Trend Vision One Reviews

We use Trend Vision One as our primary security solution on all endpoints, servers, and clients in our environment. Through third-party integrations, we’ve also connected solutions from other vendors (including VMware and Fortinet).

Trend Vision One has increased our endpoint visibility and reduced attack vectors. We can now identify and respond to vulnerabilities and threats faster. This has reduced our response time by an estimated 25–30%. Vision One provides notifications about specific risks and helps us understand where the general risks lie, enabling proactive mitigation.

With other vendors, we’ve had to manually check for vulnerabilities in products and assess whether those vulnerabilities were relevant. Now, Vision One handles much of that process. It provides detailed information for each user and endpoint about existing risks and how to mitigate them.

I often compare patching vulnerabilities in Cyber Risk Exposure Management (CREM) to playing a game — the goal is to collect as few points as possible. The lower our score, the more secure our environment is. And like in real life, there are ups and downs because new risks arise daily. Vision One is an important tool for communicating risk assessments to management while also helping operational staff understand what risks mean and how to reduce them.

The feature I find most valuable in Vision One is CREM. CREM helps our company identify blind spots. It provides detailed information about the actions and improvements we should take to secure our environment, and gives concrete recommendations about how to resolve vulnerabilities.

As part of our Service One Complete service agreement, we have bi-weekly meetings with a Technical Account Manager (TAM) who advises us on improving security settings and informs us — even between meetings — about new attack scenarios and how to counter them.

It’s hard to pinpoint areas where Vision One could be improved or where additional features are needed. I’ve been working with the solution for three years, and Trend Micro is constantly developing. Sometimes, it’s hard to keep track of all the updates and added features.

I feel that Trend Micro is now better at identifying my needs than I am at recognizing them myself.

Vision One has been in use at the company for three years.

The stability is excellent. In my opinion, performance and availability are both very good.

The scalability of the solution is very good. We have not encountered any limitations as our environment has grown.

I would rate customer service extremely positively. Support responds quickly, and together we’ve been able to solve all challenges in our day-to-day operations. On a scale from 1 to 10, I would rate customer service and technical support a 9 — there should always be room for improvement.

Before Trend Vision One, we used a solution from Kaspersky. The switch was prompted by the German BSI’s security warning regarding Kaspersky's antivirus products.

I was heavily involved in the rollout and deployment of the solution. Implementation was relatively quick and smooth. We used a deployment script distributed to endpoints through our software distribution system.

Our rollout strategy started with a small number of endpoints being configured with antivirus and policies. After reviewing and refining the policies, Vision One was rolled out in phases to the remaining endpoints.

We needed only one staff member for the implementation of Trend Vision One, and that was me.

The investment in Trend Micro Vision One has paid off, although ROI is difficult to calculate. A security solution is like a good insurance policy — ideally, you never need to use it. We haven’t had any incidents so far, and hope it stays that way.

I’ve noticed that the continuous visibility of potential risks has made our environment more secure and has enabled colleagues to respond faster, saving valuable working time.

Before we decided on Vision One, we also evaluated solutions from other vendors, including Microsoft and Fortinet. The differences between the products were not significant — they were more in the details. But since we had already been a Trend partner for 15 years (12 of them inactive), we ultimately decided to return to Trend Micro.

Three years ago, we followed a different concept: two independent security solutions with separate management and reporting. Migrating to Vision One and consolidating everything into one interface gave us a 365° view of our IT infrastructure.

Central visibility of endpoints and vulnerabilities, as well asunified management, brought a new level of focus to IT security and boosted employee awareness.

If you're evaluating Trend Micro, don’t limit yourself to antivirus functionalities. Consider other features as well — especially the Managed Services, (strong technical support), and Cyber Risk Exposure Management capabilities, which I find highly valuable.

Create a centralized view of your IT infrastructure.

Define which features are important or necessary for you.

Get a comprehensive overview when evaluating different security vendors in terms of features and costs — so you’re not comparing apples to oranges.

Foreign Language: (German)

Ermöglicht Teams, Cyberrisiken schnell zu erkennen und zu managen – durch detaillierte Einblicke und kontinuierliche Unterstützung

Was ist unser primärer Anwendungsfall?

Trend Vision One kommt als primäre Sicherheitslösung auf allen Endpunkten (Server und Clients) in unserer Umgebung zum Einsatz. Darüber hinaus sind über die Third-Party Integration auch die von uns eingesetzten Lösungen weiterer Hersteller (u. a. VMware, Fortinet) eingebunden.

Wie hat es meiner Organisation geholfen?

Trend Vision One hat uns geholfen, die Sichtbarkeit der Endpunkte zu erhöhen und den Angriffsvektor zu verringern. Wir können schneller Schwachstellen/Bedrohungen identifizieren und darauf reagieren. Dadurch konnte unsere Reaktionszeit um schätzungsweise fünfundzwanzig bis dreißig Prozent gesenkt werden. Mit Vision One wird man über konkrete Risiken benachrichtigt und lernt, wo die Risiken im Allgemeinen liegen. So kann man aktiv daran arbeiten, diese zu beheben.

Früher mussten wir aus eigener Initiative heraus überprüfen, welche Schwachstellen bei bestimmten Herstellern bestehen und einschätzen, ob diese Schwachstellen für uns relevant sind. Das wird jetzt bereits zu einem großen Teil von Vision One erledigt. Herunter gebrochen bis auf jeden einzelnen Benutzer und Endpunkt wird dediziert angegeben, welche Risiken bestehen und wie diese verringert werden können.

Ich vergleiche die Behebung von Schwachstellen im Cyber Risk Exposure Management (CREM) mit einem umgekehrten Spiel. Es geht darum, so wenige Punkte wie möglich zu sammeln. Je niedriger unser Score ist, desto sicherer ist die Umgebung. Und wie im echten Leben gibt es Höhen und Tiefen, weil es täglich neue Risiken gibt.

Letztendlich ist Vision One ein wichtiges Tool, um einerseits eine allgemeine Risikobewertung für Führungskräfte/ Manager durchzuführen, und andererseits für operative Mitarbeiter, um zu wissen, was dieses Risiko tatsächlich beinhaltet und wie es sich reduzieren lässt.

Was ist am wertvollsten?

Die Funktion, die ich in Trend Vision One besonders wertvoll finde, ist Cyber Risk Exposure Management (CREM). CREM hilft unserem Unternehmen, blinde Flecken zu identifizieren. Diese wichtige Funktion zeigt sehr detailliert und umfassend auf, wo Handlungsbedarf oder Verbesserungspotenzial besteht. Gleichzeitig bietet es den Kollegen konkrete Handlungsempfehlungen, wie Schwachstellen geschlossen werden können.

Ein Bestandteil unseres Service One Complete Service-Vertrages sind zwei wöchentliche Meetings mit einem TAM (Technical Account Manager), der uns berät, wo Verbesserungspotenzial bei den Sicherheitseinstellungen besteht und uns regelmäßig – auch zwischen den Meetings – informiert, wenn es neue Angriffsszenarien gibt und wie diesen entgegengewirkt werden kann.

Was muss verbessert werden?

Bereiche, in denen Vision One verbessert werden könnte oder wo zusätzliche Funktionen erforderlich sind, sind schwer zu bestimmen. Ich arbeite jetzt seit drei Jahren mit der Lösung und Trend Micro arbeitet ständig an deren Weiterentwicklung. Stellenweise ist man gar nicht in der Lage, alle Änderungen zu erfassen oder welche zusätzlichen Funktionen eingebunden werden.

Ich glaube, Trend Micro ist derzeit schneller dabei, meine Bedürfnisse zu identifizieren, als ich sie überhaupt selbst erkenne.

Wie lange verwende ich die Lösung bereits?

Vision One ist seit drei Jahren im Unternehmen im Einsatz.

Was denke ich über die Stabilität der Lösung?

Die Stabilität der Lösung ist sehr gut. Meiner Meinung nach sind Leistung und Verfügbarkeit sehr gut.

Was denke ich über die Skalierbarkeit der Lösung?

Die Skalierbarkeit der Lösung ist sehr gut. Wir sind bisher auf keine Einschränkungen beim Wachstum unserer Umgebung gestoßen.

Wie sind Kundendienst und Support?

Ich würde die Erreichbarkeit und Kompetenz von Service und Support von Trend Micro als sehr hoch bewerten, ich bin sehr zufrieden. Antworten und Lösungen kommen prompt, das Personal ist professionell und auf einem sehr hohen Kommunikationsniveau.

Wie würden Sie Kundendienst und Support bewerten?

Äußerst positiv. Kundendienst und Support reagieren zeitnah. Gemeinsam konnten bisher alle Herausforderungen unseres Tagesgeschäftes gelöst werden.Auf einer Skala von eins bis zehn würde ich den Kundendienst und den technischen Support für Trend Vision One mit einer Neun bewerten. Es muss ja noch Luft nach oben bleiben.

Welche Lösung habe ich vorher verwendet und warum bin ich gewechselt?

Vor Trendmicro Vision One war die Lösung von Kaspersky im Einsatz. Der Auslöser für den Wechsel war die vom BSI ausgesprochene Sicherheitswarnung vor den Virenschutzprodukten des Herstellers.

Wie war die anfängliche Einrichtung?

An der Einführung und Bereitstellung der Lösung war ich maßgeblich beteiligt. Die Implementierung erfolgte relativ schnell und problemlos mit einem Deployment-Skript, welches über das Software-Verteilungssystem auf die Endpunkte gebracht wurde.

Unsere Implementierungsstrategie sah vor, dass zunächst eine kleine Anzahl von Endpunkten mit Virenschutz und Richtlinien versorgt wurde. Dann wurden die Richtlinien noch einmal überprüft und verfeinert. Abschließend wurde Vision One in mehreren Etappen auf die restlichen Endpunkte ausgerollt.

Wie war unser ROI?

Die Investition in Trend Micro Vision One hat sich rentiert, aber der ROI ist schwer zu berechnen. Eine Sicherheitslösung ist wie eine gute Versicherung, die man hoffentlich nicht braucht. Wir hatten bisher keine Vorfälle und hoffen natürlich, dass wir auch in Zukunft keine haben werden.

Ich stelle fest, dass unsere Umgebung durch die permanente Sichtbarkeit von potentiellen Risiken sicherer geworden ist und dass die Kollegen schneller auf diese reagieren können. Das spart vor allem Arbeitszeit.

Welche anderen Lösungen habe ich evaluiert?

Bevor wir uns für Vision One entschieden haben, haben wir auch die Lösungen anderer Hersteller evaluiert, unter anderem die von Microsoft und Fortinet. Die Unterschiede bei den jeweiligen Produkten waren nicht so gravierend, sie lagen mehr im Detail. Aber da wir auch schon seit fünfzehn Jahren Trend Micro Partner sind (zwölf Jahre davon ruhend), sind wir schließlich wieder zu Trend Micro zurückgekehrt.

Welche anderen Ratschläge habe ich?

Wir hatten vor drei Jahren ein Konzept, das einen anderen Ansatz verfolgte. Zwei voneinander unabhängige Sicherheitslösungen, mit jeweils eigenem Management und Reporting. Die Migration zu Vision One mit der Konsolidierung in eine Oberfläche hat zu einer 365°-Sicht auf die IT-Infrastruktur geführt.

Die zentrale Sichtbarkeit von Endpunkten und Schwachstellen und das Management über alle Ebenen hinweg hat noch einmal einen ganz anderen Fokus auf das Thema IT-Sicherheit gelegt und das Bewusstsein der Mitarbeiter für dieses Thema gestärkt.

Wenn Sie Trend Micro evaluieren, beschränken Sie sich bitte nicht nur auf den reinen Virenschutz, sondern beziehen Sie auch die anderen Funktionen in die Betrachtung ein. Insbesondere die Managed Services, der Technical Account Manager und die Cyber Risk Exposure Management Funktionen haben für mich einen hohen Mehrwert.

Schaffen Sie eine zentralisierte Sicht auf Ihre IT-Infrastruktur.

Definieren Sie im Vorfeld, welche Funktionen für Sie wichtig sind bzw. Sie benötigen.

Verschaffen Sie sich einen umfassenden Überblick bei der Evaluierung verschiedener Sicherheitsanbieter hinsichtlich Funktionen und Kosten, damit Sie nicht Äpfel mit Birnen vergleichen.

Welches Bereitstellungsmodell verwenden Sie für diese Lösung?

Private Cloud

Falls öffentliche Cloud, private Cloud oder Hybrid-Cloud, welchen Cloud-Anbieter verwenden Sie?

Verschiedene.

The primary use of Trend Vision One is for its Endpoint Detection and Response and Extended Detection and Response solutions.

To address challenges with our attack surface management, we implemented Trend Vision One.

Trend Vision One's most valuable feature is its endpoint firewall rules.

The centralized visibility and management have been very important to us, as it allows for an effective EDR or XDR solution with central management. Without such solutions, I cannot imagine dealing with problems efficiently. The executive dashboards are used for main reporting and central management, improving readability.

Trend Vision One's attack surface management capabilities are a critical feature that we utilize.

Integration with other tools and deploying in hybrid environments need improvement. The deployment can be complex, and we'd like an easier process, especially when integrating with on-prem and cloud environments.

The high number of false positives in Trend Vision One presents a challenge. Reducing these requires extensive exclusion and allow lists, which are difficult to manage effectively.

I have been using Trend Micro Vision One for one year.

Trend Vision One is scalable.

The technical support is not good. We have to purchase support separately and the engineers are not readily available.

Neutral

We previously used Sophos and Microsoft Defender. For hybrid, we switched to Microsoft Defender due to easier integration with on-prem and cloud. I would recommend Trend Micro for Linux and mixed environments.

The standard deployment of Trend Vision One was straightforward and took approximately 24 hours to complete with two people involved.

Trend Vision One offers a competitive price-to-value ratio.

We evaluated Microsoft Defender and Sophos before switching. Microsoft offers more options for attack surface reduction rules compared to Trend Vision One.

I would rate Trend Vision One eight out of ten.

We have 400 users of Trend Vision One in our organization.

Two administrators are required to manage Vision One.

As a cybersecurity analyst at a managed security service provider, I use Trend Vision One for two of my clients. My primary use cases involve standard XDR functions, such as anomaly monitoring, alert analysis, and incident response. To streamline these processes, I've configured automated response playbooks within Trend Vision One. The insights provided by the platform, mainly through the Workbench and Observe Auto module, are invaluable for understanding my clients' environments and identifying vulnerabilities that need to be addressed.

I work with clients across various industries, including education and power. My education client utilizes Trend Vision One for specific security needs, while my power industry client, an electricity board, has a comprehensive Trend Micro solution in place, including Vision One, Apex One, and Deep Security Manager. With Vision One, I've successfully detected and addressed numerous web attacks, malware attacks, and unauthorized access attempts on production servers in the education sector. For the power client, the solution has effectively detected and blocked multiple ransomware attacks. These are common occurrences and demonstrate the value of Trend Micro's security solutions.

We use Trend Vision One on all endpoints in two scenarios. For one client with on-premises servers and endpoints, we use Trend Vision One as a comprehensive solution. For another client in the education sector, we use Trend Micro Deep Security Management alongside the Vision One XDR platform on their cloud-based Linux servers.

Trend Vision One provides centralized visibility and management across all protection layers. This is crucial for efficiently sharing data with management, both internally and client-side. The platform avoids technical jargon, offering executive summary dashboards and summarized incident reports that clearly communicate security status. This allows for concise and effective communication with non-technical stakeholders, assuring them of their security posture. Trend Vision One's automated dashboards streamline reporting, eliminating the need for extensive manual documentation, which is especially valuable for technical users.

I use executive dashboards to build on threat detection, check for vulnerabilities, and create appropriate responses for individuals or groups of endpoints.

We use the risk index to assess and enroll our risk score. We maintain a low-risk index, which helps both management and me understand our score in relation to global risk factors.

Although I inherited Vision One as a service provider from another team, I eventually began utilizing its full potential and reaping its benefits.

Trend Vision One offers a phishing simulation feature in its cyber risk assessment. I frequently use this tool with my clients to evaluate employee email awareness. It generates comprehensive reports and provides functionalities for easy management.

Attack surface risk management helps identify vulnerabilities and high-risk threats in an environment, but it may also generate some false positives.

Trend Vision One significantly reduces MTTD and MTTR by approximately 50 percent. Its automated playbooks enable an immediate response to detected threats, providing near-instantaneous protection. While manual analysis and reporting of critical errors typically take an analyst up to 15 minutes, Trend Vision One's configured playbooks can automatically complete the same task within two minutes.

I have configured some playbooks to take automated actions on Trend Vision One while detecting some specific alerts or while detecting some specific playbook alerts.

Trend Vision One offers several features that I appreciate. The workbench alerts provide valuable insights into attack chains and relevant information, while Observer techniques give a comprehensive overview of ongoing activities. The platform's automated playbooks streamline incident response, significantly reducing MTTD and MTTR. Additionally, the ability to integrate with various firewalls and data sources, including Trend Micro's suspicious object management, centralizes threat management and simplifies daily security operations and incident response tasks.

Trend Vision One requires several enhancements for optimal performance. The platform should allow users to create custom phishing templates directly within the console and improve logging capabilities to facilitate seamless integration with SIEM solutions. Additionally, it should provide a mechanism for configuring Office 365 Advanced Threat Protection alerts to be displayed within the Workbench for streamlined threat management.

I have been using Trend Vision One for about a year and a half.

Trend Vision One is a stable platform with no significant issues like lagging or crashing.

Trend Vision One is easy to scale up by adding new agents, although the credit system for feature usage is confusing and could be simplified.

I have experience with solutions like Sophos Central XDR and Wazuh, and while they have their strengths, I find Trend Vision One to be a competitive option with a comprehensive range of capabilities.

I would rate Trend Vision One nine out of ten.

The on-premises Trend Micro solutions may require updates.

After deploying Trend Vision One on pilot devices, I recommend exploring the entire portal to familiarize yourself with its features and capabilities.

We use Vision One XDR for our endpoint security. Our company has nearly 4,000 users. We have endpoint cybersecurity agents for which we can use XDR. 
Trend Micro has multiple subscription licenses for individual Vision One components. There are also licenses for XDR for endpoints. We have adopted four packages from Trend Micro: endpoints, workload security, mobile security, and email security gateway.  

We didn't realize the benefits immediately after deploying the solution, but we saw results quickly. When you install Vision One, the policies are set to the default setting. It scans your machines, and you get alerts if someone is attacking, there's a vulnerability that must be patched, or there's a Trend vulnerability you're patching somewhere.

It has reduced our detection time. The detection is quite fast, but the response at the SOC level might take time. Vision One can be used to conduct analysis first. It reduces the investigation time because Trend Micro has an advantage in Pakistan. They have local technical resources deployed here. Organizations can get heavy false positives, but Trend Micro can help you define the policies accurately.

Our primary focus is DLP, and Vision One has solid DLP features. We also use URL filtering and device blocking, and there's telemetry for identifying exploitable vulnerabilities.

It offers us centralized visibility. That's the advantage of Vision One's unified platform with data lake capabilities. They pull telemetry data from the endpoints, network devices, and cross-layered architecture, and Vision One performs filtering and analysis.

Additionally, Trend Micro can integrate third-party tools, such as Fortinet, Cisco, or any other vendor's firewall, to get the logs and alerts from them. Vision One is much more capable in that way.

Having that centralized visibility has improved our efficiency. The organization has multiple tools segregated into separate windows that give you a particular type of visibility. Multiple SOC team members can view the same window. The beauty of Trend Micro is its ability to integrate all of the systems in one cloud platform, right, in terms of Vision One. From your workbench, you can easily monitor and centrally manage alerts. My SOC team is happy with it. 

The risk index feature is a rich view that rates any alert on a scale of 1 to 100 and classifies it as internal or external. Few OEMs can provide that sort of capability. The index ratings provide a window into device health and how alerts can be resolved. 

The attack surface management is a fantastic feature with a proactive approach. Normally, organizations do pen testing quarterly or once a year, but attack server management proactively checks user authentication or changes in your environment. 

Vision One's functional capabilities are excellent, but the platform can be upgraded and simplified in many ways. We use multiple playbooks to automate many things, but I'm not sure there are mature cybersecurity applications. There are several external alerts, and their behavior changes daily, so I'm not sure automation can help you that much. We're using the playbooks, but it might require some improvement.

We have used Vision One for two and a half years. 

I rate Trend Micro support eight out of 10. They stick to the SLA and respond on time. They are cooperative and supportive. I'm very satisfied.

Positive

We have evaluated multiple vendors, and Trend Micro is among the best. You cannot have a typical apples-to-apple comparison. There are a lot of things which we need to compare. Other tools may not be at the network level or have the third-party integration that Vision One has.

Deploying Vision One is easy. You can deploy it with a few clicks and configure the policies or use the default ones. It's flexible and user-friendly, and there are no headaches. The deployment time depends on your environment. If you have thousands of endpoints, it takes some time, but it's just a few minutes if you have a couple. 

Trend Micro is pricey, but it has more capabilities than a standard XDR, so the customers consider it reasonable. The market has accepted it. Trend Micro has a 64 percent share. 

I rate Trend Vision One nine out of 10. 

Its main purpose is orchestration where I have full visibility into all the different Trend Micro products I use, and it is all centralized in a single dashboard. There is ease of use with this centralized dashboard. With this centralized management, I can dive into technicalities, and I am able to do all my workbench investigations. It is quite clear, and I do not have to sift through different logs. It makes our work so easy when we need to respond to or remediate a particular issue.

The main problem that we wanted to solve by implementing Trend Vision One was the blindspots. We tend to focus on endpoints, but we forget IoT devices such as printers and CCTV cameras. This is where we had serious blind spots simply because these devices do not have an operating system. For us, it was just about eliminating these blind spots. That was our number one focus.

It has been exceptional. If you look at the evolution of the Trend Micro products up until Vision One, you can see that they do what they say they do. It has worked for me so well. That is why I have had it all these years.

We have protection against zero-day threats. One of the things that pushed me towards Trend Micro was the fact that they have the R&D for the zero-day initiative. They are a pioneer in terms of classifying CVEs. It gives me comfort. When you go and check the workbench or the report, you can see the type of exploits that it was able to detect, which have even been classified as CVEs.

Apart from the things that I do in IT, my responsibility is to protect my company's assets. I am able to safeguard my data against ransomware. The company does not have to worry that they can be held at ransom. The assurance that they do not have to pay just to get their data back makes it easy to sleep at night.

We have a single console for cross-layer detection, threat hunting, and investigation. We have what we call the executive dashboard. This is what I share with the C-suite. It is quite easy for me to break down cybersecurity in a business way, and then, of course, we have the operational dashboard and the security dashboard where I centralize all the products into one single pane. From an orchestration point of view, I love Trend Vision One. We are able to orchestrate all of our different products from one single dashboard.

Trend Vision One provides visibility into different products. I have a 360-degree view of my entire IT infrastructure, which helps me understand my threat landscape and the way it looks. The beauty of it is that it has metrics. I can see how I am performing as compared to 30 days or 7 days ago in terms of the risk indicator. Is it going up or is it going down? This is important for me because I am able to forecast and anticipate behaviors or patterns from the people perspective and the process perspective. I know what I need to do and train people on, and in terms of processes, I know what I need to do to clean up my policies. In terms of technology, I can assess if there is any other thing of Trend Micro that I need to supplement to make sure I am fully protected.

Our response is instantaneous. I do not have an exact percentile in mind when it comes to the reduction in the response time, but our response is instantaneous.

I have integrated it with my NUC, my firewall, and my database monitoring tool. Trend Micro has a feature for virtual patching through Trend Micro TippingPoint. It instantaneously does the patching and cascades them across. Apart from what we call scheduled patching, on-demand patching is a part of their product features.

Trend Vision One is very easy to learn. This is the second organization where I am using this Trend Micro solution. When I introduced it, my team did not know about Trend Vision One, but within a month, simply with the help of the business portal where we have the e-learning, they were fully skilled and even certified at the entry-level of Trend Micro. Their feedback was that it was quite easy for them to adopt.

Trend Vision One is not at all difficult to administer.

We have seen a reduction in viruses and malware since implementing this solution. They provide you with the metrics for risk posture. You can see the reduction in your threat landscape. It goes granular to the point of telling you which type of malware or threat you are exposed to and the reduction. It is very definitive from a percentile marking. In my previous organization, we saw about a 75% reduction when we rolled it out. We were previously using something else there.

It reduces administrative overhead. I stopped adding additional headcounts from a security analyst and a security officer's point of view. It helps me reduce the overhead. On average, considering the annual wage of a security analyst, there is a reduction of about 7,000 dollars per annum.

I use Trend Micro's managed XDR services in conjunction with Vision One Endpoint Security. It reduces overhead. It is a fully-fledged managed service, so I do not need to have the business invest in an in-house SOC. It is a whole lot cheaper.

From an automation point of view, I find the ability to curate and deploy playbooks very helpful. I find that very convenient for us. It gives away the manual process. There is the ease of use.

I love what they have done with their Trend Companion AI, where it becomes so easy to have it do something for you instead of sifting through different tabs. So, the automation element and their new AI feature are top-notch for me.

I find the virtual patching that they offer superb.

There should be a bit more dynamism when it comes to their playbooks in terms of the action triggers. That is the only thing that I would want to see a bit more. There should be a bit more dynamism, especially when you are creating your own playbook. This is something I have also discussed with Trend Micro.

I have been using Trend Vision One since 2020 when it was rolled out. I have been using Trend Micro products since 2015.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

I would rate their support a ten out of ten.

Positive

I have used a plethora of other solutions. I moved to Trend Vision One for multiple reasons:

• The ability to do what the solution says it does
• The ability to orchestrate all different solutions into one single pane
• The ability to have automation when it comes to detecting and responding to threats

It is deployed on the cloud. For me, the deployment was easy. For the endpoints, we just did a GPO push through Active Directory. For the cloud, we used just simple tenancy APIs and we were good to go.

It took us a week simply by virtue of how big the organization was.

In the IT team, there are 10 people working with this solution. We also have other departments such as risk and audit that use it. Overall, there are about 20 people directly working with it. The remaining are users for whom it just works silently in the background.

The maintenance is not done in-house. It is handled 100% by the OEM. They do share notifications, but we as users do not feel it, so whatever maintenance is required is handled 100% by the OEM. That is the beauty of a cloud service. You are not overly bothered by it.

In my previous company, over the four years, I believe we had seen about 81% ROI.

There are cost reductions because of the simple fact that I have automation. It means that I do not need to spend a whole lot on headcount for security analysts. From a commercial point of view, it has helped me reduce my operational costs, and then there are also security cost reductions because of the fact that it is automated and it responds in real time.

When I compare it to its peers that can do the same, it is cost-effective.

The evolution has been great. When I started using Trend Micro Vision One, the product feature was what they used to call business worry-free. It has evolved from an EDR to a fully-fledged XDR. You can see that the R&D is putting in work, and there is evolution. In terms of product coverage, they do not look at only endpoint protection. Right now, we have bespoke server protection. We have cloud asset protection and email security. You can see the growth of Trend Micro when it comes to its cybersecurity offering.

Based on my experience, I would recommend this solution. The ease of use, elimination of overhead, and return on investment are the reasons why you should have this solution.

I would rate Trend Vision One a ten out of ten.

Vision One access supports multiple modules, including endpoint protection, the XDR module, and the Cloud One module, which are the ones that particularly caught our interest.

We have been doing a proof of concept for Trend Vision One to assess its capabilities as a cybersecurity solution. Vodafone is partnering with Trend Micro to offer security services and products to our customers to secure their environments, similar to a SaaS solution. We are exploring it as a partnership opportunity to provide enhanced security solutions to our customers.

We conducted a POC and tested multiple use cases by downloading malicious files and observing their behavior. Trend Vision One successfully detected and blocked all threats, including malicious files, scripts, and even dormant scripts that later became active. All these threats were stopped at the endpoint level, demonstrating that Trend Vision One effectively defends against malware, ransomware, and malicious scripts.

Trend Vision One incorporates a machine learning agent designed to defend against advanced threats, such as zero-day attacks. This agent monitors endpoints for malicious activity and, if detected, automatically quarantines the affected machine to conduct further analysis.

It employs machine learning to quarantine devices during ransomware attacks, however, this functionality has not yet been tested.

Trend Vision One provides a single console with a unified dashboard that consolidates information from our entire environment.

The single console provides end-to-end visibility into our IT security environment. We tested the endpoint security, and the SDR performed exceptionally well, providing a clear topology and metrics of our environment. This allows us to monitor the status of each node within our network.

The Trend Vision One platform was integrated with a Linux-based Service Engine to facilitate integration with third-party IT security solutions.

Learning to use Trend Vision One was straightforward, thanks to the helpful courses available on their portal and the excellent support provided during product introduction.

Administering Vision One endpoint security is easy through the single console.

We successfully tested Trend Vision One in a hybrid environment, with components deployed both on-premises and in the cloud.

Trend Vision One offers virtual patching to protect against vulnerabilities while vendors develop permanent patches. This is crucial because vendor patches can be delayed, leaving systems exposed. Virtual patching provides immediate protection, acting as a temporary shield until the official fix is released.

Since we are still in the testing phase, we have not yet seen a reduction in viruses or malware. However, we anticipate potential improvements in security operations across hybrid environments if implemented fully.

Trend Vision One's greatest assets are its cloud-based platform and credit-based purchasing system, which eliminate the need for traditional licensing and procurement processes, enabling quick product acquisition within one or two days. Trend Micro's strong reputation and excellent threat intelligence further enhance the platform's value. The analytics are also good, particularly the XDR and cloud assessment tools, which correlate logs and information to consolidate alerts for the SOC team.

One area that requires improvement is the installation process of the agents, as it is not seamless. The installation sometimes requires multiple troubleshooting steps and is not straightforward.

We have been conducting the POC of Trend Vision One for approximately three to four months.

There were no major issues with stability, no bugs, glitches, or errors, except for the challenges faced with agent installation. I rate the stability of Trend Vision One eight out of ten.

I rate the scalability of Trend Vision One ten out of ten.

We did not engage with customer support during the POC phase, so we cannot provide feedback on that aspect at this time.

Positive

For endpoint protection, we have used Microsoft Defender and Cortex XDR. We encountered issues with those solutions, but Trend Vision One seemed to address these concerns effectively.

The initial setup was not complex. The prerequisites were set first, allowing integration to be completed in about a week.

The pricing is mid-range, neither cheap nor overly expensive. The cost is considered fairly priced.

I would rate Trend Vision One nine out of ten.

Our team from our organization includes three members involved in the POC testing.

I recommend Trend Vision One to other users based on our experience during the POC phase.

We use Vision One XDR to provide managed security services to our clients by correlating logs from various Trend Micro products like Apex One, Cloud One, and Deep Security. Vision One acts as a central monitoring platform, providing a single pane of glass view of our clients' security posture. This simplifies monitoring and allows us to easily create playbooks and analyze alerts. While our EDR solutions, Apex One, Cloud One, and Deep Security provide robust security features like anti-malware, web reputation, and intrusion prevention, Vision One enhances this by correlating logs and leveraging threat intelligence to identify incidents missed by these individual products. Essentially, Vision One functions like a level three SOC analyst, providing an additional layer of protection and ensuring comprehensive security coverage.

Trend Vision One's centralized visibility and management are crucial for our managed security services because they reduce the overhead required for monitoring. As an XDR solution, it performs many of the tasks an analyst would typically handle, streamlining our workflow and allowing us to focus on in-depth analysis when needed. This reduction in workload is a significant benefit, enabling us to efficiently provide comprehensive security services to our clients.

The executive dashboard is a valuable tool for analyzing the threat level of specific assets, particularly for generating end-of-month reports that detail threat and alert volumes, and highlight high-security risks. This comprehensive analysis helps customers understand their security posture and take appropriate action to strengthen their defenses. However, it's important to note that the dashboard's usefulness may vary depending on the individual customer's needs and priorities.

The risk index is a useful tool that provides benefits, but its value depends on the specific needs of the customer. Some customers may utilize the risk index to identify assets with high-security risks, allowing them to address vulnerabilities and implement necessary patching. However, other customers may rely on alternative sources for vulnerability visibility and, therefore, may not prioritize the risk index. While not always a primary focus, the risk index remains a valuable resource.

Trend Vision One provides immediate benefits upon deployment. Its built-in XDR, which includes EDR functionality and integrates with existing security models like Apex One, Cloud One, or Workload Security, allows for seamless provisioning of endpoints and workloads. Rigorous testing confirms that Vision One effectively identifies and correlates alerts, including those missed by other EDR solutions. This enhanced detection capability is evident during post-deployment testing, as Vision One Workbench alerts are generated immediately.

We use Trend Vision One to consolidate security across hybrid environments.

We use attack surface risk management and often customize it in our reports to meet client needs. This service helps identify vulnerabilities and blind spots in their environments. For instance, we assisted a customer experiencing recurring attacks due to unknown vulnerabilities. Our attack surface management analysis provided the data to identify and patch these critical vulnerabilities, ultimately enhancing their security posture.

Vision One XDR significantly reduces threat detection and response time by automating the analysis typically done by a level two or three analyst. It provides a comprehensive view of the environment, incorporating behavioral analysis and intelligence sources to quickly identify unusual activity. This eliminates the need for manual investigation of logs and data, allowing analysts to focus on addressing actual threats. The XDR's automated workbench triggers alerts with a high degree of accuracy, minimizing false positives and further streamlining the security process.

We use security playbooks for certain low-level security alerts because many of these alerts, despite the large volume of data they represent, do not require significant time or attention. Playbooks are particularly useful in these situations as they automate the process of blocking the source or IP address associated with the alert.

Vision One offers several features I value. 

The threat intelligence sources enable it to automatically block domains known for command-and-control callbacks, effectively preventing attacks from those sources. 

Additionally, the security playbooks provide templates to block URLs or scripts, enhancing endpoint protection. 

Finally, the console allows for remote connection to endpoints, enabling direct investigation and remediation within the customer's environment. This flexibility and comprehensive functionality make Vision One a valuable tool.

Trend Micro is making many improvements, including addressing some of our feature requests. However, their reporting functionality needs improvement. The reports lack detail and customization options, particularly for XDR, which hinders our ability to provide tailored reports to clients. For example, we cannot generate reports on threat intelligence data from XDR, making it difficult to assess the protection received from external sources. This limitation also prevents clients from seeing the total value of XDR, including external factors contributing to their security posture. Threat intelligence is crucial, and clients want to understand its impact. Therefore, enhancing report customization, especially for XDR, would be a significant improvement.

I have been using Trend Vision One XDR for one and a half years.

Lagging does happen in Trend Vision One but it is infrequent and does not significantly disrupt operations. This is typical for many SaaS platforms and not a major issue.

Trend Vision One is scalable, allowing for flexibility from four licenses to a hundred or more, depending on how much or how fast scaling is needed.

The experience with customer service can vary depending on the case. Simple issues might involve referring to KB articles for resolution, while more complex issues might need backend support, which can take time. Overall, my experience has been positive.

Neutral

Trend Vision One is easy to set up and can potentially be handled by one person. However, teamwork is preferred to ensure accuracy, catch potential errors, and maintain a high standard of service.

Trend Micro's licensing is outsourced to third-party vendors, resulting in price variations depending on the vendor. Since Trend Micro doesn't directly handle pricing, I cannot provide specific cost details.

Trend Vision One XDR is an excellent security product that deserves a ten out of ten rating. It's surprising that more companies haven't adopted XDR, given its advantages over traditional SIEM solutions. XDR automates tasks like configuration, signature creation, and rule implementation, significantly reducing the manual workload required with SIEM. While I expect a shift towards XDR, many companies still rely on SIEM, which seems inefficient in comparison.

We use it for analytics. We check all the maps and communications when there is an incident or an issue. It is very helpful for analytics.

Trend Vision gives a lot of visibility. If you have a big environment, you can use it to see logs or events. It gives more visibility into what is going on in your infrastructure.

Last year, we experienced an attack attempt, and it gave us a lot of visibility. We were able to track the source and all the processes that were involved during the attack. For security, it is very good.

Trend Vision One has helped reduce our time to detect and respond to threats by 30% to 40%.

I find the maps particularly helpful. The object list, specifically the suspicious object list, is also quite valuable. You can simply add one object to that list to manage it from another solution.

It gives comprehensive visibility. It is very good. It gives a lot of visibility into all layers such as layer three or layer seven. It helps with monitoring the endpoints, including all the desktops and processes or communication between servers.

I believe that the interface could be more user-friendly. At times, it is challenging to locate certain features, and they need to reorganize the user interfaces.

I have been using the solution for one year.

I would rate their customer support a five out of ten. They sometimes do not give enough attention to the tickets. Even when I update a ticket or a case, they ask the same questions that I have already answered. I explain my problem, and they respond as if not paying enough attention.

Neutral

Previously, we used another solution. We observed that Trend is trying to move all the solutions to Vision One. That is why we decided to transition, and it is working very well. 

It gives more visibility. The other solution was focused only on the server or endpoint protection. It did not provide any tracks, just the basics. With Vision One, we can see all the information correlated in one place, which I find very helpful.

The initial setup is very easy. It is not very complicated. Sometimes, the documentation is not updated, but the processes are very intuitive, so it is not that hard.

In terms of the implementation strategy, we first focus on non-critical servers or appliances, and then we move on to critical ones.

It is being used in an enterprise environment at a data center.

The implementation may require two people, depending on the infrastructure and scale. You might need an engineer or an administrator.

For maintenance, there are two people. One person scans and reviews all the information and the other one is from the backup. It requires minimal maintenance.

Overall, the visibility and security that it provides are our returns on the investments.

I feel that Vision One is a bit expensive. As for the pricing or licensing, I would rate it a seven out of ten.

I would rate Vision One an eight out of ten.