Normally, we use the solution for day-to-day investigations. We get alerts when something is going on in the environment. Right now, we are using that tool for the asset management team to identify services or applications that are not allowed for governance and all of these purposes. In addition to that, we use it for isolating devices. We also have a service with them, an MDR service. They analyze information, and they do investigations for us as well.
Senior IT Security Analyst at a manufacturing company with 10,001+ employees
Great support, easy to set up, and offers good visibility
Pros and Cons
- "The search features help us try to correlate information and identify any suspicious activity."
- "We do use the automation capability a little. However, we noticed some limitations, especially on the playbook side."
What is our primary use case?
How has it helped my organization?
Mainly, we were concerned with the visibility of the environment. We didn't have a tool that was able to allow us to see or have visibility of what the endpoints were doing on the servers in the environment. That was the main reason to adopt this solution - to have visibility on the environment as, in the past, we didn't have that capability.
What is most valuable?
The isolation of devices has been really important. We like all the attack surface-managed NPEs. It's helping us to identify devices and protect us on the network. That's in combination with third-party integrations as well. We have integrations that are helping us to identify devices using our vulnerability management services. It's scanning the network and it's sending all that data to VisionOne. With that information, we identify devices that are protected on the network and the environment.
The reports are a really good feature for showing results to upper management levels.
The search features help us try to correlate information and identify any suspicious activity. That's another feature that has been really important.
We are using it everywhere except for the network, so we don't have the network discovery service from Trend Micro. However, we have it on endpoint servers and email and also the cloud as well. We use cloud conformity to connect that piece.
Trend Micro has a feature called Vision One, that provides us with centralized visibility management across all protection levels. That's helping us to have a centralized view of the console. That's the main reason why we still have that product.
Centralized visibility is important. When we are doing investigations, we can do everything in one console instead of moving to different screens or different windows. The centralized visibility and management across these protection levels helped with our efficiency. It helps us to identify quicker, any potential threat, or any special activity.
They have this feature called Risk Index which I use sometimes to validate the level of rates we have. We don’t use it often - maybe once every one or two weeks. We use it to rank our security operations overall. Mostly, we just check it out of curiosity.
We use the Managed XDR service that they have. It relieves a lot of workload especially during investigations or interim reports about any particular activity - especially with the coverage after hours. It is helping us with the capability there. Also, if something really bad is happening, we have eyes watching all the activity, which is nice.
Using this Managed XDR service enables our team to work on other tasks - especially when we, in certain ways, allocate some of the investigation pieces. We basically create a request for them to investigate things, and that allows us to focus on other things to optimize our security toolset. That's really helpful.
We use the attack surface risk management capability they have. We use that heavily right now. It was a big use case in the past few months. We use it to identify multiple devices without protection, the applications that have been used by our users, and which ones are risky. We are using that on a regular basis. It's helped us identify blind spots and more assets. It's positively affected our security posture by improving a lot of our visibility.
XDR helped us decrease our time to detect or respond to threats. In the past, we didn't have that visibility. When we enabled that tool, at the beginning, it was a little bit noisy. That's something to be expected coming from a new tool. However, after testing through these years, things are improving, and now we can see better results, especially during investigation alerts.
The solution has helped us to reduce the amount of time we spend investigating false positive alerts. In the beginning, there was a large amount of false positives. Right now, we are day to day trying to reduce them. At this point, they are lower compared with the beginning of the implementation. Things are improving. We are reducing false positives as we go which is great.
What needs improvement?
We do use the automation capability a little. However, we noticed some limitations, especially on the playbook side. The API we use. We are integrating that with another product, a SOAR product. The playbooks are a little bit limited in what they can do at this point. Let's say that we want to connect on a specific API. The templates we cannot modify very well. When we noticed that limitation, we decided to go and use Trend Micro VisionOne API and connect it to other tools to develop that activity using another product.
Under attack surface management, when you go to the specific sites or applications that the users are accessing, the capability of downloading that report could be better. Let's say, as an example, we want to identify users using chatGPT, for example. We want to download that data through an API or through the GUI. Right now, it's not available as an option. Maybe having the capability of extracting data from VisionOne for specific areas of the tool could work. That's something that could be useful, especially if we want to generate that report and send it to specific teams. Often, we don't want to provide DX to all the people. Sometimes it's easier to just have that file and share that file with the people who need to have that information.
Buyer's Guide
Trend Vision One
March 2025

Learn what your peers think about Trend Vision One. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
849,190 professionals have used our research since 2012.
For how long have I used the solution?
I've been using the solution for around three years now.
What do I think about the stability of the solution?
The stability is good. It's not very common to have any outages. Sometimes there may be a glitch, however, it's rare. Normally we have 95% stability.
What do I think about the scalability of the solution?
The scalability is good, especially when we are talking about third-party integrations. We can have visibility and control of all different assets. So we can have good scalability and visibility and know more about the environment in places where we didn't have any idea things were happening. It's a SaaS tool, and we don't have to do any maintenance, and it's easy to deploy. It's pretty straightforward.
How are customer service and support?
When we have specific issues or problems connecting some products we ask for support. They respond really fast. They always try to mitigate and resolve all the issues we have. If they cannot resolve the problem, they normally share some suggestions on how we can mitigate future problems.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did not use other solutions, although we did use Apex One for a long time. We have also used an EDR product.
How was the initial setup?
I was involved in the deployment. I was the one leading the data during the implementation. The process is pretty straightforward. It was a little tricky to reduce the false positive alerts, however, the portion of deploying to the environment and connecting the pieces was simple.
From our side, we had three or four people involved in the implementation.
What about the implementation team?
We had some help with the deployment and we had some guidance in the beginning. We requested some support from our account manager.
What's my experience with pricing, setup cost, and licensing?
The pricing is good if you look at all the compatibilities and features offered by the product. There are features that can increase the pricing. We can put some credits to some features, however, if we want to enable them. With the amount of credit we have, we are covered for all of our needs.
What other advice do I have?
I'd rate the product eight out of ten.
It is a really good product and easy to deploy. They allow you to have more visibility on your environment, especially if you have any kind of XDR solution. It will increase the visibility of what's happening in the environment. Also, from the perspective of doing maintenance updates or patches, the cloud is the way to go. The product management team does a really good job of increasing the features, and they are listening really closely to what the customer needs via feedback.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

System Administrator at a financial services firm with 10,001+ employees
Provides a centralized dashboard, protects older servers, and reduces our time to detect
Pros and Cons
- "The zero-day vulnerability is valuable."
- "The automation capabilities on-premises could be improved, as we currently have to manually activate servers and push policies."
What is our primary use case?
We use FireEye, Microsoft Defender, and Trend Micro for our endpoint solutions. Trend Micro.
We implemented Trend Vision One because we have many production servers and wanted to secure all endpoints.
We are planning to move our XDR to the cloud, but all of our production servers are currently on-premises.
How has it helped my organization?
Trend Vision One's ability to cover all our servers is important because we can detect and quarantine any vulnerabilities as well as block and isolate third-party applications from being installed on our servers.
The centralized visibility empowers us to monitor and manage all our servers from a single console. This includes generating reports, deploying security updates, and identifying offline or outdated servers.
The centralized visibility and management across protection layers have helped increase our efficiency. We receive alerts and make changes all from one place.
Trend Vision One helps us protect our servers, specifically our older servers that are not supported by Microsoft.
It has reduced our time to detect by 50 percent.
Trend Micro XDR has reduced the time spent on false positive alerts by up to 40 percent.
What is most valuable?
The zero-day vulnerability is valuable. As end users, we may not be aware of exploitations and Trend Micro makes suggestions to update to protect our endpoints from attack.
What needs improvement?
The automation capabilities on-premises could be improved, as we currently have to manually activate servers and push policies.
I would like the uninstall process of agents to require two-step verification.
For how long have I used the solution?
I have been using Trend Vision One for ten months.
What do I think about the stability of the solution?
Trend Vision One is stable.
What do I think about the scalability of the solution?
Trend Vision One is scalable.
How are customer service and support?
The technical support is good but we sometimes face delays because they will only respond to our partner who then relays the information to us.
How would you rate customer service and support?
Positive
How was the initial setup?
The migration from on-premises to the cloud allows us to access the cloud and on-premise servers from the cloud. The migration is not complicated but some rule-based ports require a lot of approvals and assistance from our network team.
The migration can be done in a few hours if all the ports are available.
Two people are required for the migration.
What about the implementation team?
We used a third-party service from JVS for the migration.
What other advice do I have?
I would rate Trend Vision One a nine out of ten.
For the on-premises deployment, maintenance is required because we have to manually check the connectivity of the agents. One person is required for the maintenance.
I recommend Trend Vision One, especially for older servers that are not supported by some other endpoint solutions.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Trend Vision One
March 2025

Learn what your peers think about Trend Vision One. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
849,190 professionals have used our research since 2012.
Head of IT at a financial services firm with 11-50 employees
A comprehensive solution that is not overly complex to use or manage
Pros and Cons
- "Trend Micro XDR is a comprehensive solution that is not overly complex to use or manage."
- "I would like to have more integration with mobile device management."
What is our primary use case?
Trend Micro XDR is utilized for security management, and we apply it to our email, network, and endpoints.
Trend Micro XDR is based on its proprietary cloud.
How has it helped my organization?
Trend Micro provides us with centralized visibility and management across protection layers, which are important to our organization.
The centralized visibility and management across both layers improve our efficiency by offering central security without the need for extensive management or fine-tuning. Trend Micro is also comprehensive and user-friendly. We have confidence in the results.
The risk index provides us with insights into potentially vulnerable areas or aspects that we may need to double-check to ensure everything is working as expected. In other words, it's a useful tool to obtain a quick overview of parts that could be more exposed to risks and other potential issues.
Trend Micro helps reduce our MTTD and MTTR.
Trend Micro presents results in a comprehensive and easy-to-read manner, which helps reduce the time we spend investigating false positive alerts.
We utilize Trend Micro's automation capabilities for alerting and categorizing emails into specific categories based on their risk level.
What is most valuable?
Trend Micro XDR is a comprehensive solution that is not overly complex to use or manage. The security results have been quite good.
What needs improvement?
I would like to have more integration with mobile device management.
For how long have I used the solution?
I have been using Trend Micro XDR for three years.
What do I think about the stability of the solution?
Trend Micro XDR is stable.
What do I think about the scalability of the solution?
Trend Micro XDR is scalable. As a small company, the licenses we have are sufficient to meet our needs.
How are customer service and support?
The technical support team is excellent, and they were able to answer our questions to our satisfaction.
How would you rate customer service and support?
Positive
How was the initial setup?
The deployment did not appear to be complex, but it was managed by Pro-Axis, who utilized a large workforce to ensure the swift completion of the deployment.
What about the implementation team?
We engaged an external partner named Pro-Axis to assist us with migrating from Trend Micro on-premises to Trend Micro XDR. Their services were excellent, and we did not encounter any unexpected issues. We were fully satisfied with the migration process as Pro-Axis promptly restored our services.
What's my experience with pricing, setup cost, and licensing?
The pricing is competitive, and the cost aligns with the features we receive. The license fee covers all of our needs.
What other advice do I have?
I give Trend Micro XDR a nine out of ten.
We were initially using Trend Micro on-premises and then expanded our usage by implementing XDR. We were satisfied with the solution and its features, so we made the decision to stick with Trend Micro.
A small team is required for maintenance, which will not impose a significant burden on our IT team.
Our entire organization uses the solution.
I suggest trying out the trial of Trend Micro XDR to assess its suitability for their environment. It can be a good solution for small or medium-sized organizations, but keep in mind that everyone has their own specific requirements.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jr Cybersecurity Engineer at a tech services company with 51-200 employees
Helps save investigation time, reduces false positives, and provides real-time analysis
Pros and Cons
- "I appreciate the value of real-time activity monitoring."
- "While blocking an IP address restricts access for 30 days, it eventually becomes accessible again."
What is our primary use case?
We use Trend Vision One for real-time analysis and monitoring to identify the root cause of security incidents. This includes finding details like how the attack unfolded, user names involved, IP addresses associated with the attack, and the affected systems and devices. By analyzing this information, we can map out the entire attack flow chart.
How has it helped my organization?
The network coverage provided by Trend Vision One is important.
Trend Vision One is an XDR tool so it is important for us that it provides centralized visibility and management across protection layers.
Centralized visibility and management across protection layers enable real-time monitoring, which improves our efficiency.
While the Trend Micro Vision One executive dashboard provides a valuable overview, the ability to drill down from that level into the XDR detections is crucial. During a real-time attack, this drill-down functionality is essential for identifying the root cause, prioritizing the threat type, and ultimately finding an effective solution.
Trend Micro Vision One's greatest strength lies in its real-time monitoring and analysis capabilities. This allows for the seamless blocking of malicious URLs and attacks.
The managed XDR has saved us time allowing us to focus on other tasks.
The managed XDR helps us detect and respond to threats in under five minutes. It will display all the details in a single, unified view, including any alerts, trends, usernames, and everything else relevant. By simply looking at the tag data, we can get a complete analysis. This eliminates the need to switch between different screens and saves us significant time. For example, if we see a flag, we can immediately understand its meaning and the associated location without having to search for it elsewhere. Having all this information on a single page is a huge time saver.
Trend Vision One helps reduce the time we spend investigating false positives. The more we familiarize ourselves with the tool the easier it becomes identifying false positives. The time saved by identifying false positives depends on the type of alert. In some cases, we only deal with simple attacks, such as brute-force password attempts, followed by alerts for unusual login failures. These are common attack methods. We can then determine if the user was trying a different password, mistyped their password, or there's a mismatch. In such cases, identifying a false positive can be relatively quick, taking only one to two minutes.
What is most valuable?
I appreciate the value of real-time activity monitoring. It provides accurate data, giving us a clear picture of what's happening, including who attempted an attack, their location, and any other details we need to mitigate the threat.
What needs improvement?
While blocking an IP address restricts access for 30 days, it eventually becomes accessible again. For true permanence, blocked IPs need to be transferred to a dedicated storage solution. However, this storage has limited capacity. To accommodate new blocked IPs, we must remove existing ones, creating a disadvantage that has room for improvement.
For how long have I used the solution?
I have been using Trend Vision One for over 1 year.
What do I think about the stability of the solution?
Trend Vision One is stable.
What do I think about the scalability of the solution?
Trend Vision One is scalable.
Which solution did I use previously and why did I switch?
We previously used Palo Alto's Cortex XDR. However, we switched to Trend Micro Vision One because it's more user-friendly. Trend Micro's interface allows us to better understand the features and processes, enabling us to achieve the desired results more easily. Cortex XDR, on the other hand, was more complex to navigate.
What was our ROI?
The solution has delivered a return on investment through time savings.
What other advice do I have?
I would rate Trend Vision One 9 out of 10.
Maintenance is required but it is easy to do.
I would recommend Trend Vision One to others. I suggest completing training before using the solution.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at a tech services company with 10,001+ employees
Has a good workbench feature and observed attack technique
Pros and Cons
- "I like XDR's workbench feature and observed attack technique. It generates an alert once certain conditions are met. For example, let's say there's a threat called malicious.exe being deployed on your system. It will generate an alert with information like the file path, location, hash, etc. You also see a relational matrix showing how that file was executed and which processes were installed."
- "Also, XDR should improve its coverage of the latest IOCs. Their suspicious object management works, but the coverage should be improved. It will take one or two months to get those things covered. XDR will detect on a behavioral basis, but these databases will not get updated daily like some other solutions. If you're dealing with new ransomware or malware, it may take around a month before it's covered by Trend Micro."
What is our primary use case?
We had a SIEM in place, but we wanted to do some behavioral analysis of the files that are getting deployed. We wanted to check to ensure that it was nothing with the external registration side. We needed an EDR solution for checking and monitoring everything deployed on this target machine or our host machine site. It will check and detect if any malicious files are there or not. We are getting alerts related to that kind of thing. So we used to check those alerts on the XDR, and we used to, like, do the incident and response to that kind of thing there.
How has it helped my organization?
If you have a SIEM in place, you will only get the network logs. XDR gives you more control over what files are getting deployed, how they are being executed, and how they can potentially harm your system. XDR doesn't work like a normal antivirus solution, which uses signatures to detect and block threats. XDR detects based on behavioral analysis and blocks most things.
It reduces the investigation time because it gives you everything, including how the file was executed, which processes it called, the file name, the stemming, and the time. When we have the endpoint name, we can reach out directly to the endpoint owners and communicate with them regarding those alerts.
What is most valuable?
I like XDR's workbench feature and observed attack technique. It generates an alert once certain conditions are met. For example, let's say there's a threat called malicious.exe being deployed on your system. It will generate an alert with information like the file path, location, hash, etc. You also see a relational matrix showing how that file was executed and which processes were installed.
It's a SaaS solution that covers endpoints, email, and cloud. We have agents installed wherever data is being pushed, so it used to give us a payload. Cloud functionality is one of the most critical things because we don't generally have visibility for cloud applications. Once we install the agents, we gain visibility into all the things integrated on the cloud or any SSH attempts.
XDR offers visibility across layers. This is critical when you want to implement some policies and apply exclusions for particular parts of the system that should not get scanned. It's easy to implement those things. Let's say you want to deploy policies for multiple systems. Using Apex Central, you can directly push the policy to various systems and cover the logs of several systems at a time.
What needs improvement?
Sometimes, there are some false positives. For example, once a user had a file in their system named recovery.txt. The solution was flagging that as a ransom note, so we were confused. It isn't that serious, but it should be improved.
Also, XDR should improve its coverage of the latest IOCs. Their suspicious object management works, but the coverage should be improved. It will take one or two months to get those things covered. XDR will detect on a behavioral basis, but these databases will not get updated daily like some other solutions. If you're dealing with new ransomware or malware, it may take around a month before it's covered by Trend Micro.
For how long have I used the solution?
I have used XDR for two years.
What do I think about the stability of the solution?
Trend Micro XDR is stable. We've never had downtime.
What do I think about the scalability of the solution?
Trend Micro XDR is scalable if you can pay more for licenses.
How are customer service and support?
I rate Trend Micro support seven out of 10. Their technical support is good. They reply regarding your cases. However, if you don't reply to them properly, they may close your case if you are not reviewing that kind of thing.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I previously used Crowdstrike, which is an MDR, so it was totally managed by the Crowdstrike team. They were monitoring every alert that was generated, so it's hard to compare it to Trend Micro XDR. It was somewhat similar, but CrowdStrike is more proactive than Trend Micro, and it has greater coverage of IOCs. I have also used SentinelOne.
How was the initial setup?
It's a SaaS solution deployed across multiple locations covering 20,000 endpoints. It doesn't require any maintenance aside from updates.
What other advice do I have?
I rate Trend Micro XDR seven out of 10. If you plan to implement XDR you should be aware of the IOC coverage and follow up with the Trend Micro team. Most things are covered, but it takes time to add and deploy all that stuff.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Security Engineer at a retailer with 10,001+ employees
A cloud solution for providing all information in one dashboard
What is our primary use case?
We use the solution for event correlation.
How has it helped my organization?
We are deploying a server inside our network to use it as a data collector.
What is most valuable?
The solution provides all the information in only one dashboard. We have integrated with Lumen, NETSCOUT, and other MDM products such as Microsoft Intune and ManageEngine MDM. We have also integrated Chrome with VisionOne.
What needs improvement?
The login system could be improved. We must pass two different dashboards to log in to the solution. We have a second-factor authentication. We need to check the platform, which delays three or four minutes because of logging, checking email, and returning to the platform. If you multiply the entire team, we lose a lot of time daily.
For how long have I used the solution?
I have been using Trend Vision One for two years.
What do I think about the stability of the solution?
I rate the solution’s stability an eight out of ten.
What do I think about the scalability of the solution?
I rate the solution’s scalability a nine out of ten.
Which solution did I use previously and why did I switch?
We have used Symantec before. We switched to Trend Vision because Symantec cut off support for Windows XP. We still have Windows XP in our environment.
How was the initial setup?
The initial setup is easy because our assets are in interactive directory.
What was our ROI?
We’ve seen ROI because we controlled a malware attack in our network with Trend Micro two weeks ago.
Which other solutions did I evaluate?
We have tried other malware solutions. We chose Trend Vision because it supports Windows XP.
What other advice do I have?
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Engineer at Cyberisk
Comprehensive security offers effective risk management with centralized management
Pros and Cons
- "The most valuable features of Trend Vision One are its capabilities for XDR, EDR, MDR, and NDR, allowing for network detection and response."
- "I would like Trend Vision One to incorporate more AI."
What is our primary use case?
Trend Vision One is a comprehensive endpoint security platform that combines NDR, XDR, and MDR capabilities in a single dashboard. We deploy it in offline environments, such as power plants, using relay management to ensure system connectivity without internet access. This approach allows for implementing robust security workflows even in isolated networks.
How has it helped my organization?
Trend Vision One effectively protects endpoints from malware, ransomware, and malicious scripts by allowing for the configuration of policies and sensors that detect and prevent unauthorized file modification.
Trend Vision One offers advanced threat protection that adapts to new and unknown threats. Upon detecting a threat, it deploys a virtual patch to mitigate the issue.
Trend Vision One helps detect ransomware with runtime and machine learning capabilities and will alert us of the detection.
Trend Vision One provides us with a single console for cross-layer detection, threat hunting, and investigation and is easy to learn.
It enhances risk management by providing comprehensive visibility into our environment. This ensures all systems are up-to-date and vulnerabilities are minimized.
Virtual patching is extremely helpful because it provides proactive protection against vulnerabilities even before a fix is available for the underlying issue.
Trend Vision One has helped reduce the number of viruses and malware we received. It has also helped manage risk effectively across various products like workload security, email security, and others through a single dashboard, thus making it easier for the organization to manage risk.
What is most valuable?
The most valuable features of Trend Vision One are its capabilities for XDR, EDR, MDR, and NDR, allowing for network detection and response. It is a comprehensive solution, and even Gartner recognizes TrendMicro as a leader. Additionally, it offers excellent endpoint security and protection that can be easily managed with sensors and agents.
What needs improvement?
I would like Trend Vision One to incorporate more AI.
For how long have I used the solution?
I have been using Trend Vision One for approximately two and a half years.
What do I think about the stability of the solution?
I rate Trend Vision One's stability ten out of ten. I have only faced downtime once and am confident in its stability.
What do I think about the scalability of the solution?
Trend Vision One is scalable, and I have not encountered any issues scaling the solution to meet different client requirements.
I rate the scalability of Trend Vision One ten out of ten.
How are customer service and support?
Customer service and support are excellent. The support team is very timely and helpful, offering solutions and assistance as needed.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial deployment can be done quickly and easily, especially for smaller deployments within one day. For larger deployments, like those with hundreds of endpoints, it might take a few weeks.
What's my experience with pricing, setup cost, and licensing?
I am not directly involved with pricing, but I emphasize the need for competitive pricing to facilitate easier sales.
What other advice do I have?
I would rate Trend Vision One ten out of ten.
Our clients range from small up to enterprise level.
I recommend Trend Vision One to others.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Oct 13, 2024
Flag as inappropriateCyber Security Analyst at a consultancy with 10,001+ employees
Easy to maintain with advanced protection and helpful support
Pros and Cons
- "We can scale the product as needed."
- "We'd like to see a few more integrations."
What is our primary use case?
We primarily use the solution for the XDR.
We have integrated this with all of our endpoints. Basically, we are using it for incident response. We have a SOC team here, so we are using it in a SOC and the Workload solution. For two or three months, we have been migrating to Workload Security. It is mainly for incident response.
What is most valuable?
We are able to observe attack techniques and targeted attack detection.
We need to explore more on it since it is still a new product for us.
It is quite advanced, and it can help us protect our organization against threats. The targeted threat detection is great.
My understanding is the initial setup is pretty straightforward.
The solution has been stable.
We can scale the product as needed.
Technical support is helpful.
It is easy to maintain.
What needs improvement?
We'd like to see a few more integrations. Specifically, we'd like to see more IOC integration tools.
We haven't implemented the automation piece just yet; however, we will go through that soon. We just need more time to see how it all works.
For how long have I used the solution?
I've been using the solution for six or seven months.
What do I think about the stability of the solution?
This solution seems to be pretty stable so far. I haven't come across any issues. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
The product is scalable. When we started, we had a few agents and very few endpoints. At this point, we've integrated with most of them. We haven't seen any issues as we've scaled up.
How are customer service and support?
Support has been quite helpful overall. We've dealt with them multiple times, and they have always been helpful. We tend to get the help we need within two or three hours. They ask many questions and get down to solving the problem at hand.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I also work with Microsoft Defender.
We were using OfficeScan and ApexOne as well.
We decided to work with this product as it had a good reputation.
How was the initial setup?
While I wasn't directly involved with the setup, my understanding is it was straightforward. I do not recall hearing about any complexities coming up. The deployment itself took a few months.
In terms of maintenance, we do get hotfixes every once in a while. It's pretty simple to maintain.
What about the implementation team?
Trend Micros assisted our team with the setup process. However, it was mostly handled in-house.
What's my experience with pricing, setup cost, and licensing?
I can't speak to the exact cost.
What other advice do I have?
I'm an end-user. We are using the latest version of the solution.
The support is pretty good. It is really straightforward. It is very easy to understand, and therefore, I highly recommend the solution.
I'd rate the solution nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Trend Vision One Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Endpoint Detection and Response (EDR) Network Detection and Response (NDR) Extended Detection and Response (XDR) Attack Surface Management (ASM) AI-Powered Cybersecurity Platforms Continuous Threat Exposure Management (CTEM)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
SentinelOne Singularity Complete
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
Cisco Secure Endpoint
Trend Vision One Endpoint Security
Intercept X Endpoint
Check Point Harmony Endpoint
VMware Carbon Black Endpoint
Rapid7 InsightIDR
Buyer's Guide
Download our free Trend Vision One Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?
- What is the best EDR or XDR product for a company with 9000 employees?
- What to choose: an endpoint antivirus, an EDR solution or both?
- Do we need to use both EDR and Antivirus (AV) solutions for better protection of IT assets?
- How does EternalBlue work?
- What are the best on-premise Endpoint Security solutions for a Tech Services company with 10,000 employees?
- Which is better for Endpoint Security: EDR or XDR solutions?