We use Trend Vision One as our primary security solution on all endpoints, servers, and clients in our environment. Through third-party integrations, we’ve also connected solutions from other vendors (including VMware and Fortinet).
Head of Organization at ZEUS Informationstechnologie GmbH
Empowers teams to quickly identify and manage cyber risks through detailed insights and continuous support
Pros and Cons
- "Trend Vision One has increased our endpoint visibility and reduced attack vectors, enabling us to identify and respond to vulnerabilities and threats faster, which has reduced our response time by an estimated 25–30%."
What is our primary use case?
How has it helped my organization?
Trend Vision One has increased our endpoint visibility and reduced attack vectors. We can now identify and respond to vulnerabilities and threats faster. This has reduced our response time by an estimated 25–30%. Vision One provides notifications about specific risks and helps us understand where the general risks lie, enabling proactive mitigation.
With other vendors, we’ve had to manually check for vulnerabilities in products and assess whether those vulnerabilities were relevant. Now, Vision One handles much of that process. It provides detailed information for each user and endpoint about existing risks and how to mitigate them.
I often compare patching vulnerabilities in Cyber Risk Exposure Management (CREM) to playing a game — the goal is to collect as few points as possible. The lower our score, the more secure our environment is. And like in real life, there are ups and downs because new risks arise daily. Vision One is an important tool for communicating risk assessments to management while also helping operational staff understand what risks mean and how to reduce them.
What is most valuable?
The feature I find most valuable in Vision One is CREM. CREM helps our company identify blind spots. It provides detailed information about the actions and improvements we should take to secure our environment, and gives concrete recommendations about how to resolve vulnerabilities.
As part of our Service One Complete service agreement, we have bi-weekly meetings with a Technical Account Manager (TAM) who advises us on improving security settings and informs us — even between meetings — about new attack scenarios and how to counter them.
What needs improvement?
It’s hard to pinpoint areas where Vision One could be improved or where additional features are needed. I’ve been working with the solution for three years, and Trend Micro is constantly developing. Sometimes, it’s hard to keep track of all the updates and added features.
I feel that Trend Micro is now better at identifying my needs than I am at recognizing them myself.
Buyer's Guide
Trend Vision One
August 2025

Learn what your peers think about Trend Vision One. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
867,445 professionals have used our research since 2012.
For how long have I used the solution?
Vision One has been in use at the company for three years.
What do I think about the stability of the solution?
The stability is excellent. In my opinion, performance and availability are both very good.
What do I think about the scalability of the solution?
The scalability of the solution is very good. We have not encountered any limitations as our environment has grown.
How are customer service and support?
I would rate customer service extremely positively. Support responds quickly, and together we’ve been able to solve all challenges in our day-to-day operations. On a scale from 1 to 10, I would rate customer service and technical support a 9 — there should always be room for improvement.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Before Trend Vision One, we used a solution from Kaspersky. The switch was prompted by the German BSI’s security warning regarding Kaspersky's antivirus products.
How was the initial setup?
I was heavily involved in the rollout and deployment of the solution. Implementation was relatively quick and smooth. We used a deployment script distributed to endpoints through our software distribution system.
Our rollout strategy started with a small number of endpoints being configured with antivirus and policies. After reviewing and refining the policies, Vision One was rolled out in phases to the remaining endpoints.
What about the implementation team?
We needed only one staff member for the implementation of Trend Vision One, and that was me.
What was our ROI?
The investment in Trend Micro Vision One has paid off, although ROI is difficult to calculate. A security solution is like a good insurance policy — ideally, you never need to use it. We haven’t had any incidents so far, and hope it stays that way.
I’ve noticed that the continuous visibility of potential risks has made our environment more secure and has enabled colleagues to respond faster, saving valuable working time.
Which other solutions did I evaluate?
Before we decided on Vision One, we also evaluated solutions from other vendors, including Microsoft and Fortinet. The differences between the products were not significant — they were more in the details. But since we had already been a Trend partner for 15 years (12 of them inactive), we ultimately decided to return to Trend Micro.
What other advice do I have?
Three years ago, we followed a different concept: two independent security solutions with separate management and reporting. Migrating to Vision One and consolidating everything into one interface gave us a 365° view of our IT infrastructure.
Central visibility of endpoints and vulnerabilities, as well asunified management, brought a new level of focus to IT security and boosted employee awareness.
If you're evaluating Trend Micro, don’t limit yourself to antivirus functionalities. Consider other features as well — especially the Managed Services, (strong technical support), and Cyber Risk Exposure Management capabilities, which I find highly valuable.
Create a centralized view of your IT infrastructure.
Define which features are important or necessary for you.
Get a comprehensive overview when evaluating different security vendors in terms of features and costs — so you’re not comparing apples to oranges.
Foreign Language: (German)
Ermöglicht Teams, Cyberrisiken schnell zu erkennen und zu managen – durch detaillierte Einblicke und kontinuierliche Unterstützung
Was ist unser primärer Anwendungsfall?
Trend Vision One kommt als primäre Sicherheitslösung auf allen Endpunkten (Server und Clients) in unserer Umgebung zum Einsatz. Darüber hinaus sind über die Third-Party Integration auch die von uns eingesetzten Lösungen weiterer Hersteller (u. a. VMware, Fortinet) eingebunden.
Wie hat es meiner Organisation geholfen?
Trend Vision One hat uns geholfen, die Sichtbarkeit der Endpunkte zu erhöhen und den Angriffsvektor zu verringern. Wir können schneller Schwachstellen/Bedrohungen identifizieren und darauf reagieren. Dadurch konnte unsere Reaktionszeit um schätzungsweise fünfundzwanzig bis dreißig Prozent gesenkt werden. Mit Vision One wird man über konkrete Risiken benachrichtigt und lernt, wo die Risiken im Allgemeinen liegen. So kann man aktiv daran arbeiten, diese zu beheben.
Früher mussten wir aus eigener Initiative heraus überprüfen, welche Schwachstellen bei bestimmten Herstellern bestehen und einschätzen, ob diese Schwachstellen für uns relevant sind. Das wird jetzt bereits zu einem großen Teil von Vision One erledigt. Herunter gebrochen bis auf jeden einzelnen Benutzer und Endpunkt wird dediziert angegeben, welche Risiken bestehen und wie diese verringert werden können.
Ich vergleiche die Behebung von Schwachstellen im Cyber Risk Exposure Management (CREM) mit einem umgekehrten Spiel. Es geht darum, so wenige Punkte wie möglich zu sammeln. Je niedriger unser Score ist, desto sicherer ist die Umgebung. Und wie im echten Leben gibt es Höhen und Tiefen, weil es täglich neue Risiken gibt.
Letztendlich ist Vision One ein wichtiges Tool, um einerseits eine allgemeine Risikobewertung für Führungskräfte/ Manager durchzuführen, und andererseits für operative Mitarbeiter, um zu wissen, was dieses Risiko tatsächlich beinhaltet und wie es sich reduzieren lässt.
Was ist am wertvollsten?
Die Funktion, die ich in Trend Vision One besonders wertvoll finde, ist Cyber Risk Exposure Management (CREM). CREM hilft unserem Unternehmen, blinde Flecken zu identifizieren. Diese wichtige Funktion zeigt sehr detailliert und umfassend auf, wo Handlungsbedarf oder Verbesserungspotenzial besteht. Gleichzeitig bietet es den Kollegen konkrete Handlungsempfehlungen, wie Schwachstellen geschlossen werden können.
Ein Bestandteil unseres Service One Complete Service-Vertrages sind zwei wöchentliche Meetings mit einem TAM (Technical Account Manager), der uns berät, wo Verbesserungspotenzial bei den Sicherheitseinstellungen besteht und uns regelmäßig – auch zwischen den Meetings – informiert, wenn es neue Angriffsszenarien gibt und wie diesen entgegengewirkt werden kann.
Was muss verbessert werden?
Bereiche, in denen Vision One verbessert werden könnte oder wo zusätzliche Funktionen erforderlich sind, sind schwer zu bestimmen. Ich arbeite jetzt seit drei Jahren mit der Lösung und Trend Micro arbeitet ständig an deren Weiterentwicklung. Stellenweise ist man gar nicht in der Lage, alle Änderungen zu erfassen oder welche zusätzlichen Funktionen eingebunden werden.
Ich glaube, Trend Micro ist derzeit schneller dabei, meine Bedürfnisse zu identifizieren, als ich sie überhaupt selbst erkenne.
Wie lange verwende ich die Lösung bereits?
Vision One ist seit drei Jahren im Unternehmen im Einsatz.
Was denke ich über die Stabilität der Lösung?
Die Stabilität der Lösung ist sehr gut. Meiner Meinung nach sind Leistung und Verfügbarkeit sehr gut.
Was denke ich über die Skalierbarkeit der Lösung?
Die Skalierbarkeit der Lösung ist sehr gut. Wir sind bisher auf keine Einschränkungen beim Wachstum unserer Umgebung gestoßen.
Wie sind Kundendienst und Support?
Ich würde die Erreichbarkeit und Kompetenz von Service und Support von Trend Micro als sehr hoch bewerten, ich bin sehr zufrieden. Antworten und Lösungen kommen prompt, das Personal ist professionell und auf einem sehr hohen Kommunikationsniveau.
Wie würden Sie Kundendienst und Support bewerten?
Äußerst positiv. Kundendienst und Support reagieren zeitnah. Gemeinsam konnten bisher alle Herausforderungen unseres Tagesgeschäftes gelöst werden.Auf einer Skala von eins bis zehn würde ich den Kundendienst und den technischen Support für Trend Vision One mit einer Neun bewerten. Es muss ja noch Luft nach oben bleiben.
Welche Lösung habe ich vorher verwendet und warum bin ich gewechselt?
Vor Trendmicro Vision One war die Lösung von Kaspersky im Einsatz. Der Auslöser für den Wechsel war die vom BSI ausgesprochene Sicherheitswarnung vor den Virenschutzprodukten des Herstellers.
Wie war die anfängliche Einrichtung?
An der Einführung und Bereitstellung der Lösung war ich maßgeblich beteiligt. Die Implementierung erfolgte relativ schnell und problemlos mit einem Deployment-Skript, welches über das Software-Verteilungssystem auf die Endpunkte gebracht wurde.
Unsere Implementierungsstrategie sah vor, dass zunächst eine kleine Anzahl von Endpunkten mit Virenschutz und Richtlinien versorgt wurde. Dann wurden die Richtlinien noch einmal überprüft und verfeinert. Abschließend wurde Vision One in mehreren Etappen auf die restlichen Endpunkte ausgerollt.
Wie war unser ROI?
Die Investition in Trend Micro Vision One hat sich rentiert, aber der ROI ist schwer zu berechnen. Eine Sicherheitslösung ist wie eine gute Versicherung, die man hoffentlich nicht braucht. Wir hatten bisher keine Vorfälle und hoffen natürlich, dass wir auch in Zukunft keine haben werden.
Ich stelle fest, dass unsere Umgebung durch die permanente Sichtbarkeit von potentiellen Risiken sicherer geworden ist und dass die Kollegen schneller auf diese reagieren können. Das spart vor allem Arbeitszeit.
Welche anderen Lösungen habe ich evaluiert?
Bevor wir uns für Vision One entschieden haben, haben wir auch die Lösungen anderer Hersteller evaluiert, unter anderem die von Microsoft und Fortinet. Die Unterschiede bei den jeweiligen Produkten waren nicht so gravierend, sie lagen mehr im Detail. Aber da wir auch schon seit fünfzehn Jahren Trend Micro Partner sind (zwölf Jahre davon ruhend), sind wir schließlich wieder zu Trend Micro zurückgekehrt.
Welche anderen Ratschläge habe ich?
Wir hatten vor drei Jahren ein Konzept, das einen anderen Ansatz verfolgte. Zwei voneinander unabhängige Sicherheitslösungen, mit jeweils eigenem Management und Reporting. Die Migration zu Vision One mit der Konsolidierung in eine Oberfläche hat zu einer 365°-Sicht auf die IT-Infrastruktur geführt.
Die zentrale Sichtbarkeit von Endpunkten und Schwachstellen und das Management über alle Ebenen hinweg hat noch einmal einen ganz anderen Fokus auf das Thema IT-Sicherheit gelegt und das Bewusstsein der Mitarbeiter für dieses Thema gestärkt.
Wenn Sie Trend Micro evaluieren, beschränken Sie sich bitte nicht nur auf den reinen Virenschutz, sondern beziehen Sie auch die anderen Funktionen in die Betrachtung ein. Insbesondere die Managed Services, der Technical Account Manager und die Cyber Risk Exposure Management Funktionen haben für mich einen hohen Mehrwert.
Schaffen Sie eine zentralisierte Sicht auf Ihre IT-Infrastruktur.
Definieren Sie im Vorfeld, welche Funktionen für Sie wichtig sind bzw. Sie benötigen.
Verschaffen Sie sich einen umfassenden Überblick bei der Evaluierung verschiedener Sicherheitsanbieter hinsichtlich Funktionen und Kosten, damit Sie nicht Äpfel mit Birnen vergleichen.
Welches Bereitstellungsmodell verwenden Sie für diese Lösung?
Private Cloud
Falls öffentliche Cloud, private Cloud oder Hybrid-Cloud, welchen Cloud-Anbieter verwenden Sie?
Verschiedene.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jul 27, 2025
Flag as inappropriate
Senior Manager at Contessabd
Improved firewall management and centralized visibility
Pros and Cons
- "Trend Vision One's most valuable feature is its endpoint firewall rules."
- "Integration with other tools and deploying in hybrid environments need improvement."
What is our primary use case?
The primary use of Trend Vision One is for its Endpoint Detection and Response and Extended Detection and Response solutions.
To address challenges with our attack surface management, we implemented Trend Vision One.
What is most valuable?
Trend Vision One's most valuable feature is its endpoint firewall rules.
The centralized visibility and management have been very important to us, as it allows for an effective EDR or XDR solution with central management. Without such solutions, I cannot imagine dealing with problems efficiently. The executive dashboards are used for main reporting and central management, improving readability.
Trend Vision One's attack surface management capabilities are a critical feature that we utilize.
What needs improvement?
Integration with other tools and deploying in hybrid environments need improvement. The deployment can be complex, and we'd like an easier process, especially when integrating with on-prem and cloud environments.
The high number of false positives in Trend Vision One presents a challenge. Reducing these requires extensive exclusion and allow lists, which are difficult to manage effectively.
For how long have I used the solution?
I have been using Trend Micro Vision One for one year.
What do I think about the scalability of the solution?
Trend Vision One is scalable.
How are customer service and support?
The technical support is not good. We have to purchase support separately and the engineers are not readily available.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We previously used Sophos and Microsoft Defender. For hybrid, we switched to Microsoft Defender due to easier integration with on-prem and cloud. I would recommend Trend Micro for Linux and mixed environments.
How was the initial setup?
The standard deployment of Trend Vision One was straightforward and took approximately 24 hours to complete with two people involved.
What's my experience with pricing, setup cost, and licensing?
Trend Vision One offers a competitive price-to-value ratio.
Which other solutions did I evaluate?
We evaluated Microsoft Defender and Sophos before switching. Microsoft offers more options for attack surface reduction rules compared to Trend Vision One.
What other advice do I have?
I would rate Trend Vision One eight out of ten.
We have 400 users of Trend Vision One in our organization.
Two administrators are required to manage Vision One.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Buyer's Guide
Trend Vision One
August 2025

Learn what your peers think about Trend Vision One. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
867,445 professionals have used our research since 2012.
Cyber Security Analyst at a tech services company with 51-200 employees
Centralized management enhances threat response with automation and comprehensive insights
Pros and Cons
- "The workbench alerts provide valuable insights into attack chains and relevant information, while Observer techniques give a comprehensive overview of ongoing activities."
- "Trend Vision One requires several enhancements for optimal performance."
What is our primary use case?
As a cybersecurity analyst at a managed security service provider, I use Trend Vision One for two of my clients. My primary use cases involve standard XDR functions, such as anomaly monitoring, alert analysis, and incident response. To streamline these processes, I've configured automated response playbooks within Trend Vision One. The insights provided by the platform, mainly through the Workbench and Observe Auto module, are invaluable for understanding my clients' environments and identifying vulnerabilities that need to be addressed.
I work with clients across various industries, including education and power. My education client utilizes Trend Vision One for specific security needs, while my power industry client, an electricity board, has a comprehensive Trend Micro solution in place, including Vision One, Apex One, and Deep Security Manager. With Vision One, I've successfully detected and addressed numerous web attacks, malware attacks, and unauthorized access attempts on production servers in the education sector. For the power client, the solution has effectively detected and blocked multiple ransomware attacks. These are common occurrences and demonstrate the value of Trend Micro's security solutions.
We use Trend Vision One on all endpoints in two scenarios. For one client with on-premises servers and endpoints, we use Trend Vision One as a comprehensive solution. For another client in the education sector, we use Trend Micro Deep Security Management alongside the Vision One XDR platform on their cloud-based Linux servers.
How has it helped my organization?
Trend Vision One provides centralized visibility and management across all protection layers. This is crucial for efficiently sharing data with management, both internally and client-side. The platform avoids technical jargon, offering executive summary dashboards and summarized incident reports that clearly communicate security status. This allows for concise and effective communication with non-technical stakeholders, assuring them of their security posture. Trend Vision One's automated dashboards streamline reporting, eliminating the need for extensive manual documentation, which is especially valuable for technical users.
I use executive dashboards to build on threat detection, check for vulnerabilities, and create appropriate responses for individuals or groups of endpoints.
We use the risk index to assess and enroll our risk score. We maintain a low-risk index, which helps both management and me understand our score in relation to global risk factors.
Although I inherited Vision One as a service provider from another team, I eventually began utilizing its full potential and reaping its benefits.
Trend Vision One offers a phishing simulation feature in its cyber risk assessment. I frequently use this tool with my clients to evaluate employee email awareness. It generates comprehensive reports and provides functionalities for easy management.
Attack surface risk management helps identify vulnerabilities and high-risk threats in an environment, but it may also generate some false positives.
Trend Vision One significantly reduces MTTD and MTTR by approximately 50 percent. Its automated playbooks enable an immediate response to detected threats, providing near-instantaneous protection. While manual analysis and reporting of critical errors typically take an analyst up to 15 minutes, Trend Vision One's configured playbooks can automatically complete the same task within two minutes.
I have configured some playbooks to take automated actions on Trend Vision One while detecting some specific alerts or while detecting some specific playbook alerts.
What is most valuable?
Trend Vision One offers several features that I appreciate. The workbench alerts provide valuable insights into attack chains and relevant information, while Observer techniques give a comprehensive overview of ongoing activities. The platform's automated playbooks streamline incident response, significantly reducing MTTD and MTTR. Additionally, the ability to integrate with various firewalls and data sources, including Trend Micro's suspicious object management, centralizes threat management and simplifies daily security operations and incident response tasks.
What needs improvement?
Trend Vision One requires several enhancements for optimal performance. The platform should allow users to create custom phishing templates directly within the console and improve logging capabilities to facilitate seamless integration with SIEM solutions. Additionally, it should provide a mechanism for configuring Office 365 Advanced Threat Protection alerts to be displayed within the Workbench for streamlined threat management.
For how long have I used the solution?
I have been using Trend Vision One for about a year and a half.
What do I think about the stability of the solution?
Trend Vision One is a stable platform with no significant issues like lagging or crashing.
What do I think about the scalability of the solution?
Trend Vision One is easy to scale up by adding new agents, although the credit system for feature usage is confusing and could be simplified.
Which solution did I use previously and why did I switch?
I have experience with solutions like Sophos Central XDR and Wazuh, and while they have their strengths, I find Trend Vision One to be a competitive option with a comprehensive range of capabilities.
What other advice do I have?
I would rate Trend Vision One nine out of ten.
The on-premises Trend Micro solutions may require updates.
After deploying Trend Vision One on pilot devices, I recommend exploring the entire portal to familiarize yourself with its features and capabilities.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer. MSP
Product Expert – Cloud (Cloud & Cybersecurity) at a comms service provider with 1,001-5,000 employees
Can pull telemetry data from the endpoints, network devices, and cross-layered architecture
Pros and Cons
- "Trend Micro can integrate third-party tools, such as Fortinet, Cisco, or any other vendor's firewall, to get the logs and alerts from them. Vision One is much more capable in that way."
- "Vision One's functional capabilities are excellent, but the platform can be upgraded and simplified in many ways. We use multiple playbooks to automate many things, but I'm not sure there are mature cybersecurity applications. There are several external alerts, and their behavior changes daily, so I'm not sure automation can help you that much. We're using the playbooks, but it might require some improvement."
What is our primary use case?
We use Vision One XDR for our endpoint security. Our company has nearly 4,000 users. We have endpoint cybersecurity agents for which we can use XDR.
Trend Micro has multiple subscription licenses for individual Vision One components. There are also licenses for XDR for endpoints. We have adopted four packages from Trend Micro: endpoints, workload security, mobile security, and email security gateway.
How has it helped my organization?
We didn't realize the benefits immediately after deploying the solution, but we saw results quickly. When you install Vision One, the policies are set to the default setting. It scans your machines, and you get alerts if someone is attacking, there's a vulnerability that must be patched, or there's a Trend vulnerability you're patching somewhere.
It has reduced our detection time. The detection is quite fast, but the response at the SOC level might take time. Vision One can be used to conduct analysis first. It reduces the investigation time because Trend Micro has an advantage in Pakistan. They have local technical resources deployed here. Organizations can get heavy false positives, but Trend Micro can help you define the policies accurately.
What is most valuable?
Our primary focus is DLP, and Vision One has solid DLP features. We also use URL filtering and device blocking, and there's telemetry for identifying exploitable vulnerabilities.
It offers us centralized visibility. That's the advantage of Vision One's unified platform with data lake capabilities. They pull telemetry data from the endpoints, network devices, and cross-layered architecture, and Vision One performs filtering and analysis.
Additionally, Trend Micro can integrate third-party tools, such as Fortinet, Cisco, or any other vendor's firewall, to get the logs and alerts from them. Vision One is much more capable in that way.
Having that centralized visibility has improved our efficiency. The organization has multiple tools segregated into separate windows that give you a particular type of visibility. Multiple SOC team members can view the same window. The beauty of Trend Micro is its ability to integrate all of the systems in one cloud platform, right, in terms of Vision One. From your workbench, you can easily monitor and centrally manage alerts. My SOC team is happy with it.
The risk index feature is a rich view that rates any alert on a scale of 1 to 100 and classifies it as internal or external. Few OEMs can provide that sort of capability. The index ratings provide a window into device health and how alerts can be resolved.
The attack surface management is a fantastic feature with a proactive approach. Normally, organizations do pen testing quarterly or once a year, but attack server management proactively checks user authentication or changes in your environment.
What needs improvement?
Vision One's functional capabilities are excellent, but the platform can be upgraded and simplified in many ways. We use multiple playbooks to automate many things, but I'm not sure there are mature cybersecurity applications. There are several external alerts, and their behavior changes daily, so I'm not sure automation can help you that much. We're using the playbooks, but it might require some improvement.
For how long have I used the solution?
We have used Vision One for two and a half years.
How are customer service and support?
I rate Trend Micro support eight out of 10. They stick to the SLA and respond on time. They are cooperative and supportive. I'm very satisfied.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have evaluated multiple vendors, and Trend Micro is among the best. You cannot have a typical apples-to-apple comparison. There are a lot of things which we need to compare. Other tools may not be at the network level or have the third-party integration that Vision One has.
How was the initial setup?
Deploying Vision One is easy. You can deploy it with a few clicks and configure the policies or use the default ones. It's flexible and user-friendly, and there are no headaches. The deployment time depends on your environment. If you have thousands of endpoints, it takes some time, but it's just a few minutes if you have a couple.
What's my experience with pricing, setup cost, and licensing?
Trend Micro is pricey, but it has more capabilities than a standard XDR, so the customers consider it reasonable. The market has accepted it. Trend Micro has a 64 percent share.
What other advice do I have?
I rate Trend Vision One nine out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Head of ICT at Sumac Microfinance Bank Ltd
A unified platform for simplified operations and automation
Pros and Cons
- "From an automation point of view, I find the ability to curate and deploy playbooks very helpful. I find that very convenient for us."
- "There should be a bit more dynamism when it comes to their playbooks in terms of the action triggers. That is the only thing that I would want to see a bit more."
What is our primary use case?
Its main purpose is orchestration where I have full visibility into all the different Trend Micro products I use, and it is all centralized in a single dashboard. There is ease of use with this centralized dashboard. With this centralized management, I can dive into technicalities, and I am able to do all my workbench investigations. It is quite clear, and I do not have to sift through different logs. It makes our work so easy when we need to respond to or remediate a particular issue.
The main problem that we wanted to solve by implementing Trend Vision One was the blindspots. We tend to focus on endpoints, but we forget IoT devices such as printers and CCTV cameras. This is where we had serious blind spots simply because these devices do not have an operating system. For us, it was just about eliminating these blind spots. That was our number one focus.
How has it helped my organization?
It has been exceptional. If you look at the evolution of the Trend Micro products up until Vision One, you can see that they do what they say they do. It has worked for me so well. That is why I have had it all these years.
We have protection against zero-day threats. One of the things that pushed me towards Trend Micro was the fact that they have the R&D for the zero-day initiative. They are a pioneer in terms of classifying CVEs. It gives me comfort. When you go and check the workbench or the report, you can see the type of exploits that it was able to detect, which have even been classified as CVEs.
Apart from the things that I do in IT, my responsibility is to protect my company's assets. I am able to safeguard my data against ransomware. The company does not have to worry that they can be held at ransom. The assurance that they do not have to pay just to get their data back makes it easy to sleep at night.
We have a single console for cross-layer detection, threat hunting, and investigation. We have what we call the executive dashboard. This is what I share with the C-suite. It is quite easy for me to break down cybersecurity in a business way, and then, of course, we have the operational dashboard and the security dashboard where I centralize all the products into one single pane. From an orchestration point of view, I love Trend Vision One. We are able to orchestrate all of our different products from one single dashboard.
Trend Vision One provides visibility into different products. I have a 360-degree view of my entire IT infrastructure, which helps me understand my threat landscape and the way it looks. The beauty of it is that it has metrics. I can see how I am performing as compared to 30 days or 7 days ago in terms of the risk indicator. Is it going up or is it going down? This is important for me because I am able to forecast and anticipate behaviors or patterns from the people perspective and the process perspective. I know what I need to do and train people on, and in terms of processes, I know what I need to do to clean up my policies. In terms of technology, I can assess if there is any other thing of Trend Micro that I need to supplement to make sure I am fully protected.
Our response is instantaneous. I do not have an exact percentile in mind when it comes to the reduction in the response time, but our response is instantaneous.
I have integrated it with my NUC, my firewall, and my database monitoring tool. Trend Micro has a feature for virtual patching through Trend Micro TippingPoint. It instantaneously does the patching and cascades them across. Apart from what we call scheduled patching, on-demand patching is a part of their product features.
Trend Vision One is very easy to learn. This is the second organization where I am using this Trend Micro solution. When I introduced it, my team did not know about Trend Vision One, but within a month, simply with the help of the business portal where we have the e-learning, they were fully skilled and even certified at the entry-level of Trend Micro. Their feedback was that it was quite easy for them to adopt.
Trend Vision One is not at all difficult to administer.
We have seen a reduction in viruses and malware since implementing this solution. They provide you with the metrics for risk posture. You can see the reduction in your threat landscape. It goes granular to the point of telling you which type of malware or threat you are exposed to and the reduction. It is very definitive from a percentile marking. In my previous organization, we saw about a 75% reduction when we rolled it out. We were previously using something else there.
It reduces administrative overhead. I stopped adding additional headcounts from a security analyst and a security officer's point of view. It helps me reduce the overhead. On average, considering the annual wage of a security analyst, there is a reduction of about 7,000 dollars per annum.
I use Trend Micro's managed XDR services in conjunction with Vision One Endpoint Security. It reduces overhead. It is a fully-fledged managed service, so I do not need to have the business invest in an in-house SOC. It is a whole lot cheaper.
What is most valuable?
From an automation point of view, I find the ability to curate and deploy playbooks very helpful. I find that very convenient for us. It gives away the manual process. There is the ease of use.
I love what they have done with their Trend Companion AI, where it becomes so easy to have it do something for you instead of sifting through different tabs. So, the automation element and their new AI feature are top-notch for me.
I find the virtual patching that they offer superb.
What needs improvement?
There should be a bit more dynamism when it comes to their playbooks in terms of the action triggers. That is the only thing that I would want to see a bit more. There should be a bit more dynamism, especially when you are creating your own playbook. This is something I have also discussed with Trend Micro.
For how long have I used the solution?
I have been using Trend Vision One since 2020 when it was rolled out. I have been using Trend Micro products since 2015.
What do I think about the stability of the solution?
It is stable. I would rate it a ten out of ten for stability.
What do I think about the scalability of the solution?
It is scalable. I would rate it a ten out of ten for scalability.
How are customer service and support?
I would rate their support a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used a plethora of other solutions. I moved to Trend Vision One for multiple reasons:
- The ability to do what the solution says it does
- The ability to orchestrate all different solutions into one single pane
- The ability to have automation when it comes to detecting and responding to threats
How was the initial setup?
It is deployed on the cloud. For me, the deployment was easy. For the endpoints, we just did a GPO push through Active Directory. For the cloud, we used just simple tenancy APIs and we were good to go.
It took us a week simply by virtue of how big the organization was.
In the IT team, there are 10 people working with this solution. We also have other departments such as risk and audit that use it. Overall, there are about 20 people directly working with it. The remaining are users for whom it just works silently in the background.
The maintenance is not done in-house. It is handled 100% by the OEM. They do share notifications, but we as users do not feel it, so whatever maintenance is required is handled 100% by the OEM. That is the beauty of a cloud service. You are not overly bothered by it.
What was our ROI?
In my previous company, over the four years, I believe we had seen about 81% ROI.
There are cost reductions because of the simple fact that I have automation. It means that I do not need to spend a whole lot on headcount for security analysts. From a commercial point of view, it has helped me reduce my operational costs, and then there are also security cost reductions because of the fact that it is automated and it responds in real time.
What's my experience with pricing, setup cost, and licensing?
When I compare it to its peers that can do the same, it is cost-effective.
What other advice do I have?
The evolution has been great. When I started using Trend Micro Vision One, the product feature was what they used to call business worry-free. It has evolved from an EDR to a fully-fledged XDR. You can see that the R&D is putting in work, and there is evolution. In terms of product coverage, they do not look at only endpoint protection. Right now, we have bespoke server protection. We have cloud asset protection and email security. You can see the growth of Trend Micro when it comes to its cybersecurity offering.
Based on my experience, I would recommend this solution. The ease of use, elimination of overhead, and return on investment are the reasons why you should have this solution.
I would rate Trend Vision One a ten out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Cloud Cyber Security Tech Lead at Vodafone
Enables efficient threat detection and investigation through seamless cross-border capabilities
Pros and Cons
- "Trend Vision One's greatest assets are its cloud-based platform and credit-based purchasing system, which eliminate the need for traditional licensing and procurement processes, enabling quick product acquisition within one or two days."
- "One area that requires improvement is the installation process of the agents, as it is not seamless."
What is our primary use case?
Vision One access supports multiple modules, including endpoint protection, the XDR module, and the Cloud One module, which are the ones that particularly caught our interest.
We have been doing a proof of concept for Trend Vision One to assess its capabilities as a cybersecurity solution. Vodafone is partnering with Trend Micro to offer security services and products to our customers to secure their environments, similar to a SaaS solution. We are exploring it as a partnership opportunity to provide enhanced security solutions to our customers.
How has it helped my organization?
We conducted a POC and tested multiple use cases by downloading malicious files and observing their behavior. Trend Vision One successfully detected and blocked all threats, including malicious files, scripts, and even dormant scripts that later became active. All these threats were stopped at the endpoint level, demonstrating that Trend Vision One effectively defends against malware, ransomware, and malicious scripts.
Trend Vision One incorporates a machine learning agent designed to defend against advanced threats, such as zero-day attacks. This agent monitors endpoints for malicious activity and, if detected, automatically quarantines the affected machine to conduct further analysis.
It employs machine learning to quarantine devices during ransomware attacks, however, this functionality has not yet been tested.
Trend Vision One provides a single console with a unified dashboard that consolidates information from our entire environment.
The single console provides end-to-end visibility into our IT security environment. We tested the endpoint security, and the SDR performed exceptionally well, providing a clear topology and metrics of our environment. This allows us to monitor the status of each node within our network.
The Trend Vision One platform was integrated with a Linux-based Service Engine to facilitate integration with third-party IT security solutions.
Learning to use Trend Vision One was straightforward, thanks to the helpful courses available on their portal and the excellent support provided during product introduction.
Administering Vision One endpoint security is easy through the single console.
We successfully tested Trend Vision One in a hybrid environment, with components deployed both on-premises and in the cloud.
Trend Vision One offers virtual patching to protect against vulnerabilities while vendors develop permanent patches. This is crucial because vendor patches can be delayed, leaving systems exposed. Virtual patching provides immediate protection, acting as a temporary shield until the official fix is released.
Since we are still in the testing phase, we have not yet seen a reduction in viruses or malware. However, we anticipate potential improvements in security operations across hybrid environments if implemented fully.
What is most valuable?
Trend Vision One's greatest assets are its cloud-based platform and credit-based purchasing system, which eliminate the need for traditional licensing and procurement processes, enabling quick product acquisition within one or two days. Trend Micro's strong reputation and excellent threat intelligence further enhance the platform's value. The analytics are also good, particularly the XDR and cloud assessment tools, which correlate logs and information to consolidate alerts for the SOC team.
What needs improvement?
One area that requires improvement is the installation process of the agents, as it is not seamless. The installation sometimes requires multiple troubleshooting steps and is not straightforward.
For how long have I used the solution?
We have been conducting the POC of Trend Vision One for approximately three to four months.
What do I think about the stability of the solution?
There were no major issues with stability, no bugs, glitches, or errors, except for the challenges faced with agent installation. I rate the stability of Trend Vision One eight out of ten.
What do I think about the scalability of the solution?
I rate the scalability of Trend Vision One ten out of ten.
How are customer service and support?
We did not engage with customer support during the POC phase, so we cannot provide feedback on that aspect at this time.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
For endpoint protection, we have used Microsoft Defender and Cortex XDR. We encountered issues with those solutions, but Trend Vision One seemed to address these concerns effectively.
How was the initial setup?
The initial setup was not complex. The prerequisites were set first, allowing integration to be completed in about a week.
What's my experience with pricing, setup cost, and licensing?
The pricing is mid-range, neither cheap nor overly expensive. The cost is considered fairly priced.
What other advice do I have?
I would rate Trend Vision One nine out of ten.
Our team from our organization includes three members involved in the POC testing.
I recommend Trend Vision One to other users based on our experience during the POC phase.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Associate Manager - Information Security at a tech vendor with 10,001+ employees
Reliable threat intelligence with customizable reporting improvements
Pros and Cons
- "Its threat intelligence sources enable it to automatically block domains known for command-and-control callbacks, effectively preventing attacks from those sources."
- "The reports lack detail and customization options, particularly for XDR, which hinders our ability to provide tailored reports to clients."
What is our primary use case?
We use Vision One XDR to provide managed security services to our clients by correlating logs from various Trend Micro products like Apex One, Cloud One, and Deep Security. Vision One acts as a central monitoring platform, providing a single pane of glass view of our clients' security posture. This simplifies monitoring and allows us to easily create playbooks and analyze alerts. While our EDR solutions, Apex One, Cloud One, and Deep Security provide robust security features like anti-malware, web reputation, and intrusion prevention, Vision One enhances this by correlating logs and leveraging threat intelligence to identify incidents missed by these individual products. Essentially, Vision One functions like a level three SOC analyst, providing an additional layer of protection and ensuring comprehensive security coverage.
How has it helped my organization?
Trend Vision One's centralized visibility and management are crucial for our managed security services because they reduce the overhead required for monitoring. As an XDR solution, it performs many of the tasks an analyst would typically handle, streamlining our workflow and allowing us to focus on in-depth analysis when needed. This reduction in workload is a significant benefit, enabling us to efficiently provide comprehensive security services to our clients.
The executive dashboard is a valuable tool for analyzing the threat level of specific assets, particularly for generating end-of-month reports that detail threat and alert volumes, and highlight high-security risks. This comprehensive analysis helps customers understand their security posture and take appropriate action to strengthen their defenses. However, it's important to note that the dashboard's usefulness may vary depending on the individual customer's needs and priorities.
The risk index is a useful tool that provides benefits, but its value depends on the specific needs of the customer. Some customers may utilize the risk index to identify assets with high-security risks, allowing them to address vulnerabilities and implement necessary patching. However, other customers may rely on alternative sources for vulnerability visibility and, therefore, may not prioritize the risk index. While not always a primary focus, the risk index remains a valuable resource.
Trend Vision One provides immediate benefits upon deployment. Its built-in XDR, which includes EDR functionality and integrates with existing security models like Apex One, Cloud One, or Workload Security, allows for seamless provisioning of endpoints and workloads. Rigorous testing confirms that Vision One effectively identifies and correlates alerts, including those missed by other EDR solutions. This enhanced detection capability is evident during post-deployment testing, as Vision One Workbench alerts are generated immediately.
We use Trend Vision One to consolidate security across hybrid environments.
We use attack surface risk management and often customize it in our reports to meet client needs. This service helps identify vulnerabilities and blind spots in their environments. For instance, we assisted a customer experiencing recurring attacks due to unknown vulnerabilities. Our attack surface management analysis provided the data to identify and patch these critical vulnerabilities, ultimately enhancing their security posture.
Vision One XDR significantly reduces threat detection and response time by automating the analysis typically done by a level two or three analyst. It provides a comprehensive view of the environment, incorporating behavioral analysis and intelligence sources to quickly identify unusual activity. This eliminates the need for manual investigation of logs and data, allowing analysts to focus on addressing actual threats. The XDR's automated workbench triggers alerts with a high degree of accuracy, minimizing false positives and further streamlining the security process.
We use security playbooks for certain low-level security alerts because many of these alerts, despite the large volume of data they represent, do not require significant time or attention. Playbooks are particularly useful in these situations as they automate the process of blocking the source or IP address associated with the alert.
What is most valuable?
Vision One offers several features I value.
The threat intelligence sources enable it to automatically block domains known for command-and-control callbacks, effectively preventing attacks from those sources.
Additionally, the security playbooks provide templates to block URLs or scripts, enhancing endpoint protection.
Finally, the console allows for remote connection to endpoints, enabling direct investigation and remediation within the customer's environment. This flexibility and comprehensive functionality make Vision One a valuable tool.
What needs improvement?
Trend Micro is making many improvements, including addressing some of our feature requests. However, their reporting functionality needs improvement. The reports lack detail and customization options, particularly for XDR, which hinders our ability to provide tailored reports to clients. For example, we cannot generate reports on threat intelligence data from XDR, making it difficult to assess the protection received from external sources. This limitation also prevents clients from seeing the total value of XDR, including external factors contributing to their security posture. Threat intelligence is crucial, and clients want to understand its impact. Therefore, enhancing report customization, especially for XDR, would be a significant improvement.
For how long have I used the solution?
I have been using Trend Vision One XDR for one and a half years.
What do I think about the stability of the solution?
Lagging does happen in Trend Vision One but it is infrequent and does not significantly disrupt operations. This is typical for many SaaS platforms and not a major issue.
What do I think about the scalability of the solution?
Trend Vision One is scalable, allowing for flexibility from four licenses to a hundred or more, depending on how much or how fast scaling is needed.
How are customer service and support?
The experience with customer service can vary depending on the case. Simple issues might involve referring to KB articles for resolution, while more complex issues might need backend support, which can take time. Overall, my experience has been positive.
How would you rate customer service and support?
Neutral
How was the initial setup?
Trend Vision One is easy to set up and can potentially be handled by one person. However, teamwork is preferred to ensure accuracy, catch potential errors, and maintain a high standard of service.
What's my experience with pricing, setup cost, and licensing?
Trend Micro's licensing is outsourced to third-party vendors, resulting in price variations depending on the vendor. Since Trend Micro doesn't directly handle pricing, I cannot provide specific cost details.
What other advice do I have?
Trend Vision One XDR is an excellent security product that deserves a ten out of ten rating. It's surprising that more companies haven't adopted XDR, given its advantages over traditional SIEM solutions. XDR automates tasks like configuration, signature creation, and rule implementation, significantly reducing the manual workload required with SIEM. While I expect a shift towards XDR, many companies still rely on SIEM, which seems inefficient in comparison.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. MSP
Engineering leader at a tech services company with 11-50 employees
Gives detailed maps and correlated information at one place
Pros and Cons
- "I find the maps particularly helpful. The object list, specifically the suspicious object list, is also quite valuable. You can simply add one object to that list to manage it from another solution."
- "Trend Vision One has helped reduce our time to detect and respond to threats by 30% to 40%."
- "I believe that the interface could be more user-friendly. At times, it is challenging to locate certain features, and they need to reorganize the user interfaces."
- "I would rate their customer support a five out of ten. They sometimes do not give enough attention to the tickets."
What is our primary use case?
We use it for analytics. We check all the maps and communications when there is an incident or an issue. It is very helpful for analytics.
How has it helped my organization?
Trend Vision gives a lot of visibility. If you have a big environment, you can use it to see logs or events. It gives more visibility into what is going on in your infrastructure.
Last year, we experienced an attack attempt, and it gave us a lot of visibility. We were able to track the source and all the processes that were involved during the attack. For security, it is very good.
Trend Vision One has helped reduce our time to detect and respond to threats by 30% to 40%.
What is most valuable?
I find the maps particularly helpful. The object list, specifically the suspicious object list, is also quite valuable. You can simply add one object to that list to manage it from another solution.
It gives comprehensive visibility. It is very good. It gives a lot of visibility into all layers such as layer three or layer seven. It helps with monitoring the endpoints, including all the desktops and processes or communication between servers.
What needs improvement?
I believe that the interface could be more user-friendly. At times, it is challenging to locate certain features, and they need to reorganize the user interfaces.
For how long have I used the solution?
I have been using the solution for one year.
How are customer service and support?
I would rate their customer support a five out of ten. They sometimes do not give enough attention to the tickets. Even when I update a ticket or a case, they ask the same questions that I have already answered. I explain my problem, and they respond as if not paying enough attention.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Previously, we used another solution. We observed that Trend is trying to move all the solutions to Vision One. That is why we decided to transition, and it is working very well.
It gives more visibility. The other solution was focused only on the server or endpoint protection. It did not provide any tracks, just the basics. With Vision One, we can see all the information correlated in one place, which I find very helpful.
How was the initial setup?
The initial setup is very easy. It is not very complicated. Sometimes, the documentation is not updated, but the processes are very intuitive, so it is not that hard.
In terms of the implementation strategy, we first focus on non-critical servers or appliances, and then we move on to critical ones.
It is being used in an enterprise environment at a data center.
What about the implementation team?
The implementation may require two people, depending on the infrastructure and scale. You might need an engineer or an administrator.
For maintenance, there are two people. One person scans and reviews all the information and the other one is from the backup. It requires minimal maintenance.
What was our ROI?
Overall, the visibility and security that it provides are our returns on the investments.
What's my experience with pricing, setup cost, and licensing?
I feel that Vision One is a bit expensive. As for the pricing or licensing, I would rate it a seven out of ten.
What other advice do I have?
I would rate Vision One an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Feb 20, 2025
Flag as inappropriate
Buyer's Guide
Download our free Trend Vision One Report and get advice and tips from experienced pros
sharing their opinions.
Updated: August 2025
Product Categories
Endpoint Detection and Response (EDR) Network Detection and Response (NDR) Extended Detection and Response (XDR) Attack Surface Management (ASM) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Darktrace
SentinelOne Singularity Complete
Microsoft Defender XDR
IBM Security QRadar
Cortex XDR by Palo Alto Networks
Elastic Security
WatchGuard Firebox
Trellix Endpoint Security Platform
Trend Vision One Endpoint Security
Check Point Harmony Endpoint
Buyer's Guide
Download our free Trend Vision One Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?
- What is the best EDR or XDR product for a company with 9000 employees?
- What to choose: an endpoint antivirus, an EDR solution or both?
- Do we need to use both EDR and Antivirus (AV) solutions for better protection of IT assets?
- How does EternalBlue work?
- What are the best on-premise Endpoint Security solutions for a Tech Services company with 10,000 employees?
- Which is better for Endpoint Security: EDR or XDR solutions?