It was notified to the end-user as "Okay, that these features are coming in, and we are not sure how long it will take." 

The trend lines were pretty extensive - like a year or maybe seven months, eight months. Those were the timelines for the actual deployment of those features into the dashboard. Therefore, it's hard to speak to the stability of the product.

The scalability is good. It was just a matter of installing the agent, which was pretty easy to deploy via a group update. Scalability was not an issue. The more licenses we purchased, the more systems we could get coverage upon.

There were endpoints plus servers covered. 

We were heavily dependent on them. The reason was, that we had Trend Micro NGAV and we upgraded to Trend Micro XDR. 

Their technical support isn't that great. 

I used to speak with their CSMs quite frequently. They used to take a lot of feedback from us, asking about how things were, as their detection improvement was something which, also we were part of, not directly, however, we had one more team who used to do VAPT.

We used to post those results and say, "Okay, this is what we did. We did not get any alerts from you. We did not get any communications from you. What if this was an active hands-on keyboard activity and we were under attack?" They used to take that feedback. They used to get it implemented. Detection was then pushed in. They were in that development phase. I am not sure how well they are doing right now.

Negative

I've worked with CrowdStrike and Sophos and they provide a much better way to handle things than Trend Micro.

We never had any other tools or other antiviruses, other EDR solutions, that were playing any roles in the infrastructure. We only had ESET, and we were phasing those ESET servers out to Trend Micro. The only tool that we worked on, or XDR that we worked on, was Trend Micro.

The initial setup was pretty straightforward. They had given us one file which we could push through group policy updates. It was implemented throughout the organization. Implementing was pretty easy and it was pretty lightweight.

I was happy about that as it was not a resource-hungry agent which was running in the background, and we could not kill it, we could not limit it. Typically, XDR agents can be a bit resource-hungry, however, this one from Trend Micro was very light. 

I'm not sure how long the deployment itself took.

Our IT team was pretty huge. It was around 30 odd people who used to work on it, however, I'm not sure how many of them were dedicated to working on Trend Micro for maintenance.

We had our internal IT team who we used to do the installation.

The company I worked for did not lose its money as Trend Micro was a low-cost tool. The features which we were getting were justified by the cost. It was not too costly to have those features.

I'm not sure of the exact price, although it is moderate. I'd rate it 3.5 out of five in terms of affordability.

You could get new features with an added cost per license, or it used to be bulk. Having that modularity helped in choosing and protecting our systems, and keeping the cost down. That modularity helped us in the beginning.

We also evaluated CrowdStrike with Trend Micro. CrowdStrike was phenomenal. I have all the good answers for them. If I have to rate them, I will rate each feature four out of five and above since they were that good.

CrowdStrike was too costly for our organization to have, as we had started building the Infosec inside, having Infosec in-house. Previously, it was outsourced.  I was the first person who was enrolled for Infosec.

I was an end-user.

I'm not sure which version we were using it. 

The solution was on the cloud. We were discussing having it on-prem, however, the cloud made much more sense for such a small organization rather than utilizing the resources on-site.

I'd rate the solution six out of ten.

It offers very good ransomware protection. You have more visibility on the network.

It helps with compliance. We are also well-protected from ransomware and network attacks.

It's improved our organization in two ways: we can have more visibility and have more confidence in security. We also have better reporting for regulatory compliance. 

The endpoint protection is the most useful. It's powerful. I've faced issues with other products regarding ransomware; however, with Trend Micro, I have no fear of network attacks. I have experience with consistent protection. 

Customers have NDR and XDR protection, and it's very good for protection. There are also regulations within our country that require us to use XDR. 

The centralized visibility is good. It's great for the IT team as they have to export reports to management for compliance. It helps with reporting. It's essential. 

The centralized visibility and management across protection layers helped our efficiency. We have a limited number of security engineers. With Trend Micro and its centralized dashboard, it will show everything we've learned and reflect reporting on the dashboard and this helps when you have a limited amount of users. It simply reduces the number of people that need to be involved in the security effort. 

We use the executive dashboards on both sides. We can drill down on them right into XDR detection. It's essential when we have an incident. If we need to know more about the threat, we need to know where and how they are attacking. We can drill down and get forensic data. 

The solution's risk index feature is very good. It comes out of the box. Our customers can use it. 

The product has helped us decrease our time to detect and respond to threats. 

It took some time to realize the benefits, as we had some issues with support. It took us three to four months to realize its benefits. 

The support should be improved. 

We'd like to see deception features in the next release. It would help us to reduce false positive alerts. 

I've been using the solution for seven years now.

The stability is good overall. 

The solution is scalable. You simply need the resources on the VM, and you can easily change your license. 

We've had issues with support. Their services could be improved. 

Neutral

I have used Fidelis and found you can control the endpoints better. They also have a deception module, which is very powerful. You can manage your endpoints perfectly. It also offers very good network visibility. I use both products. It depends on the customer's needs and approach.

I observed the deployment process. 

We had issues. It should be straightforward; however, with a customer, we faced a problem with technical support. It took us almost eight months to deploy. They had issues with the installation on the endpoints and on the network side. We had a problem with a few things, including use cases. 

The plan was to deploy in two weeks, and yet it took almost eight months.

From the customer side, there were three engineers, and from Trend Micro, there were one or two engineers working on the solution.

Almost every two weeks, there are maintenance calls. The customer has three people handling maintenance duties. 

The solution was deployed by support. 

The pricing is average. The costs are acceptable. It's good for small or medium-sized businesses. 

I'm a partner. 

We're using the latest version of the solution. 

I'd rate the solution eight out of ten. 

For enterprise customers, I wouldn't recommend the solution. However, it's a good solution for small or medium customers. New users need to ensure they have the correct sizing and licensing. 

You need to talk to the right support engineers in order to have a smooth experience. 

We use FireEye, Microsoft Defender, and Trend Micro for our endpoint solutions. Trend Micro.

We implemented Trend Vision One because we have many production servers and wanted to secure all endpoints.

We are planning to move our XDR to the cloud, but all of our production servers are currently on-premises. 

Trend Vision One's ability to cover all our servers is important because we can detect and quarantine any vulnerabilities as well as block and isolate third-party applications from being installed on our servers.

The centralized visibility empowers us to monitor and manage all our servers from a single console. This includes generating reports, deploying security updates, and identifying offline or outdated servers.

The centralized visibility and management across protection layers have helped increase our efficiency. We receive alerts and make changes all from one place.

Trend Vision One helps us protect our servers, specifically our older servers that are not supported by Microsoft.

It has reduced our time to detect by 50 percent.

Trend Micro XDR has reduced the time spent on false positive alerts by up to 40 percent.

The zero-day vulnerability is valuable. As end users, we may not be aware of exploitations and Trend Micro makes suggestions to update to protect our endpoints from attack.

The automation capabilities on-premises could be improved, as we currently have to manually activate servers and push policies.

I would like the uninstall process of agents to require two-step verification.

I have been using Trend Vision One for ten months.

Trend Vision One is stable.

Trend Vision One is scalable.

The technical support is good but we sometimes face delays because they will only respond to our partner who then relays the information to us.

Positive

The migration from on-premises to the cloud allows us to access the cloud and on-premise servers from the cloud. The migration is not complicated but some rule-based ports require a lot of approvals and assistance from our network team.

The migration can be done in a few hours if all the ports are available.

Two people are required for the migration.

We used a third-party service from JVS for the migration.

I would rate Trend Vision One a nine out of ten.

For the on-premises deployment, maintenance is required because we have to manually check the connectivity of the agents. One person is required for the maintenance.

I recommend Trend Vision One, especially for older servers that are not supported by some other endpoint solutions.

We use Trend Micro XDR to enhance our security framework.

One of our partners was the victim of a major attack, and we realized that our environment was susceptible to the same thing because we were only using an antivirus solution. 

Trend Micro XDR is deployed on-premises, and we use it on our core business servers, clients, and the management portal to protect all of our network nodes from attacks.

Trend Micro Vision One provides centralized visibility and management across protection layers, which is important. It is part of our monitoring tool. The visibility gives us a centralized view of our network nodes, activities, and possible attacks.

The risk index feature plays an important role in our KPIs, which we report to the management team. Our business is dependent on our systems running 24/7.

Trend Micro XDR has helped decrease our time to detect and respond to threats.

Trend Micro XDR has reduced the time we spend investigating false positive alerts by 50 percent.

The most valuable feature is the network protection shield on every server, which isolates attacks and prevents our clients from being affected.

The deployment process could be more streamlined over the existing infrastructure, as it was not as easy as we thought. We are working with an expert from Trend Micro to improve the rollout process, but it has taken some time and we do not yet have a concrete understanding of the issue. There are some features that we have to install repeatedly before they start running.

I have been using Trend Micro XDR for one year.

Trend Micro XDR is stable.

Trend Micro XDR is scalable.

The technical support is good.

Positive

The deployment took six to eight weeks to complete. We had around five part-time people involved in the deployment.

Trend Micro XDR is expensive but we got a good deal from Trend Micro. We pay for an annual license.

Currently, we are researching the question of whether to use Trend Micro XDR when we switch from our classic NPLS internal corporate lines to an SD-WAN solution. Or if we should use an integrated solution from the SD-WAN and firewall provider, such as Palo Alto or Fortinet.

I would rate Trend Micro XDR eight out of ten.

We have 300 people in our organization that use the solution.

Maintenance is easy and done by two people, who update, patch, and install new servers; client-side, they also update user stations and analyze logs.

I recommend Trend Micro XDR. It is user-friendly.