Trend Vision One Reviews

We use Trend Micro XDR to enhance our security framework.

One of our partners was the victim of a major attack, and we realized that our environment was susceptible to the same thing because we were only using an antivirus solution. 

Trend Micro XDR is deployed on-premises, and we use it on our core business servers, clients, and the management portal to protect all of our network nodes from attacks.

Trend Micro Vision One provides centralized visibility and management across protection layers, which is important. It is part of our monitoring tool. The visibility gives us a centralized view of our network nodes, activities, and possible attacks.

The risk index feature plays an important role in our KPIs, which we report to the management team. Our business is dependent on our systems running 24/7.

Trend Micro XDR has helped decrease our time to detect and respond to threats.

Trend Micro XDR has reduced the time we spend investigating false positive alerts by 50 percent.

The most valuable feature is the network protection shield on every server, which isolates attacks and prevents our clients from being affected.

The deployment process could be more streamlined over the existing infrastructure, as it was not as easy as we thought. We are working with an expert from Trend Micro to improve the rollout process, but it has taken some time and we do not yet have a concrete understanding of the issue. There are some features that we have to install repeatedly before they start running.

I have been using Trend Micro XDR for one year.

Trend Micro XDR is stable.

Trend Micro XDR is scalable.

The technical support is good.

Positive

The deployment took six to eight weeks to complete. We had around five part-time people involved in the deployment.

Trend Micro XDR is expensive but we got a good deal from Trend Micro. We pay for an annual license.

Currently, we are researching the question of whether to use Trend Micro XDR when we switch from our classic NPLS internal corporate lines to an SD-WAN solution. Or if we should use an integrated solution from the SD-WAN and firewall provider, such as Palo Alto or Fortinet.

I would rate Trend Micro XDR eight out of ten.

We have 300 people in our organization that use the solution.

Maintenance is easy and done by two people, who update, patch, and install new servers; client-side, they also update user stations and analyze logs.

I recommend Trend Micro XDR. It is user-friendly.

The reason we invested in Trend Micro XDR was to consolidate security operations and monitoring. On top of that, we invested in their managed detection and response service, which they can provide on top of the ETA service, which makes our lives easier. You can say that with it, we need fewer hands.

We're able to gather a more simple view of what was going on in our infrastructure. Before this solution, we used a SIEM system. Trend Micro XDR made monitoring more simple, and we trusted them as a security partner.

It definitely has improved our visibility of all of our ongoing items in the infrastructure. We can get a good overview of what's going on across our network and what our security looks like.  

Having everything under one management console and having them monitored from one place is the most beneficial.

It saves time and we do not have to invest in a lot of products to meet all of our use case needs.

It's quite simple to monitor everything under one console. It makes life simpler for our operations team. 

We have the solution everywhere, including email, network, endpoints, and cloud. This is important to have this coverage. As a former incident response analyst, having visibility everywhere is really important. Having everything correlated into one place increases visibility.

We have centralized visibility and management across our production layers. They are also improving that from month to month. It's important for us. In security operations, the fewer places you need to go to have a look around, the easier it is. Back in the day, we had to open ten different consoles. Now we just open one. 

The most important thing for us as a customer is that we can spend more time in other places as it's simpler to have that overview. We have much more time for other tasks. 

We use the solution's executive dashboards. We like that we can drill down from the dashboards into XDR detections. It helps the C-suite understand. However, it also helps us drill down by allowing us to choose which views we want. 

We have a trial version of the Risk Index. We have a daily look at it and it gives a nice overview of our vulnerability management and what the attack surface looks like. It helps us prioritize our daily tasks. 

The Managed XDR service was great. It helped quite a lot. We had to get used to working with them and they with us, however, now it's quite an easy task and the advisory and alerts we get from them have been helpful. The availability to work on other tasks has helped us improve in other areas. It's positively affected our business. Having this product means that we are improving in a lot of different areas that we also need to focus on. They can do the monitoring better than we can do it ourselves. We don't have the manpower to do it on our own so it helps a lot to have them help with management.

We use the Attack Surface Risk Management capabilities, which are also in the trial period. It's absolutely helped us to identify blind spots in our environment. It made us realize that, for example, users were using their work email for private services such as Netflix or other services that, if they had a data breach, would be an issue. With this, we can reach out to those users and explain to them how to act on the Internet, not to use your work email for private services, et cetera.

It's helped decrease our time to detect and respond to threats. It's likely 80% faster now. It's also helped us reduce the time we spend investigating false positive alerts. They do a lot of the initial work for us and come back with the actions we need to do on our part (if any). It's helped us reduce false positive investigations by 50%.

We're using some of the automation capabilities of XDR. It's helped us save time. At the moment, it's likely helped us save 20% of the time we'd normally spend on manual processes. 

They should increase their potential for third-party integrations. We'd like to see integrations with other IT security vendors that are not currently there. 

I'd like to see central management of all products.

I've been using the solution since it came out, essentially. I've been working with it for eight or nine years.

The solution is quite stable. 

We don't have branch offices, however we have 2200 clients and 800 servers. 

It is easy to scale if you are a bigger organization. We do plan to scale further in the future. 

We have Service One, which includes three-year support. It is 24/7/365 support and they are quite good. 

Positive

Before Trend Micro, we used Splunk. The use case and monitoring were easier with Trend Micro. We found it easier to fulfill our needs using Trend Micro. 

I was involved in the deployment process. Some of it was quite complex. Unfortunately, we had an on-prem environment that wasn't well taken care of. The migration was hard, however, that was more our fault. It could be easier to migrate, however. 

It took us about nine months to fully deploy. 

We already had some products in the cloud, however, we needed to migrate all of our endpoints. The on-premise agent needed to be placed in the cloud and we had some problems as some clients did not have an opening to the internet, et cera. There was some preparation we needed to do. We needed to do some upgrading before migrating. 

There were two to four people performing the implementation. 

The solution requires maintenance and we have a person that manages that. 

We had help from Trend Micro professional services. 

We have noted an ROI. Having them monitor our IT solutions allowed us to have fewer people on the team. It's saved us in man hours. 

The solution is affordable. You do need to pay additional fees for some of the functionalities.

We also evaluated Microsoft's solutions. 

I'm a customer and end-user.

We realized the benefits of the solution pretty fast - within a couple of weeks. We knew the benefits beforehand which is why we chose Trend Micro. The possibility of having the solution monitored by the vendor itself was quite helpful. 

I'd rate the solution nine out of ten. 

I would advise others to prepare your needs beforehand. If you know those, you will know Trend Micros is the right fit for you. It's great. If there's a problem with central management or monitoring, Trend Micros is quite useful. 

We use Trend Micro XDR for endpoint detection, endpoint user protection, and virtual security.

We have deployed Trend Micro XDR across our entire environment, which is important for our organization's threat detection capabilities.

We use Trend Vision One to monitor our environment 24/7. Centralized visibility is very important to me and my management. In addition, management wants to see centralized dashboarding. This is very important.

The centralized visibility and management across our protection layers have improved our efficiency.

The executive dashboard is important to our organization. I use the dashboard each morning and evening.

Trend Micro XDR has helped our organization improve its defenses against external and internal threats.

The Managed XDR service has positively affected our team's workload by providing 24/7 monitoring. This has saved our team 20 percent of their time to focus on other tasks.

The time to detect is under one minute.

The proactive approach is the best feature. When Trend Micro XDR detects a virus in our system, it stops it and secures our branches.

The centralized dashboard has room for improvement.

I have been using Trend Micro XDR for almost two years.

Trend Micro XDR is stable.

Trend Micro XDR is scalable.

The technical support is good. We receive a response within ten minutes.

Positive

We switched to Trend Micro XDR from Kaspersky because it is a better product and we have not faced any issues.

The deployment took one week and required a few people to complete.

Trend Micro XDR is expensive.

I would rate Trend Micro XDR ten out of ten.

We have over 100 Trend Micro XDR users.

We use FireEye, Microsoft Defender, and Trend Micro for our endpoint solutions. Trend Micro.

We implemented Trend Vision One because we have many production servers and wanted to secure all endpoints.

We are planning to move our XDR to the cloud, but all of our production servers are currently on-premises. 

Trend Vision One's ability to cover all our servers is important because we can detect and quarantine any vulnerabilities as well as block and isolate third-party applications from being installed on our servers.

The centralized visibility empowers us to monitor and manage all our servers from a single console. This includes generating reports, deploying security updates, and identifying offline or outdated servers.

The centralized visibility and management across protection layers have helped increase our efficiency. We receive alerts and make changes all from one place.

Trend Vision One helps us protect our servers, specifically our older servers that are not supported by Microsoft.

It has reduced our time to detect by 50 percent.

Trend Micro XDR has reduced the time spent on false positive alerts by up to 40 percent.

The zero-day vulnerability is valuable. As end users, we may not be aware of exploitations and Trend Micro makes suggestions to update to protect our endpoints from attack.

The automation capabilities on-premises could be improved, as we currently have to manually activate servers and push policies.

I would like the uninstall process of agents to require two-step verification.

I have been using Trend Vision One for ten months.

Trend Vision One is stable.

Trend Vision One is scalable.

The technical support is good but we sometimes face delays because they will only respond to our partner who then relays the information to us.

Positive

The migration from on-premises to the cloud allows us to access the cloud and on-premise servers from the cloud. The migration is not complicated but some rule-based ports require a lot of approvals and assistance from our network team.

The migration can be done in a few hours if all the ports are available.

Two people are required for the migration.

We used a third-party service from JVS for the migration.

I would rate Trend Vision One a nine out of ten.

For the on-premises deployment, maintenance is required because we have to manually check the connectivity of the agents. One person is required for the maintenance.

I recommend Trend Vision One, especially for older servers that are not supported by some other endpoint solutions.

Each component that we have purchased from Trend Micro has its own unique value set. But as CISO, the most excitement in my day is when a Zero Day initiative lands. It's one of those things that, by nature, you're generally not prepared for, and the initial reaction of the security team was, "What are we going to do about this?"

When that happened, I suggested we look at our Trend Micro IPS and see if there are any vaccines related to the particular Zero Day, and there were. We enabled those vaccines and we could see, using the ExtraHop appliance, that the issues we were seeing before had been remediated. That particular experience was a predictor of what was to come. Since then, on almost every occasion, we have had a mitigating response in our arsenal to any type of Zero Day attack before the attack actually occurs.

And even when we got into a situation like Log4j and there wasn't anything in our arsenal to deal with it, we called Trend Micro, and they said, "Yeah, we're delivering it right now, but you'll have to install it manually." And I was thinking, "I'll install it while upside down if I have to, but the bottom line is just get it over here." We deployed it and—problem solved. I believe they own that VDI initiative and it's really good that they're so close to it. That is something that has really really made my life a lot easier. Running around with your hair on fire is not fun.

In essence, it has allowed us to get a handle on our security initiatives and planning, and construct security over the long term. We've been working with them for at least ten years.

Their toolset integrates well with our existing infrastructure. It integrates well with our AT&T AlienVault SIEM.

Another piece that makes Trend Micro kind of unique—and I could see where they might have had a problem kicking the whole thing off—is that they were one of the companies, early on, that spent a lot of time integrating their toolsets, and I was really impressed with that. That meant the endpoint management system could reach out to the Deep Discovery system on the network and pick up something that it perceived as a suspicious object. It could then sandbox it and monitor it. If that suspicious entity reached out for command and control or did something nefarious, the endpoints would be alerted and would start getting rid of the problem.

The issue this addresses—and it's one of the most important issues—is that you really have to consider automation and be conscious of it. Because when the stuff hits the fan, you're not necessarily fast enough, as a human being, to get everything done the way it needs to get done—and document the process.

You might not think about that last piece so much when you start doing security engineering. But when you get into a big healthcare company like ours, there are audits going on all the time. The auditors will want to pick out two or three events that you've dealt with and say, "We want to see the audit trail," et cetera. As a result, there are advantages to the integration of Trend Micro's disparate toolsets.

Trend Micro has worked very hard on making their toolsets, like IPS, Deep Discovery, Deep Security, et cetera, talk to each other and work together. And they're still doing it today.

They have made their IPS an application rather than an appliance. You install it on the endpoint, which is a server in your data center, and it will actually configure it to a minimal standard. That means the applications and the version of the operating system you're running, right down to the colonel version, get only the tools installed that are needed for that particular instance.

They minimize the installation because they don't want you looking for bugs and indicators of compromise that you're not in a position to experience because you're using an operating system that isn't vulnerable to them. That gets rid of a lot of overhead when it comes to server management. They keep in mind that these are servers that have a job to do. They're not just desktops, and if they're eating up a lot of the CPU, that's bad for us because we're out to do business and make money. We've never had a problem with them. It's really reliable, once you get it set up.

When you deploy these tools from Trend Micro, the integration and getting them to work together, are among the more difficult pieces of the puzzle. But when you get that set up and working, you're glad you did.

When you manage a security department for a number of healthcare organizations and deploy security into their environments, they want it done today. And they certainly don't want to be bothered with it over the course of a few weeks. We've been in our Cloud One migration for a couple of months now and it isn't our only project. We've got a lot of things going on here and at our subsidiaries, for which I'm also the CISO. It's very busy. We don't have time to sit down and work on projects just for the sake of having the resources to work on them.

When we invest the time to integrate disparate resources, appliances, and applications, we do so with the idea that we're going to get something out of it that is worth more than what we put into it. In each and every case, that's what has happened with Trend Micro.

Still, a lot of folks I know have adopted their technology but have not integrated it. The endpoint management tool sits on the endpoint and manages it, but it's not fully integrated with, for example, the sandbox. So it would be nice if they could simplify the integration process. And I would like to see better documentation.

Another point is that, with Vision One, there were issues that we experienced with the IPS and EDR technologies when we first got it. We had some difficulties figuring out how to make it dance. Once we figured it out, we were okay.

The remediation they put in place for that was to increase the number of presentations they did on the software, presentations where they answered questions. We attend one about every two to four weeks with Trend Micro to go over things, and it's not just us. There are 70 to 100 people in those meetings. They figured out that, while it's okay to build reasonably complex systems, at some point you have to pass the knowledge along to the end-users. That's not always easy to do. Most companies operate under the mindset that, "Well, we understand it, why don't you understand it?"

We started the integration of Trend Micro Vision One three or four years ago.

Trend's gear is very stable and reliable. In this business, it almost has to be because, if your system goes down frequently, you just don't have time to mess with it. In the years we've had their IPS deployed, and that's a complicated product, we may have had one or two failures. And as I recall, it was something in a power supply. If your primary failure is something to do with a power supply once every ten years, you're in good shape.

It's the same thing with all of their technology. The way they design it, just keeps running and that's not necessarily always the standard in the industry. For example, I finally had to abandon IBM's IAM solution because it was so bad. It would just break. We don't have those problems with Trend Micro. Their stuff just works. It's really good and well-designed.

It's reasonably scalable, but remember that, as you're scaling out, some of the components need to be scaled while other components just need to be reconfigured. You don't want to be paying for what you don't need, meaning you don't necessarily have to double everything. When you scale out, you have to give it some thought.

Their tech support people are better than most. In my career, I have seen it all. But Trend Micro support is really good. They're the best vendor I have for support.

Anytime we've had an issue with their gear, they have been prompt and have gotten on it and gotten it fixed. And if they can't fix it, they replace whatever they have to replace.

Another aspect with Trend Micro that is really good is that they listen to what you say. If you come up with a use case that they don't currently have, they'll add it to their repertoire and, a couple of updates down the road, there is that tool you needed. It's just a well-driven and well-run company when it comes to that side of things.

For example, in the beginning, using the dashboard was a little bit tricky. But the cool thing they did was to hold biweekly meetings on it. They would not only go through use cases, but at the end they would ask, "What else would you like to see? How would you enhance this?" Once the CISO community got a hold of that, they were coming with their guns loaded and saying "I'd like to see this and I'd like to see that." And Trend Micro started knocking out the ones that made sense. As of today, it's a completely different ballgame than it was back then. They're constantly upgrading their platforms.

And they don't absolutely have to do large releases to get things into the users' hands. They'll build something out and say, "Hey, we've included this. Try it out and let us know what you think." Most companies would say, "That feature will be in Release 5 and not until that release. Release 5 is slated for May, but it probably won't be out until October." Trend Micro is not like that and we appreciate that.

Positive

We go back quite a way with Trend Micro. When I first met with them, it was a sales guy at Torrey Pines resort who was meeting with individuals. A bunch of CIOs and CISOs were brought together there and put up for a few days to meet with various salespeople. It was a "getting-to-know-you" event and I did it every year. One of the sales guys was from Trend Micro and I didn't know anything about them but I was impressed with his presentation. I thought to myself at the time, "Keep this one in mind. Think about this a little bit."

About a year or so later, when, at the time, we were using the IBM endpoint suite, IBM decided to take it down. It had about five different toolsets, one of which was IBM BigFix, which is a patch management solution that we still have.

They said that if you want to replace them with what was called, at the time, Trend Micro OfficeScan, you can, and we did. When we migrated to OfficeScan to replace the endpoint piece, we realized that the other IBM pieces were all up in the air except for BigFix. We then just blocked out IBM tools for Trend Micro tools, component by component. That worked out really well for us because the Trend Micro toolset was a lot more comprehensive than the IBM tools. And it integrated well with our BigFix infrastructure. It all just worked together. It was a no-brainer. Trend Micro built much better security systems than IBM did.

Once we had OfficeScan in place, we started talking about purchasing an IPS. I generally do a proof of concept when I'm going to purchase something. Trend Micro's TippingPoint IPS system was included in the eval. What I found is that it's not only the best product, but it has the best product support and that really makes a difference.

We're using Trend Micro on just about every front that they work on. They've been a tremendous partner for us, really good.

When we first kicked off the security department here, one of the problems we had was that we were chasing malware up and down the wire. We had McAfee endpoint management software and antivirus at that time, but we couldn't run it because, if we did, it would eventually eat up all the CPU and tip over the desktop.

We were looking for a replacement for that. We took a look at Trend Micro's Vision One technology and we found that they were deeply interested in what they refer to as attack surface management. It integrates the Trend Micro EDR tool that we had and turned it into something that can trace backwards. It could not only detect that an event had occurred, which is what we used to get, but now gave us information about what led up to that event. What sequence of events happened in our platforms that led up to it? We could trace it backwards, and that's the XDR component. They replaced the EDR component and that's when we got into business with Vision One.

Since then, we have deployed the Deep Security and Deep Discovery components. in addition to their IPS TippingPoint and their endpoint. We also have their email security solution in place.

The Deep Security toolset sits in your data center on every server instance you want protected. The operating systems Trend Micro supports are Windows, Linux, Solaris, and AIX. And what do we deploy in our organization? Those four operating systems. I thought, "That is like a message from God himself." I was taken aback by that.

And right now, we are migrating into their Cloud One environment. That takes it to the next level and allows us to take advantage of the analytics that exist in the cloud without having to set up all of the infrastructure to support it. Everything we have remains as is, on-prem, but everything now reports up to the cloud, and that information is enhanced and further aggregated into more meaningful data, which then comes back down into our purview. That's what the Cloud One approach is all about.

They are a pretty cool company and they're really well organized and well managed.

The initial deployment is always the toughest because you've never done it before. You're going to run into issues that you aren't familiar with. As you go from OfficeScan to Apex One, to Vision One to Cloud One, it gets easier every time you do it because you know what's coming.

By then, you already have an established group of people who support you, and who have been supporting you for some time. You're familiar with working with them, you know what to expect and how things are going to roll forward. And you pretty much know what the time frame is going to be. That part is all good.

Vision One is on-prem. We started building data centers a long time ago and I had the honor and privilege of doing that. We built out redundancy at the data center level so there are two of everything. And then you think, "Well, what happens if something happens to the data center?" So we built another one. And then we realized we wanted it somewhere else because we get enough earthquakes in Southern California to know that nothing is safe here. As a result, we built one out in Arizona and we mimicked what we had here and then whammed it all together. So we can fail over here or to the Arizona facility. We essentially have two private clouds that we manage. That got us to where we were about a year ago.

And then, suddenly, there was the idea of moving up into the cloud. We did start working with Azure and AWS to move items into the cloud, but there were some issues with that too.

For example, if we build out a big piece of infrastructure in our data center, we purchase the hardware and then deploy it. All of that hardware is CapEx and you can write off the cost of most of it over a period of years. When you move into the cloud, you don't get that break, and if you're taking advantage of somebody else's infra, they're going to be charging you for that service. While I'm no expert on the cloud, we have put together some cloud-based applications, but, from a financial standpoint, it is really expensive. You don't get that CapEx back into your pocket like you do when you're putting together your own data centers.

Our management still wants to put more stuff up in the cloud, so we'll continue to do that, and Cloud One allows you to do that with the workload security features.

We did it all in-house. I found someone who had already worked in security, within our company, and brought him onto my team. If you can find somebody who has already done this job and understands it, then not only can you have them deploy it immediately, which takes that piece off the table, but they are in a position to start learning other things because they already know the infrastructure that you're deploying really well. At every opportunity that I had to grab somebody who already had experience, and was good with what they did, I did so. It helps to get experienced people.

I've always felt that automation and the integration of platforms were going to be the key to this. 

The reason I felt that way was that I didn't go into security when I got out of school. I was fortunate enough to get a job at the NCR Systems Engineering division. I built and designed microprocessors, and then I built operating system software for the microprocessors. I was exposed to a lot of what's going on in the bowels of the beast. Although the beast changes from company to company, you have an idea of what's actually going on.

I then started my own company and what I learned was that integration of elements is key to your success, as was automation. You need to automate solutions because you don't want a bunch of people trying to fix things if you can automate things and take care of problems.

When we look at the logs from the IPSs, for example, they're blocking hundreds of thousands, and sometimes millions, of packets a day. If we were allowing those packets in, I don't know what would happen, but I don't think it would be good.

Also, I don't have a big staff under me. The idea that, as a chief information security officer, you're going to get a couple of hundred people to go work on things is just not going to happen. So you really have to set things up and configure them for automation, and any kind of alerting has to point to the problem rather than tell you where to start looking.

They have a new pricing method and we haven't been pulled into that yet, which I'm grateful for. It's tough enough dealing with dollars, but with their new solution—and I'm not up on it because I haven't used it yet—you buy tokens or some kind of points and you purchase things with them. We haven't gone there. We stayed with what we had.

From a pricing standpoint, they're a really good negotiator and they'll work with you. At the first Trend Micro conference I attended, there was a presentation to their sales team and they were told, "Do not worry about making money. Just make our clients happy, and the money will come." They're good at that and a lot better than most companies. It's always good to have a good partner.

We looked at the new stuff that IBM was coming out with, which wasn't that new, so they didn't get very far in our evaluation. We also looked at McAfee and another company that was a startup at the time, although I don't remember its name.

I had three or four vendors in for PoCs, and I asked each one of them for someone to support the effort, and to give me about a month. By the time I was done, I not only got the best product, but the best vendor too. The support has to be there during that process or they're not going to win the day. Some of them were as bad as, "Here it is, let us know how it fares." And I was thinking, "Well, I may have a few questions between now and then. I hope somebody is on the phone to answer them," but you don't always get that luxury. But Trend Micro was really good and that's why I stuck with them.

We had a SIEM in place, but we wanted to do some behavioral analysis of the files that are getting deployed. We wanted to check to ensure that it was nothing with the external registration side. We needed an EDR solution for checking and monitoring everything deployed on this target machine or our host machine site. It will check and detect if any malicious files are there or not. We are getting alerts related to that kind of thing. So we used to check those alerts on the XDR, and we used to, like, do the incident and response to that kind of thing there.

If you have a SIEM in place, you will only get the network logs. XDR gives you more control over what files are getting deployed, how they are being executed, and how they can potentially harm your system. XDR doesn't work like a normal antivirus solution, which uses signatures to detect and block threats. XDR detects based on behavioral analysis and blocks most things.

It reduces the investigation time because it gives you everything, including how the file was executed, which processes it called, the file name, the stemming, and the time. When we have the endpoint name, we can reach out directly to the endpoint owners and communicate with them regarding those alerts.

I like XDR's workbench feature and observed attack technique. It generates an alert once certain conditions are met. For example, let's say there's a threat called malicious.exe being deployed on your system. It will generate an alert with information like the file path, location, hash, etc. You also see a relational matrix showing how that file was executed and which processes were installed.

It's a SaaS solution that covers endpoints, email, and cloud. We have agents installed wherever data is being pushed, so it used to give us a payload. Cloud functionality is one of the most critical things because we don't generally have visibility for cloud applications. Once we install the agents, we gain visibility into all the things integrated on the cloud or any SSH attempts.

XDR offers visibility across layers. This is critical when you want to implement some policies and apply exclusions for particular parts of the system that should not get scanned. It's easy to implement those things. Let's say you want to deploy policies for multiple systems. Using Apex Central, you can directly push the policy to various systems and cover the logs of several systems at a time. 

Sometimes, there are some false positives. For example, once a user had a file in their system named recovery.txt. The solution was flagging that as a ransom note, so we were confused. It isn't that serious, but it should be improved. 

Also, XDR should improve its coverage of the latest IOCs. Their suspicious object management works, but the coverage should be improved. It will take one or two months to get those things covered. XDR will detect on a behavioral basis, but these databases will not get updated daily like some other solutions. If you're dealing with new ransomware or malware, it may take around a month before it's covered by Trend Micro. 

I have used XDR for two years.

Trend Micro XDR is stable. We've never had downtime. 

Trend Micro XDR is scalable if you can pay more for licenses. 

I rate Trend Micro support seven out of 10. Their technical support is good. They reply regarding your cases. However, if you don't reply to them properly, they may close your case if you are not reviewing that kind of thing. 

Neutral

 I previously used Crowdstrike, which is an MDR, so it was totally managed by the Crowdstrike team. They were monitoring every alert that was generated, so it's hard to compare it to Trend Micro XDR. It was somewhat similar, but CrowdStrike is more proactive than Trend Micro, and it has greater coverage of IOCs. I have also used SentinelOne.

It's a SaaS solution deployed across multiple locations covering 20,000 endpoints. It doesn't require any maintenance aside from updates. 

I rate Trend Micro XDR seven out of 10. If you plan to implement XDR you should be aware of the IOC coverage and follow up with the Trend Micro team. Most things are covered, but it takes time to add and deploy all that stuff. 

Trend Micro XDR is utilized for security management, and we apply it to our email, network, and endpoints.

Trend Micro XDR is based on its proprietary cloud.

Trend Micro provides us with centralized visibility and management across protection layers, which are important to our organization.

The centralized visibility and management across both layers improve our efficiency by offering central security without the need for extensive management or fine-tuning. Trend Micro is also comprehensive and user-friendly. We have confidence in the results.

The risk index provides us with insights into potentially vulnerable areas or aspects that we may need to double-check to ensure everything is working as expected. In other words, it's a useful tool to obtain a quick overview of parts that could be more exposed to risks and other potential issues.

Trend Micro helps reduce our MTTD and MTTR.

Trend Micro presents results in a comprehensive and easy-to-read manner, which helps reduce the time we spend investigating false positive alerts.

We utilize Trend Micro's automation capabilities for alerting and categorizing emails into specific categories based on their risk level.

Trend Micro XDR is a comprehensive solution that is not overly complex to use or manage. The security results have been quite good.

I would like to have more integration with mobile device management.

I have been using Trend Micro XDR for three years.

Trend Micro XDR is stable.

Trend Micro XDR is scalable. As a small company, the licenses we have are sufficient to meet our needs.

The technical support team is excellent, and they were able to answer our questions to our satisfaction.

Positive

The deployment did not appear to be complex, but it was managed by Pro-Axis, who utilized a large workforce to ensure the swift completion of the deployment.

We engaged an external partner named Pro-Axis to assist us with migrating from Trend Micro on-premises to Trend Micro XDR. Their services were excellent, and we did not encounter any unexpected issues. We were fully satisfied with the migration process as Pro-Axis promptly restored our services.

The pricing is competitive, and the cost aligns with the features we receive. The license fee covers all of our needs.

I give Trend Micro XDR a nine out of ten.

We were initially using Trend Micro on-premises and then expanded our usage by implementing XDR. We were satisfied with the solution and its features, so we made the decision to stick with Trend Micro.

A small team is required for maintenance, which will not impose a significant burden on our IT team.

Our entire organization uses the solution.

I suggest trying out the trial of Trend Micro XDR to assess its suitability for their environment. It can be a good solution for small or medium-sized organizations, but keep in mind that everyone has their own specific requirements.

We use the solution for event correlation.

We are deploying a server inside our network to use it as a data collector.

The solution provides all the information in only one dashboard. We have integrated with Lumen, NETSCOUT, and other MDM products such as Microsoft Intune and ManageEngine MDM. We have also integrated Chrome with VisionOne.

The login system could be improved. We must pass two different dashboards to log in to the solution. We have a second-factor authentication. We need to check the platform, which delays three or four minutes because of logging, checking email, and returning to the platform. If you multiply the entire team, we lose a lot of time daily.

I have been using Trend Vision One for two years.

I rate the solution’s stability an eight out of ten.

I rate the solution’s scalability a nine out of ten.

We have used Symantec before. We switched to Trend Vision because Symantec cut off support for Windows XP. We still have Windows XP in our environment.

The initial setup is easy because our assets are in interactive directory.

We’ve seen ROI because we controlled a malware attack in our network with Trend Micro two weeks ago.

We have tried other malware solutions. We chose Trend Vision because it supports Windows XP.

Overall, I rate the solution a nine out of ten.