We use Trend Vision One for real-time analysis and monitoring to identify the root cause of security incidents. This includes finding details like how the attack unfolded, user names involved, IP addresses associated with the attack, and the affected systems and devices. By analyzing this information, we can map out the entire attack flow chart.
The network coverage provided by Trend Vision One is important.
Trend Vision One is an XDR tool so it is important for us that it provides centralized visibility and management across protection layers.
Centralized visibility and management across protection layers enable real-time monitoring, which improves our efficiency.
While the Trend Micro Vision One executive dashboard provides a valuable overview, the ability to drill down from that level into the XDR detections is crucial. During a real-time attack, this drill-down functionality is essential for identifying the root cause, prioritizing the threat type, and ultimately finding an effective solution.
Trend Micro Vision One's greatest strength lies in its real-time monitoring and analysis capabilities. This allows for the seamless blocking of malicious URLs and attacks.
The managed XDR has saved us time allowing us to focus on other tasks.
The managed XDR helps us detect and respond to threats in under five minutes. It will display all the details in a single, unified view, including any alerts, trends, usernames, and everything else relevant. By simply looking at the tag data, we can get a complete analysis. This eliminates the need to switch between different screens and saves us significant time. For example, if we see a flag, we can immediately understand its meaning and the associated location without having to search for it elsewhere. Having all this information on a single page is a huge time saver.
Trend Vision One helps reduce the time we spend investigating false positives. The more we familiarize ourselves with the tool the easier it becomes identifying false positives. The time saved by identifying false positives depends on the type of alert. In some cases, we only deal with simple attacks, such as brute-force password attempts, followed by alerts for unusual login failures. These are common attack methods. We can then determine if the user was trying a different password, mistyped their password, or there's a mismatch. In such cases, identifying a false positive can be relatively quick, taking only one to two minutes.
I appreciate the value of real-time activity monitoring. It provides accurate data, giving us a clear picture of what's happening, including who attempted an attack, their location, and any other details we need to mitigate the threat.
While blocking an IP address restricts access for 30 days, it eventually becomes accessible again. For true permanence, blocked IPs need to be transferred to a dedicated storage solution. However, this storage has limited capacity. To accommodate new blocked IPs, we must remove existing ones, creating a disadvantage that has room for improvement.
I have been using Trend Vision One for over 1 year.
Trend Vision One is stable.
Trend Vision One is scalable.
We previously used Palo Alto's Cortex XDR. However, we switched to Trend Micro Vision One because it's more user-friendly. Trend Micro's interface allows us to better understand the features and processes, enabling us to achieve the desired results more easily. Cortex XDR, on the other hand, was more complex to navigate.
The solution has delivered a return on investment through time savings.
I would rate Trend Vision One 9 out of 10.
Maintenance is required but it is easy to do.
I would recommend Trend Vision One to others. I suggest completing training before using the solution.