TrendAI Vision One Reviews

A few use cases for TrendAI Vision One include end user installation by my company distributor company. We sell Trend Micro products, focusing on dealers rather than end user sales. My role is in technical engineering, particularly in Turkey, where I handle all Trend Micro product installation and training.

TrendAI Vision One allows us to monitor attacks in real time, which is a significant benefit. We can quickly see where the attack is coming from. TrendAI Vision One enables us to use different products with a flexible license. For example, if a customer is using endpoint security and wants to switch to another solution, they can instantly use a different Trend Micro product, such as email.

TrendAI Vision One has helped to reduce the time to detect and respond to different threats, as it can respond to attacks very quickly. With playbook templates, in cases of recurring attacks, responses can be made quickly using predefined playbooks.

TrendAI Vision One has helped to reduce noise from false positives. There have been false positives before, but it was due to the customer not telling us which app they were using. Best practice configurations must be applied properly to avoid such issues.

TrendAI Vision One helps customers consolidate the use of security vendors and reduce silos by offering one platform for all product management.

In comparison to Trellix, one disadvantage of Trend Micro is the DLP feature. Trend Micro has a light DLP, while Trellix offers a perfect DLP. Trend Micro's DLP is busy and does not use OCR.

In the future, I would like to see TrendAI Vision One improved by making it easier if the endpoint had a single agent. Currently, there are two agents for different antivirus and EDR solutions, making it seem advantageous to have just one.

DLP can be developed further, and the platform could benefit from additional IPS products.

I have been working with TrendAI Vision One for three years.

TrendAI Vision One is stable, and there has been a problem once so far, which was quickly resolved with very fast problem-solving capabilities.

When needing to scale TrendAI Vision One, I find it very easy to do so.

Local support for Trend Micro is available in Turkey, including both local and global support teams.

I would rate the technical support of Trend Micro as an eight on a scale of one to ten.

Positive

Before Trend Micro, I worked with other solutions such as Trellix and McAfee. Trellix had performance problems, but with Trend Micro, there are no issues, and it offers the best performance compared to other products such as Trellix's EDR and proxy.

Setting up TrendAI Vision One is straightforward, but someone with IT knowledge should handle it since it requires technical know-how.

Switching to TrendAI Vision One reduced our risk by 90 percent.

TrendAI Vision One is a price performance product compared to competitors. On-premises solutions are more expensive than local solutions, and it is more affordable than leading competitors.

Sensor coverage is critical for my customers' networks because we can see instant attacks on the network and computers.

It is very important that TrendAI Vision One has AI built into its platform as we currently use it, and it provides great convenience in understanding events.

My organization uses TrendAI Vision One for consolidated security across hybrid environments, as a single screen simplifies management, making it very easy to understand with one platform for all products.

For other organizations considering TrendAI Vision One, I suggest that using NDR for visibility is nice and easy.

I would rate this review a nine out of ten.

TrendAI Vision One is deployed for endpoint security on both clients and servers. Integration with Microsoft Azure , local Active Directory, Email Security , and Cloud Collaboration has been implemented, with efforts to integrate as many modules and interfaces as possible into the platform.

Centralized collection and evaluation of security-related information at a single point is essential for the company's network. Operating in the construction planning industry with clients that are mostly public authorities, the constant exchange of files and collaboration with other companies across various platforms presents significant challenges. Communication occurs via email and Teams, making endpoint protection critical. TrendAI Vision One ensures endpoints and users are well-protected, detects threats quickly, and provides strong security assurance.

Attack Surface Risk Management features are utilized, and its ability to identify blind spots is highly valued. The platform categorizes the biggest risks with a score, allowing specific risk management.

TrendAI Vision One has consolidated the use of security vendors and reduced multiple vendors. The solution offers far more than initially used, with usage expanding gradually. The Managed Detect and Response Service is utilized, where Trend Micro checks critical cases, providing confidence that data is protected.

Centralizing everything in one cloud platform has improved the company significantly. Integration with third-party products provides additional security and helps the IT team remain calm and confident during incidents. Incidents can be reviewed quickly with clear traceability of events, which reduces stress across the company.

Risk management has been positively affected by the ability to generate reports and gain detailed insight into access attempts, helping reassess risks and identify patterns.

Threat detection and response time has been reduced by 70–90%. Risks are now identified within minutes instead of half an hour. False positives have decreased significantly because alerts can be quickly validated, especially with the new app. Overall cyber risk has been reduced substantially, and the company now feels very secure.

AI integration is very important for the organization. Trend Micro's AI is well-developed and continues to improve, providing faster recognition of threats and specific security support.

The sensors and their visual representation provide a quick and clear overview of the situation and are the most valuable features. The mobile app is highly useful, allowing immediate isolation of a client and instant assessment of alarms without logging into the system. This evolution makes the platform more powerful with every update.

Centralized visibility and management across all protection layers are excellent. TrendAI Vision One helps identify sources of problems quickly and offers great support contact with Trend Micro. The centralization of data collection and evaluation gives significant control over the security landscape.

AI integration within TrendAI Vision One enhances detection and analysis, enabling quick recognition of security issues and strengthening trust in the platform. The Managed Detect and Response service further adds value by providing expert monitoring of critical cases.

Integration capabilities and automation, particularly compatibility with local and cloud systems, have significantly improved operational efficiency and reduced manual workload.

The platform's development is satisfactory. There are no specific missing features at the moment, although improvement is always possible in making things more intuitive and easier to use. TrendAI Vision One continues evolving in the right direction and has become very stable recently.

TrendAI Vision One has been used since November 2023.

TrendAI Vision One is very stable, and no issues have been experienced with the solution. Microsoft systems cause more concern than Vision One. The platform runs smoothly and reliably.

TrendAI Vision One's scalability is good. The goal is to integrate as much as possible and collect all security-relevant information. The platform's scalability supports expansion and additional integrations with AI-driven analysis.

Service and technical support are excellent. Direct contact is available with Trend Micro employees, including local representatives from Switzerland. When MDR tickets are opened, the service team responds quickly with clear instructions. The overall experience is very positive, and customer service and technical support are rated at the highest level.

Positive

Before using TrendAI Vision One, a local Trend Micro solution was used. The move to Vision One occurred when a setup renewal was needed and more security and centralized management options were sought. Trend Micro was recommended and proved to be the right choice.

The initial setup was very simple due to the existing Trend Micro solution. Migration was smooth and supported by a partner, allowing devices to be moved seamlessly to the new platform. The onboarding process was completed within one week, with optimization occurring gradually afterwards.

The implementation was handled by the in-house IT team and UniQconsulting, a long-time partner. Only two people were needed for deployment. Approximately one week was required, with a half-day workshop for introduction and several nights spent migrating and optimizing devices. Support from UniQconsulting and Trend Micro ensured a smooth process.

ROI was achieved primarily through reduced IT workload and cost savings from avoiding external managed security providers. The Managed Detect and Response Service allows security to be maintained internally without outsourcing, which significantly reduces expenses.

Some time was required to realize the benefits after implementation. As a small team, the endpoint migration began slowly. By the end of the first year, everything desired had been integrated, including the local Active Directory and firewall. The platform's evolution and AI chatbot have made usage easier over time.

A credits-based licensing model is used. Each function costs credits per device or user. Credits can be reallocated flexibly, and even minor negative balances are tolerated. The model is fair and adaptable to organizational needs. Overall costs are reasonable for the value provided

Foreign Language: (German)

Eine einheitliche und KI-gestützte Sicherheitsplattform zur Stärkung des Endpunktschutzes und Risikomanagements

Was ist unser primärer Anwendungsfall?

TrendAI Vision One wird eingesetzt, um Endpunkte sowohl in Client- als auch in Serverumgebungen abzusichern. Die Lösung integriert sich nahtlos mit Microsoft Azure, dem lokalen Active Directory, der E-Mail-Sicherheit und der Cloud Collaboration, wobei fortlaufend daran gearbeitet wird, so viele Module und Oberflächen wie möglich innerhalb der Plattform zu vereinheitlichen.

Die zentrale Sammlung und Auswertung sicherheitsrelevanter Informationen an einem einzigen Punkt ist für das Unternehmensnetzwerk unerlässlich. Als Unternehmen in der Bauplanungsbranche, in der man hauptsächlich mit öffentlichen Auftraggebern arbeitet, steht die Organisation vor erheblichen Herausforderungen durch den ständigen Dateiaustausch und die Zusammenarbeit mit vielen Firmen über unterschiedliche Plattformen hinweg. Die Kommunikation erfolgt hauptsächlich per E-Mail und Teams, weshalb Endpointschutz von entscheidender Bedeutung ist. TrendAI Vision One sorgt dafür, dass Endpunkte und Benutzer gut geschützt sind, Bedrohungen schnell erkannt werden und ein hohes Maß an Sicherheit gewährleistet wird.

Die Cyber Risk Exposure Management (CREM) Funktionen werden sehr geschätzt, unter anderem, weil sie Blind Spots identifizieren. Die Plattform priorisiert die größten Risiken anhand eines Scores, was ein gezieltes Risikomanagement ermöglicht.

Wie hat die Lösung unserem Unternehmen geholfen?

TrendAI Vision One hat die Sicherheitsabläufe optimiert, indem mehrere Anbieter auf einer einzigen Plattform konsolidiert wurden. Das Deployment wurde schrittweise erweitert, wodurch weit mehr Funktionen als ursprünglich geplant war freigeschaltet wurden. Der Managed Detection and Response (MDR)-Service sorgt für zusätzliche Sicherheit, da Trend Micro kritische Fälle überwacht und so den Schutz der Daten gewährleistet.

Die Zentralisierung aller Systeme auf einer Cloud-Plattform hat die Leistungsfähigkeit des Unternehmens erheblich gesteigert. Die Integration mit Drittanbieterprodukten bietet zusätzliche Sicherheit und hilft dem IT-Team, bei Vorfällen ruhig und selbstbewusst zu bleiben. Durch die klare Nachvollziehbarkeit können Incidents schnell überprüft werden, was den Stress für die gesamten Organisation reduziert.

Durch die Möglichkeit, Berichte zu erstellen und detaillierte Einblicke in Zugriffsversuche zu erhalten, hat sich das Risikomanagement deutlich verbessert. So können Risiken neu bewertet und Muster erkannt werden.

Die Erkennungs- und Reaktionszeit auf Bedrohungen wurde um 70–90 % reduziert. Risiken werden nun innerhalb von Minuten statt in einer halben Stunde erkannt. False positives sind deutlich zurückgegangen, da Warnungen – insbesondere mit Hilfe der neuen App – schnell überprüft werden können. Das allgemeine Cyberrisiko wurde erheblich reduziert, und das Unternehmen fühlt sich nun viel sicherer.

Die Integration von KI ist ein weiterer entscheidender Vorteil. Die KI von Trend Micro wird kontinuierlich weiterentwickelt und ermöglicht eine schnellere Erkennung von Bedrohungen sowie gezielte Sicherheitsunterstützung.

Was ist am wertvollsten?

Die Sensoren und ihre visuelle Darstellung bieten einen schnellen und klaren Überblick über die Situation und gehören zu den wertvollsten Funktionen. Die mobile App ist äußerst hilfreich, da sie die sofortige Isolierung eines Clients und die schnelle Bewertung von Alarmen ermöglicht, ohne sich ins System einloggen zu müssen. Jedes Update stärkt die Plattform und macht sie mit der Zeit noch leistungsfähiger.

Die zentrale Sichtbarkeit und Verwaltung über alle Schutzebenen hinweg sind ausgezeichnet. TrendAI Vision One hilft, Problemquellen schnell zu identifizieren, und bietet hervorragenden Support durch den direkten Kontakt zu Trend Micro. 

Die Zentralisierung der Datensammlung und -auswertung ermöglicht eine signifikante Kontrolle über die Sicherheitslandschaft. Die KI-Integration in TrendAI Vision One verbessert die Erkennung und Analyse, ermöglicht eine schnelle Identifizierung von Sicherheitsproblemen und stärkt das Vertrauen in die Plattform.

Der Managed Detect and Response Service bietet zusätzlichen Mehrwert durch die professionelle Überwachung kritischer Fälle. Die Integrationsfähigkeit und Automatisierung, insbesondere die Kompatibilität mit lokalen und Cloud-Systemen, haben die betriebliche Effizienz erheblich verbessert und die manuelle Arbeitsbelastung reduziert.

Was könnte verbessert werden?

Insgesamt ist die Entwicklung der Plattform zufriedenstellend. Derzeit fehlen keine bestimmten Funktionen, allerdings wären Verbesserungen hinsichtlich Benutzerfreundlichkeit wünschenswert. TrendAI Vision One entwickelt sich weiterhin in die richtige Richtung und ist in letzter Zeit sehr stabil geworden.

Wie lange wird die Lösung bereits verwendet?

TrendAI Vision One wird seit November 2023 eingesetzt.

Wie beurteile ich die Stabilität der Lösung?

TrendAI Vision One ist sehr stabil, und es sind bisher keine Probleme aufgetreten. Die Plattform läuft reibungslos und zuverlässig. Tatsächlich geben Microsoft-Systeme mehr Anlass zur Sorge als TrendAI Vision One.

Wie beurteile ich die Skalierbarkeit der Lösung?

TrendAI Vision One bietet eine hohe Skalierbarkeit. Ziel ist es, so viele sicherheitsrelevante Informationen wie möglich zu integrieren und zu konsolidieren. Die Skalierbarkeit der Plattform unterstützt die Erweiterungen und zusätzliche Integrationen mit KI-gestützten Analysen.

Wie sind Kundenservice und Support?

Service und technischer Support sind ausgezeichnet. Es besteht ein direkter Kontakt zu Mitarbeitern von Trend Micro, einschließlich lokaler Vertreter aus der Schweiz. Bei geöffneten MDR-Tickets reagiert das Serviceteam schnell mit klaren Anweisungen. Die Gesamterfahrung ist sehr positiv, und Kundenservice sowie technischer Support werden auf höchstem Niveau bewertet.

Wie würde ich den Kundenservice und Support bewerten?

Negativ doesn’t make sense when you read what they said about the Customer service and Support in the question before. 

Welche Lösung wurde zuvor verwendet und warum wurde gewechselt?

Vor der Einführung von TrendAI Vision One wurde eine lokale Lösung von Trend Micro verwendet. Der Wechsel erfolgte, weil eine Erneuerung der Infrastruktur anstand und mehr Sicherheit sowie zentralisiertes Management gesucht wurden. Trend Micro wurde empfohlen.

Wie verlief die Ersteinrichtung?

Die Ersteinrichtung war aufgrund der bestehenden Trend Micro-Lösung sehr einfach. Die Migration verlief reibungslos und wurde von einem Partner unterstützt, wodurch Geräte problemlos auf die neue Plattform transferiert werden konnten. Der Onboarding-Prozess war innerhalb einer Woche abgeschlossen, die Optimierung erfolgte anschließend schrittweise.

Wie war das Implementierungsteam aufgestellt?

Die Implementierung wurde vom internen IT-Team und Uni Consulting, einem langjährigen Partner, durchgeführt. Für das Deployment waren nur zwei Personen erforderlich. Der Prozess dauerte etwa eine Woche, einschließlich eines halbtägigen Einführungsworkshops und mehrerer Nächte für die Migration und Optimierung der Geräte. Die Unterstützung durch Uni Consulting und Trend Micro sorgte für einen reibungslosen Ablauf.

Wie sieht unser ROI aus?

Der ROI wurde hauptsächlich durch die Reduzierung der IT-Arbeitsbelastung und Kosteneinsparungen, da man auf externe Managed Security Provider verzichten konnte. Der Managed Detection and Response Service ermöglicht es, die Sicherheit intern aufrechtzuerhalten, ohne auszulagern, was die Kosten erheblich reduziert.

Es dauerte einige Zeit, bis die Vorteile nach der Implementierung vollständig sichtbar wurden. Als kleines Team begann die Migration der Endpunkte langsam. Am Ende des ersten Jahres waren alle gewünschten Integrationen abgeschlossen, einschließlich des lokalen Active Directory und der Firewall. Die Weiterentwicklung der Plattform und der KI-Chatbot haben die Nutzung im Laufe der Zeit weiter vereinfacht.

Wie sind meine Erfahrungen mit Preisgestaltung, Setup-Kosten und Lizenzierung?

Es wird ein kreditbasiertes Lizenzmodell verwendet, bei dem jede Funktion Credits pro Gerät oder Benutzer kostet. Die Credits können flexibel umverteilt werden, und kleine negative Salden werden toleriert. Das Modell ist fair und an die Bedürfnisse der Organisation anpassbar. Die Gesamtkosten sind im Verhältnis zum gebotenen Wert angemessen.

Welches Bereitstellungsmodell wird für diese Lösung verwendet?

Hybrid Cloud Wenn Public Cloud, Private Cloud oder Hybrid Cloud – welcher

Cloud-Anbieter wird genutzt?

Microsoft Azure

My use case for TrendAI Vision One is in a SOC, specifically for Security Operation Monitoring. I am a SOC analyst responsible for over 200 clients. TrendAI Vision One works effectively for us because it alerts us when suspicious activities occur, such as ransomware attacks. For example, if a possible spear-phishing attack happens where a phishing email comes into our organization, TrendAI Vision One monitors it as a SIEM tool. It captures logs from servers, desktops, and users, generating alerts for suspicious activities. If a malicious phishing email arrives, we investigate where it originated, such as if it came from external sources in London or Germany. We contact our clients to determine if they have any relationships with those regions, and if not, we block the malicious phishing email.

TrendAI Vision One is deployed on-premises and also in the cloud, depending on what clients prefer. Some clients use cloud workload security while others rely on on-premises setups. With more than 200 clients, I log into each client's TrendAI Vision One setup based on their environment.

The best features of TrendAI Vision One include its ability to provide virtual patching. Virtual patching protects an organization's systems. For instance, if a hacker attempts a ransomware attack, TrendAI Vision One detects vulnerabilities in the system, such as outdated Windows 10 versions. If ransomware is launched, TrendAI Vision One informs the hacker that the system is already patched, preventing the attack. Additionally, it alerts developers to update any outdated applications or network settings.

The time to detect and respond to threats has been reduced significantly. For each alert, I typically need 30 minutes or even 15 minutes to investigate, prepare a report, and send it to clients, especially for high-priority cases. We categorize alerts into P1, P2, P3, and P4, where P1 is critical, and we prioritize those. We focus on critical alerts and can report back within 30 to 15 minutes. Overall, we have managed to reduce our resolution time by approximately 99% due to our multiple teams working 24/7.

We need to improve the reports generated in TrendAI Vision One. Currently, we prepare our own reports after alerts are triggered, which is time-consuming. It would be beneficial if TrendAI Vision One offered automated reports summarizing alerts over a specified period, such as one month, which would simplify reporting to clients.

I have been using TrendAI Vision One for approximately two years, and I have experience working with TrendAI Vision One.

TrendAI Vision One has a stability rating of ten out of ten.

I find the scalability of TrendAI Vision One to be ten out of ten. As a partner, Trend Micro provides educational resources that allow users to learn through various templates and videos available on their portal.

I rate the technical support from Trend Micro as a nine out of ten.

Positive

The initial setup process for TrendAI Vision One typically takes about two to three days but can vary. It depends on the client's infrastructure and whether they require support from their network team or need cloud integration. Smaller organizations might complete deployment in one or two days, while larger organizations could take about 10 to 15 days.

TrendAI Vision One is expensive. While it provides extensive services for clients, including integration capabilities, the overall cost is high. It is an XDR, and while some other products such as Trend Micro Deep Security and Apex Central are somewhat cheaper, the comprehensive nature of TrendAI Vision One contributes to its higher pricing.

Compared to other products in the market such as CrowdStrike or Azure Sentinel, TrendAI Vision One excels. While Azure Sentinel relies on complex KQL for deeper analysis, TrendAI Vision One provides accessible insights for both junior and experienced analysts, making it comprehensible even to those new to cybersecurity.

The false positives have been reduced by about 60 to 70%. Many clients experience low-category alerts. For instance, if someone such as Olga logs into her laptop and enters the wrong password multiple times, TrendAI Vision One triggers an alert for suspicious login attempts. We hold all related logs and investigate but often find these to be legitimate activities, which we confirm before closing them as false positives.

The ease of use is quite significant. TrendAI Vision One simplifies processes for junior analysts, offering clear diagrams of data analysis and providing sandbox analysis. It features a user-friendly design that aids learning for those less familiar with cybersecurity.

There are about 200 clients, and 30 employees monitor TrendAI Vision One. We maintain a 24/7 operation, with eight people scheduled for morning, afternoon, and night shifts.

TrendAI Vision One sensors are not critical but are quite easy to use. The sensors collect logs from desktops, laptops, servers, and cloud services, storing them in an encrypted database, making the gathering of data seamless.

I am a partner with Trend Micro and utilize their partner portal. TrendAI Vision One was purchased through Trend Micro's website and partner portal. If a client intends to create a SOC environment or work with many clients, they can consult with Trend Micro's team to establish a proper SOC setup to serve their clients effectively.

My overall rating for this review is 9.5 out of 10.

I use TrendAI Vision One basically for the entire endpoint security setup for both client and server, in addition to the SOC service that we booked, and the goal is to set up a complete centralized management with Trend.

I deploy TrendAI Vision One sensors everywhere, and this coverage is very important for our company's network. So, as I said, server and client, but we also have the interfaces to network and to cloud solutions, and security tools such as firewalls and so on. The log files—everything—flows into TrendAI Vision One in order to detect anomalies. That is why it is actually very important for us to have a tool that covers everything, so to speak.

My company uses the TrendAI Vision One platform for consolidated security in hybrid environments. As I said, we also have the cloud with connected Azure, MS 365 and also the on-premises. So we are hybrid.

My work environment where this solution is deployed includes three locations. We have two external data centers that we operate—we are tenants, but the hardware all belongs to us. So we operate everything on-premises. We have an office where approximately fifty to sixty employees are. We also have approximately twenty to thirty external partners who also work on our systems, as well as a few clients who work on the ERPs that we provide. So there are approximately one hundred and fifty to two hundred users who access our systems. We operate approximately one hundred and fifty virtual servers at highly redundant data center locations. In addition, we are also in the cloud—Microsoft Azure—where we operate certain services for ourselves and also for our customers.

The functions I find particularly valuable are generally the ones that TrendAI Vision One offers, with the vulnerability analyses, so it already shows the vulnerabilities and possible anomalies. It has already displayed compromised user accounts, and so we can assess how the tool works. It is actually the symbiosis of everything, that we can see how Trend actually works.

My impression of the ability of the TrendAI Vision One platform to offer central visibility and management across all layers of protection is that the visibility is very good. As I said, the challenge is there—have we covered everything? For that we need support from Trend, which is very good. Also, the technical know-how on Trend's side is very well positioned.

TrendAI Vision One has helped to consolidate the use of security providers and reduce numbers. When we have everything from a single source, like from Trend, including the SOC service, we didn't have to evaluate other possible tools, and so we were basically able to save costs in terms of licenses.

use the features of Attack Service Risk Management (ASRM), and its ability to support our organization in identifying and assessing blind spots is very good. The visibility is very good, also from ASRM—it helps us to perform analyses. So far we haven't had any major incidents, which is of course optimal, but it definitely helps us in our daily work. We look every day—do we have System Engineers who work with this console?

It is important for our company that TrendAI Vision One has integrated AI into its platform. If the AI works the way Trend envisions it, then we will also have fewer problems, but of course, if it helps to detect anomalies, all the better in any case.

The solution has improved our company by providing advantages we didn't have before. We didn't have this visibility before through the Endpoint Protection solution. That is why we chose Trend, because we have everything in one tool, and it is actually so consolidated. The visibility over everything—over all systems or network and security—has improved us massively. Now the second step is to see if we have everything configured correctly, so that we can then get the maximum out of the functions of Trend.

The TrendAI Vision One platform has positively impacted our ability to manage risk because we see more now, we can analyze more, and create more communication or reports for management, and show how good our E Score is as we use the tools correctly.

TrendAI Vision One has helped our company reduce the number of false positive alerts. We didn't have any tools before, so now we have everything new with Trend, and the false positive alerts are marginal—so there are few. So it fits. We don't have a big time saving, but it helps us.

TrendAI Vision One has helped our organization overall to reduce our cyber risk. Definitely.

TrendAI Vision One manages to reduce our cyber risk based on the risk score, where we see where we have vulnerabilities, and of course also can better protect the systems, better patch them, so that the risk score is really reduced. We have been in the green zone for quite some time now, as far as the risk score is concerned, so we have massively achieved an improvement.

TrendAI Vision One has resulted in us spending less time on threat detection and response. As I said, we haven't had a threat in that sense yet, but we have received certain false positive reports that show the tool is working in the background. As I said, the challenge is to see if we have covered everything. But we have other projects planned for that.

The solution could be improved in the area of support from the beginning, for the implementation of all services. We actually think we have covered everything, but what could be better is the support from the beginning. I think you offer everything, but that is with the customer—with us—it always comes, there is too little know-how transferred. You get the tool and you should then install it with the external partner, but there are many know-how gaps. I think the advantage where we can counter the trend is in the fact that you might do a better onboarding, with the external partner, together with Trend, with the customer, to use the tool from the beginning as it was intended, so that you don't waste any time.

We are just having a problem with Trend right now. We have had short problems twice before—in the sense that when Trend does an upgrade on the platform, or anything else, there are disruptions afterwards. We had that a while ago, which meant you couldn't log in anymore, which was of course suboptimal. Now something is wrong, and we are having problems with the clients with the Zero Trust—that, for example, websites are blocked that shouldn't be blocked, and nothing has been changed. Trend announced some kind of update on Sunday or Monday. Otherwise, everything is running except for these small points, which each lead to misunderstanding.

I have been using this solution for 3 years.

My impression of the stability of this solution is very good

I think the scalability of this solution is good. We plan to increase the use in the sense that, as I said, we want to use all the logs that we already get as a central management solution, if possible.

I rate the service and technical support for the solution from Trend Micro's side as very good.

On a scale of one to ten, I would rate the customer service and technical support for this solution as nine.

Positive

Before using TrendAI Vision One, I used another solution, but it was just one endpoint protection for servers and clients. We didn't have any other tools for network monitoring or cloud solutions.

I switched to TrendAI Vision One because the other solution didn't have those features, and also because the support wasn't satisfactory before.

I switched to TrendAI Vision One because the other solution didn't have those features, and also because the support wasn't satisfactory before.

The setup was relatively simple in the first phase, where the old client was gone and the new client was installed via software distribution. That goes relatively quickly. Then standard configurations were done through the partner. What was delayed was that you bought these credits from the beginning—these modules—but until you had them fully configured, it took a while. From my point of view, almost a year and a half, and we simply didn't fully use the credits because certain modules weren't activated. That is why I earlier mentioned the need for better onboarding.

Our implementation strategy was simply to remove the old behavior, add new trends, and initially cover the server and client, then integrate the network and cloud, and finally build the CM solution and then build the SOC service on top of that.

We used an integrator, reseller, or consultant for the implementation—this was our external IT partner.

My experience with them is difficult to say. As I said, it is now down to the onboarding or the time that the external partner didn't have to really fix—to provide their tool in the way that we needed it.

We needed a small team for the implementation of this solution. There were two of us, practically fully together with the external partner for a while, to implement the whole thing.

I have identified a Return on Investment more on the security side. I didn't have this visibility before. I didn't have this security to look at where we have vulnerabilities, what is being monitored. From that point of view, you can already say that we have profited from it, but you cannot really describe that monetarily.

It took us about a year, a year and a half, to realize these benefits from the time of implementation. We took two steps: first we replaced the servers and then waited a year until we could add the clients and afterwards added the additional sensors, such as network and so on. I would now say that we have been working for about a year, a year and a half, to optimize these sensors and work more intensively with the tool.

Before deciding on this product, I considered other options. We looked at two others—the existing supplier we had, plus Trend—and then looked at others, but we ultimately came to Trend because the price-performance ratio and also the support actually showed the best offer.

The main differences between the products we considered were that the main trigger was Vision One, that we have everything on one console and can actually connect everything. Others have more difficulty even presenting it that way or don't have such a wide range of interfaces to bring everything into TrendAI Vision One. That would mean you need several tools or suppliers for, in the end, the same result.

What I would recommend to others evaluating this solution is to take advantage of the flexibility that we can also try things out with certain credits, to test the modules. How can you use that? Also the flexibility to support us or the customers in such a way that they can try out the products as much as possible and not just buy something and then realize that they might need other modules in addition or wouldn't have needed them.

My opinion of the pricing and licensing of this solution is that prices could always be lower, of course, but I think the model is good with these points. It is a bit opaque—with these credits—when you have to order certain modules and then get these credits. When you have the credits, you can actually use them as you want later in the console. That makes it flexible in part, but it is a bit opaque sometimes. Then the Key Account from Trend helps, who explains it to us each time.

Foreign Language: (German)

Sorgt für umfassende Transparenz in hybriden Umgebungen und verbessert die täglichen Abläufe in der Bedrohungserkennung

Was ist unser Hauptanwendungsfall?

Ich nutze TrendAI Vision One für den gesamten Endpoint-Sicherheits-Setup, sowohl für Clients als auch für Server, zusätzlich zu dem SOC-Service, den wir gebucht haben. Das Ziel ist es, ein vollständiges SIEM mit Trend Micro aufzubauen.

Ich setze die TrendAI Vision One Sensoren flächendeckend ein, das ist sehr wichtig für unser Unternehmensnetzwerk. Die Lösung umfasst Server und Clients aber auch Schnittstellen zu Netzwerk- und Cloud-Lösungen sowie zu Sicherheitstools wie Firewalls usw.

Alle Logdateien laufen in TrendAI Vision One zusammen, um Anomalien zu erkennen. Deshalb ist es für uns so wichtig, ein Tool zu haben, das alles abdeckt.

Mein Unternehmen nutzt die TrendAI Vision One-Plattform für konsolidierte Sicherheit in hybriden Umgebungen. Wir verfügen außerdem über Cloud-Integrationen mit Azure und Microsoft 365 sowie über lokale Systeme, sodass wir hybrid aufgestellt sind.

Meine Arbeitsumgebung umfasst drei Standorte: zwei externe Rechenzentren, die wir als Mieter betreiben, sodass die Hardware uns gehört, und ein Büro mit etwa 50 bis 60 Mitarbeitern. Darüber hinaus arbeiten etwa 20 bis 30 externe Partner an unseren Systemen sowie einige Kunden, die auf den von uns bereitgestellten ERPs arbeiten. Insgesamt greifen etwa 150 bis 200 Benutzer auf unsere Systeme zu. Wir betreiben etwa 150 virtuelle Server an hochredundanten Rechenzentrumsstandorten. Darüber hinaus betreiben wir bestimmte Services in Microsoft Azure für uns selbst und auch für unsere Kunden.

Was ist am wertvollsten?

Die wertvollsten Funktionen sind diejenigen, die TrendAI Vision One für Schwachstellenanalysen bietet, da es Schwachstellen und Anomalien identifiziert. Es wurden auch bereits kompromittierte Benutzerkonten angezeigt, sodass wir sehen können, wie das Tool funktioniert.

Die Fähigkeit der Plattform, zentrale Transparenz und Verwaltung über alle Schutzebenen hinweg zu bieten, ist ausgezeichnet. Die Herausforderung besteht darin, eine vollständige Abdeckung sicherzustellen, dafür benötigen wir Unterstützung von Trend Micro, die sehr gut ist. Auch das technische Know-how auf der Seite von Trend ist sehr gut aufgestellt.

TrendAI Vision One hat dazu beigetragen, Sicherheitsanbieter zu konsolidieren und die Anzahl zu reduzieren. Alles aus einer Hand zu haben, einschließlich des SOC-Services, hat dafür gesorgt, dass wir keine anderen Tools evaluieren mussten und Lizenzkosten eingespart haben.

Das Cyber Risk Exposure Management (CREM) hilft dabei, Blind Spots zu identifizieren und zu bewerten, und bietet eine gute Übersicht für die Analyse. Bislang hatten wir keine größeren Vorfälle, was natürlich optimal ist, aber CREM unterstützt uns definitiv bei unserer täglichen Arbeit.

Für unser Unternehmen ist es wichtig, dass TrendAI Vision One KI in seine Plattform integriert hat. Wenn die KI von Trend wie vorgesehen funktioniert, wird sie Probleme reduzieren und die Erkennung von Anomalien verbessern.

Die Lösung hat unser Unternehmen verbessert, indem sie uns Transparenz verschafft hat, die wir mit früheren Endpoint-Protection-Lösungen nicht hatten. Deshalb haben wir uns für Trend Micro entschieden, da alles in einem Tool konsolidiert ist. Für uns hat sich die Sichtbarkeit über alle Systeme, Netzwerke und Sicherheitsaspekte hinweg massiv verbessert. Der nächste Schritt besteht darin, sicherzustellen, dass alles korrekt konfiguriert ist, um die Funktionalität maximal auszuschöpfen.

TrendAI Vision One hat sich positiv auf unsere Fähigkeit Risiken zu managen ausgewirkt, da es eine bessere Analyse, Berichterstattung und Kommunikation mit dem Management ermöglicht. Wir können nun unsere Risikobewertung darlegen und Verbesserungen aufzeigen.

TrendAI Vision One hat die Anzahl der Fehlalarme (False Positives) deutlich reduziert. Früher hatten wir keine Tools, jetzt sind Fehlalarme auf ein Minimum reduziert. Die Zeitersparnis war nicht enorm, aber ist dennoch sehr hilfreich.

Insgesamt hat TrendAI Vision One unserem Unternehmen dabei geholfen, unser gesamtes Cyberrisiko zu reduzieren. Der Risk Score zeigt Schwachstellen auf und ermöglicht so einen besseren Schutz und ein besseres Patchen, was dazu beiträgt, den Risk Score zu senken. Wir befinden uns seit geraumer Zeit im grünen Bereich, was eine erhebliche Verbesserung darstellt.

Insgesamt hat TrendAI Vision One unserem Unternehmen geholfen, das gesamte Cyberrisiko zu reduzieren. Der Risk Score zeigt Schwachstellen auf und ermöglicht dadurch besseren Schutz und effektiveres Patching, was wiederum zur Senkung des Risk Scores beiträgt. Wir befinden uns seit geraumer Zeit im grünen Bereich, was eine massive Verbesserung ist.

TrendAI Vision One hat den Zeitaufwand für die Erkennung und Reaktion auf Bedrohungen reduziert. Wir wurden bisher noch nicht mit echten Bedrohungen konfrontiert, aber einige False Positives bestätigen, dass das Tool im Hintergrund funktioniert. Die Herausforderung besteht weiterhin darin, eine vollständige Abdeckung sicherzustellen, und dafür haben wir entsprechende Projekte geplant.

Was muss verbessert werden?

Die Lösung könnte beim Support zu Beginn, insbesondere bei der Implementierung aller Services, verbessert werden. Zwar gehen wir davon aus, dass wir alles korrekt eingerichtet haben, doch die anfängliche Unterstützung könnte besser sein.
Man erhält das Tool und soll es gemeinsam mit dem externen Partner installieren, aber es gibt doch Wissenslücken. Ein strukturierteres Onboarding, bei dem Trend Micro, der externe Partner und der Kunde von Anfang an zusammenarbeiten, wäre sehr hilfreich, um die Lösung direkt richtig nutzen zu können.

Wir haben kurzfristige Probleme nach Plattform-Upgrades erlebt. Beispielsweise war nach einem Update der Login vorübergehend nicht möglich, was suboptimal war. Aktuell haben wir Schwierigkeiten mit Zero Trust, da Webseiten fälschlicherweise blockiert werden, obwohl keine Änderungen vorgenommen wurden. Trend hat kürzlich ein Update angekündigt, und obwohl sonst alles reibungslos läuft, führen diese kleinen Probleme immer wieder zu Missverständnissen.

Seit wann benutze ich die Lösung?

Ich nutze die Lösung seit drei Jahren.

Wie ist die Stabilität der Lösung?

Mein Eindruck von der Stabilität dieser Lösung ist sehr gut.

Wie ist die Skalierbarkeit der Lösung?

Ich halte die Skalierbarkeit dieser Lösung für gut. Wir planen, die Nutzung zu erhöhen. Nach Möglichkeit sollen alle Protokolle (Logs), die wir erhalten, als SIEM-Lösung genutzt werden.

Wie sind Kundenservice und Support?

Ich bewerte den Service und technischen Support von Trend Micro als sehr gut.
Auf einer Skala von 1 bis 10 vergebe ich eine 9.

Wie würden Sie den Kundenservice und Support bewerten?

Positiv

Welche Lösung habe ich vorher verwendet und warum gewechselt?

Vorher habe ich eine andere Lösung genutzt, die nur grundlegende Endpoint-Protection für Server und Clients bot. Wir hatten keine weiteren Tools für die Netzwerküberwachung oder Cloud-Sicherheit.

Ich bin zu TrendAI Vision One gewechselt, weil die vorherige Lösung diese Funktionen nicht bot und der Support nicht zufriedenstellend war.

Wie war die Ersteinrichtung?

Die Installation war relativ einfach. In der ersten Phase wurde der alte Client entfernt und der neue Client über die Softwareverteilung installiert, was schnell ging. Die Standardkonfigurationen wurden dann über den Partner vorgenommen. Was die vollständige Implementierung verzögerte, war die Aktivierung der gekauften Credits und Module. Obwohl wir diese im Voraus gekauft hatten, dauerte es fast anderthalb Jahre, bis sie vollständig konfiguriert und einsatzbereit waren. Aus diesem Grund habe ich zuvor die notwendige Verbesserung des Onboardings erwähnt.

Unsere Implementierungsstrategie: Alte Lösung entfernen → Trend einführen → Server & Clients abdecken → Netzwerk & Cloud integrieren → SIEM aufbauen → SOC-Service ergänzen.

Wie war das Implementierungsteam?

Wir haben einen Integrator/Reseller/Berater für die Implementierung beauftragt – unseren externen IT-Partner. Meine Erfahrungen mit ihnen sind gemischt. Das Hauptproblem war das Onboarding, da der Partner nicht das erforderliche Maß an Unterstützung geleistet hat, um das Tool optimal zu nutzen.
Für die Implementierung dieser Lösung benötigten wir ein kleines Team. Wir waren zu zweit und haben eine Zeit lang eng mit dem externen Partner zusammengearbeitet, um das Deployment abzuschließen.

Wie war der ROI?

Der Return on Investment liegt vor allem im Bereich Sicherheit. Vorher hatten wir keinen Überblick über Sicherheitslücken und Überwachung. Mit TrendAI Vision One haben wir jetzt diesen Überblick, was ein großer Vorteil ist, auch wenn es schwer ist, das finanziell zu beziffern.

Wie ist meine Erfahrung mit Preisgestaltung, Einrichtung und Lizenzierung?

Es dauerte etwa anderthalb Jahre, bis wir diese Vorteile nach der Implementierung erreicht hatten. Wir haben zwei Schritte unternommen: Zuerst haben wir die Server ausgetauscht und dann ein Jahr gewartet, bis wir die Clients hinzufügen konnten, und anschließend die zusätzlichen Sensoren, wie z. B. Netzwerk und so weiter. Ich würde sagen, dass wir nun seit etwa anderthalb Jahren daran arbeiten, diese Sensoren zu optimieren und intensiver mit dem Tool zu arbeiten.

Welche anderen Lösungen habe ich bewertet?

Vor der Entscheidung haben wir zwei weitere Anbieter geprüft – den bestehenden Lieferanten und Trend – und uns schließlich wegen des Preis-Leistungs-Verhältnisses und des Supports für Trend entschieden.
Der Hauptunterschied war, dass TrendAI Vision One alles in einer Konsole vereint. Andere haben mehr Schwierigkeiten, das so darzustellen, oder weniger Schnittstellen, um alles zu integrieren.

Bevor wir uns für dieses Produkt entschieden haben, haben wir andere Optionen in Betracht gezogen. Wir haben zwei Alternativen geprüft, unseren bestehenden Lieferanten und Trend Micro. Letztendlich haben wir uns für Trend entschieden, weil das Preis-Leistungs-Verhältnis und der Support insgesamt den besten Mehrwert boten.

Der Hauptunterschied war, dass TrendAI Vision One, alles auf einer Konsole bereitstellt und alle Lösungen nahtlos miteinander verbindet. Andere Anbieter haben größere Schwierigkeiten, dies zu realisieren, oder verfügen nicht über eine so breite Palette an Schnittstellen, um alles in TrendAI Vision One zu integrieren. Um das gleiche Ergebnis zu erzielen benötigt man mehrere Tools oder Anbieter.

Welchen Rat habe ich für andere?

Ich empfehle, die Flexibilität des Credit-Systems zu nutzen, um verschiedene Module auszuprobieren, um herauszufinden, welche am besten zu Ihren Anforderungen passen. Außerdem können Sie Produkte testen, bevor Sie sie kaufen – so vermeiden Sie, später festzustellen, dass Sie zusätzliche Module benötigen oder einige gar nicht verwenden.

Das Lizenzmodell halte ich grundsätzlich für gut. Es ist allerdings etwas intransparent, da man zunächst bestimmte Module bestellt, dafür Credits erhält und diese später in der Konsole flexibel einsetzen kann. Das macht das System zwar sehr flexibel, wirkt aber manchmal etwas undurchsichtig. Unser Kundenbetreuer von Trend unterstützt uns dabei und erklärt uns jedes Mal den Ablauf.

Welches Bereitstellungsmodell verwenden wir?

Hybrid Cloud.

Wenn Public Cloud, Private Cloud oder Hybrid Cloud, welchen Cloud-Anbieter nutzen Sie?

Microsoft Azure.

We started with the antivirus solution, TrendAI Vision One Endpoint Security, after switching from Sophos. Initially, our focus was antivirus, but later we expanded to include multiple TrendAI Vision One products: XDR for Networks, Managed SOC, and Cloud Endpoint Security.

Our deployment covers endpoints, network sensors, and integrations with Active Directory and Microsoft. We use virtual sensors for full network visibility and maintain a hybrid environment with both private and Azure cloud infrastructure.

Our customers are mainly in the public sector—municipalities, cities, healthcare, and retirement homes—so ransomware is a major concern. TrendAI Vision One provides tools to fend off attacks and allows us to use virtual patching to quickly close vulnerabilities without waiting for traditional patches.

TrendAI Vision One has significantly enhanced our visibility into vulnerabilities and security incidents. Unlike Sophos, which only offered basic antivirus protection, TrendAI Vision One provides comprehensive insight into user behavior, dark web login monitoring, and open vulnerabilities.

We can now see everything from a single platform, which simplifies security operations and reduces complexity. It also allows for real-time risk management linked to live data, enabling continuous improvement rather than periodic reviews.

The Swiss TrendAI Vision One team supported us closely in refining our cybersecurity processes, leading to substantial overall progress and reduced cyber risk across the organization.

The rollout was quick thanks to the cloud-based infrastructure of TrendAI Vision One Complete, which eliminated the need for additional hardware. The central visibility of the platform is particularly valuable: users can log in and immediately identify areas of high risk. The unified dashboard highlights vulnerable areas at a glance, streamlining remediation.

Attack Surface Risk Management (ASRM) is also a key feature, helping prioritize assets based on criticality and data sensitivity. For instance, devices holding high-value data receive more attention in risk scoring.

The platform's ability to provide insights across multiple protection layers helps us address vulnerabilities quickly and efficiently. The system's simplicity and consolidated data have also made managing risks far more effective than before.

The main area of improvement lies in the Workbench interface. When investigating alerts, users often have to navigate through multiple windows and tabs to gather all relevant information. Consolidating case details into a single, more intuitive view would streamline investigations and save time. Otherwise, the solution's functionality is well-balanced.

We've had the solution for a little more than two years.

The solution's stability is excellent. We have not experienced any issues or downtime since implementation.

Scalability has been strong. We began with server deployments and are now rolling out to 2,200 client devices. The process has been seamless, requiring minimal additional configuration.

We have had an excellent experience with TrendAI Vision One's customer and technical support. The Swiss TrendAI Vision One team provides consistent, personalized assistance, with dedicated contacts who understand our setup well.

They have been very responsive, and we even have an ongoing relationship with them beyond technical support. Overall, I would rate the service a nine out of ten for professionalism, consistency, and expertise.

Positive

Our previous solution was Sophos Endpoint Protection, which reached end-of-life. We evaluated multiple vendors, including Sophos's new offerings, but TrendAI Vision One stood out due to its platform capabilities, the SOC integration potential, and especially the excellent support from the Swiss TrendAI Vision One team.

The switch was smooth, and TrendAI Vision One's modern detection capabilities and compatibility with both legacy and modern systems were major advantages over Sophos's on-premises, outdated setup.

There were no major deployment issues. The initial rollout was phased, starting with servers before moving to clients. TrendAI Vision One Switzerland supported the implementation directly, ensuring smooth execution.

The initial setup was straightforward. We rolled out the solution to around 1,000 on-premises data center servers over two to three months. The process was divided into test, review, and full rollout phases, which helped minimize issues. The overall setup was simple and efficient, especially for the scale of deployment.

Implementation was handled internally by two people: myself and one team member. We managed all phases from planning and clarification to deployment.

TrendAI Vision One Switzerland provided close technical guidance during the process, and later, the service provider Pingas in Germany assisted with SOC integration. Our ongoing maintenance involves eight people from our team, although the TrendAI Vision One solution itself requires little upkeep.

Return on investment was not a primary goal. We offer managed services to our clients, with antivirus protection included as part of the package rather than a separate revenue stream. The investment was made to ensure robust cybersecurity and operational reliability. However, we plan to expand some of these services to external customers to achieve a return in the future.

We have an Enterprise Agreement with TrendAI Vision One, a six-year strategic partnership covering a defined consumption volume. Pricing is considered fair for the range of functions included. It's neither excessively high nor low, and overall, it aligns well with the value provided.

We evaluated multiple alternatives, including Sophos's updated solutions, but TrendAI Vision One prevailed due to its modular service structure, modern platform design, and strong support from the Swiss TrendAI Vision One team.

I would recommend others to evaluate this solution, especially with the support of a trusted partner during the introduction phase. Having expert guidance early on helps with configuration and understanding the platform's capabilities. TrendAI Vision One also consolidates vendor management effectively, reducing the need for multiple partners.

I would rate TrendAI Vision One a nine out of ten.

Foreign Language: (German)

Zentralisierte Sichtbarkeit und konsolidierte Einblicke – für ein schnelleres und einfacheres Schwachstellenmanagement.

Was ist unser primäres Einsatzszenario?

Wir haben mit TrendAI Vision One™ – Endpoint Security begonnen, nachdem wir von Sophos gewechselt hatten. Anfangs lag der Schwerpunkt ausschließlich auf dem Antivirenschutz. Inzwischen nutzen wir jedoch mehrere

Module der Plattform TrendAI Vision One – darunter XDR (Extended Detection & Response) für Netzwerke, Managed SOC und Cloud Endpoint Security.

Unsere Implementierung umfasst Endpoints, Netzwerksensoren sowie Integrationen mit Active Directory und Microsoft. Durch den Einsatz virtueller Sensoren erreichen wir vollständige Netzwerksichtbarkeit. Unsere Umgebung ist hybrid aufgebaut – mit privater sowie Azure-Cloud-Infrastruktur.

Wie hat die Lösung unserem Unternehmen geholfen?

Unsere Kunden stammen überwiegend aus dem öffentlichen Sektor – Gemeinden, Städte, das Gesundheitswesen und Pflegeeinrichtungen – für die Ransomware eine zentrale Bedrohung darstellt. TrendAI Vision One bietet leistungsstarke Tools zur Abwehr solcher Angriffe und ermöglicht virtuelles Patchen, sodass Schwachstellen umgehend geschlossen werden können, ohne auf klassische Patches warten zu müssen.

TrendAI Vision One hat unsere Transparenz hinsichtlich Schwachstellen und Sicherheitsvorfällen erheblich verbessert. Im Gegensatz zu Sophos, das lediglich grundlegenden Antivirenschutz bot, liefert TrendAI Vision One umfassende Einblicke in Nutzerverhalten, Dark-Web-Anmeldungen und offene Schwachstellen.

Heute haben wir alle sicherheitsrelevanten Daten auf einer einzigen Plattform, was den Betrieb vereinfacht und Komplexität reduziert. Zudem erlaubt die Lösung Echtzeit-Risikomanagement auf Basis von Live-Daten – ein kontinuierlicher Verbesserungsprozess statt punktueller Überprüfungen.

Das Schweizer Trend Micro Team hat uns bei der Optimierung unserer Cybersecurity-Prozesse eng begleitet. Das führte zu deutlichen Fortschritten und einer spürbaren Reduktion des Cyberrisikos in der gesamten Organisation.

Was ist am wertvollsten?

Die Implementierung verlief zügig, dank der Cloud-basierten Architektur von TrendAI Vision One, die keine zusätzliche Hardware erforderte. Besonders wertvoll ist die zentrale Transparenz der Plattform: Nutzer können sich einloggen und sofort risikoreiche Bereiche identifizieren. Das einheitliche Dashboard zeigt Schwachstellen auf einen Blick und erleichtert deren Behebung.

Ein herausragendes Feature ist das Cyber Risk Exposure Management (CREM), das Assets nach Kritikalität und Datenwert priorisiert. Systeme mit sensiblen oder geschäftskritischen Daten werden im Risikoscore entsprechend stärker gewichtet.

Durch die ganzheitliche Sicht über mehrere Schutzebenen hinweg können Schwachstellen schnell und effizient adressiert werden. Die einfache Bedienbarkeit und die konsolidierten Daten haben das Risikomanagement deutlich effektiver gemacht.

Was könnte verbessert werden?

Der Hauptverbesserungsbedarf liegt in der Workbench-Benutzeroberfläche. Bei der Untersuchung von Warnmeldungen müssen Anwender häufig zwischen mehreren Fenstern und Tabs wechseln, um alle relevanten Informationen zu erfassen. Eine konsolidierte, intuitivere Fallansicht würde Analysen beschleunigen und Zeit sparen. Abgesehen davon ist die Funktionalität der Lösung sehr ausgewogen.

Wie lange nutzen wir die Lösung?

Wir verwenden TrendAI Vision One seit etwas mehr als zwei Jahren.

Wie beurteile ich die Stabilität der Lösung?

Die Stabilität ist ausgezeichnet. Seit der Implementierung kam es zu keinerlei Ausfällen oder Problemen.

Wie beurteile ich die Skalierbarkeit?

Die Lösung ist hochgradig skalierbar. Wir begannen mit Server-Deployments und haben die Nutzung mittlerweile auf 2.200 Client-Geräte ausgeweitet – reibungslos und ohne größeren Konfigurationsaufwand.

Wie ist der Kundenservice und Support?

Unsere Erfahrungen mit dem Kunden- und technischen Support von Trend Micro sind durchweg positiv. Das Schweizer Trend Micro Team bietet eine konstante, persönliche Betreuung mit festen Ansprechpartnern, die unsere Umgebung bestens kennen.

Die Reaktionszeiten sind hervorragend, und die Zusammenarbeit geht über reine Supportfälle hinaus. Insgesamt bewerten wir den Service mit neun von zehn Punkten – für Professionalität, Zuverlässigkeit und Fachkompetenz.

Welche Lösung haben wir zuvor genutzt und warum der Wechsel?

Zuvor setzten wir Sophos Endpoint Protection ein, dass das End-of-Life-Stadium erreicht hatte. Nach Evaluierung mehrerer Anbieter – auch der neuen Sophos-Lösungen – überzeugte TrendAI Vision One durch seine Plattformfähigkeiten, SOC-Integrationspotenziale und den hervorragenden Support des Schweizer Teams.

Der Wechsel verlief reibungslos. Besonders die modernen Erkennungsmechanismen und die Kompatibilität mit sowohl älteren als auch modernen Systemen stellten deutliche Vorteile gegenüber der veralteten On-Premises-Struktur von Sophos dar.

Wie war die Erstimplementierung?

Es traten keine nennenswerten Probleme auf. Die Einführung erfolgte phasenweise, zunächst auf Servern, danach auf Clients. Die Implementierung wurde direkt vom Schweizer Trend Micro Team unterstützt und verlief reibungslos.

Insgesamt war die Einrichtung unkompliziert: Rund 1.000 Server im Rechenzentrum wurden innerhalb von zwei bis drei Monaten in Test-, Review- und Rollout-Phasen eingeführt. Der Prozess war effizient und gut strukturiert – besonders angesichts der Deployment-Größe.

Wer war am Implementierungsprozess beteiligt?

Die Implementierung erfolgte intern durch zwei Personen – mich selbst und einen weiteren Kollegen. Wir betreuten alle Phasen, von der Planung bis zum Rollout.

Das Schweizer Trend Micro Team leistete dabei enge technische Unterstützung. Später übernahm der deutsche Dienstleister PingUs die Integration des SOC. Die laufende Wartung wird von acht internen Mitarbeitenden übernommen, wobei der Pflegeaufwand der Lösung insgesamt gering ist.

Wie war der ROI?

Ein direkter Return on Investment war kein vorrangiges Ziel. Wir bieten unseren Kunden Managed Services an, bei denen Antivirenschutz im Gesamtpaket enthalten ist. Die Investition diente vor allem der Cyber-Resilienz und Betriebssicherheit. Künftig planen wir jedoch, Teile dieser Services auch extern anzubieten, um einen ROI zu erzielen.

Wie bewerte ich Preisgestaltung, Einrichtung und Lizenzierung?

Wir verfügen über ein Enterprise Agreement mit Trend Micro – eine sechsjährige strategische Partnerschaft mit definiertem Verbrauchsvolumen. Das Preisniveau ist für den Funktionsumfang angemessen: weder überhöht noch niedrig, sondern im Einklang mit dem gebotenen Mehrwert.

Welche Alternativen wurden evaluiert?

Wir haben mehrere Anbieter geprüft, darunter auch die neuen Sophos-Lösungen. TrendAI Vision One setzte sich durch – dank modularer Servicearchitektur, moderner Plattformstruktur und der starken Unterstützung durch das Schweizer Team.

Welchen Rat würde ich anderen geben?

Ich empfehle, diese Lösung in Betracht zu ziehen – insbesondere mit Unterstützung eines kompetenten Partners in der Einführungsphase. Fachliche Begleitung hilft, die Plattform optimal zu konfigurieren und ihr volles Potenzial auszuschöpfen. Zudem vereinfacht TrendAI Vision One das Vendor Management, da mehrere Anbieter überflüssig werden.

Ich bewerte TrendAI Vision One mit neun von zehn Punkten.

Welches Bereitstellungsmodell nutzen wir?

Hybrid-Cloud-Umgebung

I work as a partner with Trend Micro as an MSSP provider and partner with TrendAI Vision One. I have installed, configured, and deployed TrendAI Vision One across several sectors including pharmaceuticals, a digital bank, and the biggest hospital in Pakistan.

The usual use cases for TrendAI Vision One that I work with are server and workload security and standard endpoint protection. These are the EDR modules that TrendAI Vision One offers. I have already worked on the CReM, which is Cyber Risk Exposure Management. I have worked with the network security module and zero trust as well.

I have a hospital and a digital bank that use TrendAI Vision One platform for consolidated security across hybrid environments. The digital bank has on-premises servers and cloud servers hosted on AWS and Azure environments. All of these are integrated into the single platform. I have deployed TrendAI Vision One in a hybrid environment.

TrendAI Vision One has really good features, but I think the malware detection feature stands out because it offers both types of detections. It offers signature-based detection as well as behavioral-based detection. What the agent does is create a baseline for a profile. For example, if I'm Asad and I'm doing a job from nine to five and it knows that these are certain tasks that I do in my daily shift, if I'm trying to violate that baseline, it will generate an alert and notify the relevant stakeholders that I am doing something that normally I don't do. This is something suspicious, and this is something where TrendAI Vision One takes the edge.

The top security challenges in my industry are that there are so many cybersecurity vendors and lots of products. Some offer DLP solutions, some offer endpoint security, some offer network security. These separate products for every aspect create silos or difficulties in management. TrendAI Vision One offers a complete XDR solution that integrates all of these aspects into a single application. Instead of starting my shift and logging on to separate products for all of these, I just need to log in to TrendAI Vision One and I have single-click access to all of these applications.

TrendAI Vision One provides a single platform or single view for me as an analyst or architect to work with. It has around fourteen to fifteen applications that I will be using on a single platform. Instead of logging onto the separate EDR console, separate ZTNA or zero trust console, instead of logging onto the separate network security console, I just have to log on to TrendAI Vision One portal and I have single-click access to all of these applications. This helps in saving time and helps in correlating these different logs as well. TrendAI Vision One, if it collects the network logs as well and EDR logs, it knows how to correlate them and how to provide a big picture instead of just telling a single story.

TrendAI Vision One has all of these modules integrated on the single platform. That's the really advantage that TrendAI Vision One provides and that's the benefit that it competes with several competitors. I haven't seen any of the products apart from Microsoft Azure or CrowdStrike. These are some of the competitors that do provide this kind of visibility. Apart from these, I don't see any vendor that is closely aligned with the kind of single-page environment TrendAI Vision One offers.

I don't see any straightforward issues with TrendAI Vision One at this time. Troubleshooting the disconnectivity of the agent is a bit of a difficult task because the server might have connectivity with the portal and agent services will be working fine, but still it shows disconnected on the portal. This is the issue that I have faced for two to three clients, but after doing nothing, it went up automatically. This is something where I think TrendAI Vision One has to improve.

I have been working with TrendAI Vision One for around three years. Since I started my job here as a SOC analyst, I have been working on the same product.

TrendAI Vision One is a reliable and stable solution. Whenever there is some technical issue, I simply raise a ticket and the team that is sitting in the Philippines is really supportive. They come jump on the call and immediately resolve the issue. There are some technical issues in all of the products. Microsoft has some technical issues, and CrowdStrike does have technical issues, but whenever there are issues, their team is supportive and they sort the issue.

The level of scalability of TrendAI Vision One is great because it's a cloud native solution. Whenever the product is a cloud native solution, it does provide great scalability. I have an environment with fifty servers, I have environments with four hundred and five hundred servers as well. I don't see any issues with scalability. It runs smoothly. It doesn't matter how big the organization is.

TrendAI Vision One is a reliable and stable solution. Whenever there is some technical issue, I simply raise a ticket and the team that is sitting in the Philippines is really supportive. They jump on the call and immediately resolve the issue. There are some technical issues in all products. Microsoft has some technical issues, and CrowdStrike does have technical issues, but whenever there are issues, their team is supportive and they sort the issue.

I have communicated with their team for many queries that clients might have. It doesn't matter if there is a technical query, a non-technical query, or generalized questions that my customers might have. If I don't have a straightforward or right answer to that, I immediately raise a ticket to the support team so that I can have a correct answer from a subject matter expert.

For the usual installation process of TrendAI Vision One, I first have to create some user accounts that the organization provides. After that, I have to check the license. If the organization has just purchased the endpoint or standard endpoint protection or server workload protection, then I just have to deploy those sensors on their laptops, servers, and other assets. If they have other protection modules like email security or network security, then I have to deploy the network sensor for their network traffic and I have to configure email security by deploying MX records and configuring their DNS to capture those emails and then checking if it's a phishing or spam email or not.

I usually find the initial setup straightforward and relatively easy. Whenever there is an issue while deploying the agent, it sometimes shows that it is disconnected from the portal for a longer period and I have to wait for around two to three hours sometimes based on the environment of the organization. After two to three hours, it goes up. This is a small challenge that I face, in that it does not show immediately connected on the portal. Sometimes it takes time.

TrendAI Vision One is a cloud native solution. It doesn't have any on-premises deployment. It is only hosted on AWS environment and I have to buy it on the cloud. I don't have the ability to deploy it on premises.

TrendAI Vision One has really good detection rules that sweep the environment in near real time. It doesn't wait for something to happen for a longer period and then detect it. The rules are configured to immediately detect it. Some tools offer detections where if this logic activity happens within sixty minutes, it should trigger. Instead, in TrendAI Vision One, it continuously checks for those detection logics and triggers an alert if it is found.

TrendAI Vision One has helped my customers reduce noise from false positives because I can tune the detection rules to reduce the false positives because every organization has their own policies and procedures. It might create some noise, but the good part is that I can whitelist those events and reduce the noise.

By using CReM or Cyber Risk Exposure Management, TrendAI Vision One helps my customers reduce their overall organizational risk by managing their assets, reducing the vulnerabilities, and mitigating the threats that they might have.

I am aware of the pricing and licensing of TrendAI Vision One as they offer a credit model. If I want to purchase any of their products or features, I should purchase the credits and I can allocate them to the protection modules that I am using. They don't bind me only to one module. For example, if I want to use the EDR for just one hundred endpoints or laptops and I have purchased the credit for them, but after mid-year, I found that the laptop count has reduced to eighty and those twenty are abandoned as of now, I can use those twenty laptops credits to other protection modules like email security or Cyber Risk Exposure Management. This is really a great part of TrendAI Vision One. They don't bind me to a protection module. They provide credits and I can utilize them in whichever protection module I want to use.

The importance of AI built into TrendAI Vision One is that it does provide the ability to summarize those security events. If there is an incident considering eighteen alerts and an analyst tries to investigate those eighteen events for a single incident, it might take forty or forty-five minutes. But if a client is sensitive and has an SLA of thirty minutes, TrendAI Vision One AI companion will provide a detailed summary with actionable recommendations within seconds. This really helps in meeting the SLA and resolving incidents.

I rate technical support from TrendAI Vision One as seven and a half or eight out of ten. The issue with agent deployment influences my overall rating because the main core protection module that TrendAI Vision One has is the agent deployment or the agent connectivity because normally the client wants to protect their servers. Clients want to protect their endpoints. These are the core things that every organization wants to protect. If the client faces difficulty in deploying or managing those assets, it will have a bad impact on that product. My overall rating for TrendAI Vision One is seven out of ten.

I work on TrendAI Vision One endpoint security in the XDR part. I have been working with TrendAI Vision One for approximately two years. We manage multiple endpoints, approximately 3,000 endpoints. We collect telemetric data from there and check all the servers in our inventory, whether they are online or offline. We troubleshoot whether there is unusual activity happening on the endpoint. TrendAI Vision One generates alerts for any suspicious activity, and then we mitigate accordingly. We are using TrendAI Vision One's sensors on endpoints and servers.

The versatility of TrendAI Vision One is what I like the most; we have a lot of options. The segregation is best, with endpoints divided into separate parts and servers into different parts. The policies are well-figured and well-maintained. We have the threat hunting part, the mitigation part, and the sandboxing capabilities. The areas to explore in TrendAI Vision One are fabulous. We can divide the endpoint on our own, and the server part is also great. It is very user-friendly, and we can segregate it on our basis. We can generate alerts on the basis of what we want. We have the option of playbooks, which makes it a more user-friendly and understandable environment that gives us exactly what we want.

TrendAI Vision One is very critical for us because we do not use an EDR tool; we use an XDR tool only, and we have integrated it with the SIM solution. If we did not have TrendAI Vision One, we would not be receiving the traffic or SIM data, and if there is any individual traffic or any individual behavior in the network, we would not be able to recognize it without it.

The biggest challenge is that users take care of their laptops approximately 80% of the time, but when there is an outbound connection, the user is not able to do anything. The user does not understand if he gets redirected from a legitimate site to another site through backtracking. At that time, the user is not itself involved in this, but TrendAI Vision One blocks the site on its own. It blocks the traffic on its own, which is the greatest thing and the live working thing with TrendAI Vision One that helps us.

We have the Cyber Risk Exposure Management capabilities in TrendAI Vision One. It shows us how much risk is in our environment based on the data it takes from the endpoints and the environment. We check that on a regular basis and develop a report every day on the basis of that. It is very great and gives us much more visualization. We do not need to go anywhere; we just need to open that and check where it is happening, and it gives us the best results.

In exposure management, we have multiple parts covering spyware and malware. Approximately six or seven months ago, one of the users was trying to access a website and it was getting linked to another website which was carrying grayware, which is a kind of spyware. Usually, the EDR solution does not track that because it is a web traffic issue, and EDR solutions are not able to track spyware much because it is only a bit suspicious without anything malicious in it. However, in the exposure management part, we received an alert of unusual traffic. We checked the telemetric data and all other things through our VTA and other tools. We did not find much that was malicious, but TrendAI Vision One was generating an alert again and again. We deep-dived into it and found that the website itself was not malicious, but it was carrying some spyware and was redirecting to something different. That was the best experience I had from the past two years.

When we started to use the product, the policies were not fitted properly. At that time, we used to receive a lot of false positive alerts. After doing some fine-tuning and adjusting some playbooks, the noise has been reduced to 80 to 90 percent. A lot of data has started coming in, and the data we get now is mostly true positive. We get to segregate it easily because the noise is reduced.

The AI of Trend Micro is really very good. If we are getting an alert and analyzing it, people sometimes ask to charge ChatGPT, but that is not good because that data is going to ChatGPT and that is not safe either. If we are asking the AI model of Trend Micro only, that is the best thing because our data is not going to anyone external, and Trend Micro already has that data. At that time, the threat gets less. However, the area where it should improve is that it gets stuck. It does not have that much amount of data. It does not understand easily, and we have to explain it more. I suggest that you make sure to train that model a bit more.

Apart from that, the rest of the things are really very fine. Only the AI part needs to be learned more. The AI should be given more data and should be made to understand more how to work. The rest of things are great, really great.

I have been working with TrendAI Vision One for approximately two years.

On Diwali, I do not remember the exact date, but it may have coincided with the AWS outage. We were not able to log into TrendAI Vision One due to a problem in the back end, which I believe was due to the AWS outage. We were not able to log in for approximately an hour or two. At that time, it caused us a lot of crisis because anything could have happened at that time. Fortunately, everything was on its case after we logged in. No attack happened during that one to two hours, and everything was fixed.

I found TrendAI Vision One to be very scalable because it is adaptive in nature. It takes care of vulnerabilities on its own. Its core services and AI-driven capabilities are also good. It has threat management on its own, and its effectiveness is also good; it is efficient.

I would rate customer service as 4 out of 10.

Positive

The setup process of TrendAI Vision One is pretty quite easy. We set up a path and keep the sensor there and then run it as an illustrator and perform some basic steps. We check the telnet of the URL and ping the IPs. If everything is working fine, then the connectivity is perfect and we are good to go.

I work in the Cybersecurity department. We do the deployment and take care of the security part end-to-end. I have not personally done the implementation myself, but I have done this work and I have knowledge about this all.

I have used Centra one, which is a very small product compared to TrendAI Vision One. TrendAI Vision One has many things in it and takes care of many servers. In Centra one, we have global sites and endpoints, but all the policies are at one place with all the endpoints and servers at one place, which is a bit of a hurdle when we take care of compliance. In TrendAI Vision One, we have that at different places, which makes it help us a lot. Centra one is an EDR solution that takes care of endpoints only and does not take care of the network. TrendAI Vision One takes care of the network also. If we have ten laptops in the environment and only eight of them are integrated with the XDR, then the remaining two will sometimes generate an alert on the basis of network. In EDR, if the eight endpoints are integrated, we will get the data of those eight only. That is the plus point here. If there is anything in the network, we will get to know. I also use other India solutions like Sentinel One and CrowdStrike.

I gave my highest consideration to TrendAI Vision One based on its integration and its user-friendly nature. Everything is segregated properly. The servers we get on the different part, and the endpoints we get on the different part. The alerts for the servers we get on the different part and for the endpoints we get on the different part. One more thing that is great is the workbench part. We have OAT, we have EPR, we have other things, but the best thing about it is its workbench. If we get an alert anywhere in the EDR XDR part and if that is much critical and it is getting an alert again and again, then TrendAI Vision One on its own generates its workbench. What makes it easy is the check that this one is more critical, and we should go and check this one first and then move to another part. It helps us to reduce the time to check which one we should go first and which we should check second. As an incident responder, it is very good to segregate the criticality of the function. If TrendAI Vision One gives that on its own, it becomes really very helpful.

We do face vulnerabilities. I know of Zbot, which is one vulnerability. We were getting an OAT alert over that vulnerability, and we were getting many more alerts also. We got approximately 40 to 50 alerts in an hour. For an incident responder, it becomes hard to decide which one to pick first and which one to resolve first. The workbench came here and analyzed all of the data and generated one workbench indicating that we should first go for this host and check the details here because it is more crucial than the other one. Security is never complete, so we can go for the more critical one which will be affecting the business more, and then we should resolve that first and then move to the other part. That is the best thing ever.

Whenever TrendAI Vision One gets connected to any malicious IPs or URLs or anything, it blocks it first and then generates the alert. If it is not blocked, it generates the alert, and then we analyze the telemetric data and find the URL and IPs from it. We then make sure to block it from our end, not from the XDR only, but from the SIM and other firewalls and all the tools. We do threat hunting from it. We check the telemetric data on a regular basis and find some URLs and IPs, and then we block it from the firewall and our SIM, EDR, XDR, and another tool. What happens from it is we know that this IP is malicious. We get the advisory, we block it from our side, and we give these IPs and URLs to another security tool so they block it. In the future, if a user clicks that malicious IP or visits those malicious links, TrendAI Vision One will block it on its own.

I would also like to mention that we do isolate the machines from the back end when they are not compliant or when the version is older. After isolation, the network gets completely isolated, the user tends to work faster, and our compliance gets maintained much more easily. The data encryption and access controls across the isolated system for the non-compliance does not get much of the risk, and our data also gets out of the control. The inconsistency of security comes into the point, and then our compliance gets maintained properly, and it is all because of the silo performance. I know that Trend Micro works for the hybrid environment, but right now we do not use that. We have on-premises for all the things. We are thinking to shift over the cloud, but right now we have not shifted.

One thing I would like to suggest is the user login and log out time. If we have ten users integrated with the XDR solution, it should show us when the user was last logged in and when it was logged out. That time should reflect over the console. The blocking capability works most of the time, but it does not work every time, which is a bit problematic.

I rate this product 9 out of 10.

I can describe several use cases for TrendAI Vision One, including endpoint security with very nice features such as anti-malware, advanced threat protection, machine learning, device control, application control, web reputation, and DLP use cases that are very good. Server security includes vulnerability management, virtual patching, integrity and log inspection, anti-malware, and web reputation. Network security provides very holistic views, and XDR operations correlate multiple layers of security and give an advanced holistic view of multiple layers of investigations easily.

TrendAI Vision One is a centralized platform-based solution that provides good visibility across endpoint security, email security, server security, cloud security, and XDR operations. The product offers very good visibility overall.

A good advantage of the product is the threat correlation and attack path visibility, which is helpful to SOC teams for investigating incidents. TrendAI Vision One platform has helped me consolidate my use of security vendors and reduce silos. This is very helpful for protecting organizational assets and daily workloads, allowing SOC teams to investigate threats, perform threat hunting, and take action. TrendAI Vision One is capable of managing risk once assets enter the dashboard and scanning all assets. Network security scans all data and provides information about network vulnerabilities, such as agentless devices and agent devices, easily identifying vulnerabilities and allowing for mitigation.

Email security helps to protect users from phishing emails. Cyber Risk Exposure Management provides comprehensive visibility and AI attack path visibility for proactive security, protecting the organization's assets and proactively providing the attack path.

I would like to see some areas of the product improved or enhanced in the future. I have used multiple products such as Kaspersky, and I appreciate TrendAI Vision One for its easily viewable dashboard and one-window solution platform-based approach that provides good visibility across all products.

While acknowledging the good aspects, I believe some elements could be improved or new features could be included in TrendAI Vision One. AI-based detection is currently available, but I hope for enhancements in other areas such as encryption, which is not currently available in this security product.

I have a total experience of approximately three years using this product.

Regarding stability, I have not experienced any crashes, downtimes, or performance issues with TrendAI Vision One. Cloud-based solutions have no downtime, whereas on-premises solutions might face some downtime for patch upgrades and version upgrades for the server.

I find TrendAI Vision One scalable and have not encountered limitations or scalability issues with it. The product provides feasibility, and I find this product very helpful.

My evaluation of customer service and technical support is that their support is very good, and I am already satisfied with the technical support of this project.

I rate the technical support as very helpful for issue resolution. I have found use case information already available online and have read articles and performed actions for resolution.

When issues are not resolved at L1 and L2 support, I create tickets. The Trend Micro engineer aligns with the support team and resolves issues quickly.

Regarding the initial setup process, I find it a bit complex with TrendAI Vision One. The integration of multiple products with TrendAI Vision One and configuring the policies is somewhat complex for a new user.

Regarding ROI, my customers have seen returns with TrendAI Vision One. Customers are already using this cloud-based solution, and those who previously used Kaspersky find it useful for encryption aspects. I recommend this product as it is a very good product for various industries with strong signatures for anti-malware and ransomware prevention.

I do not have clear information about the pricing aspect, including setup cost and licensing details. Cost and licensing details are unclear to me.

I am using TrendAI Vision One for integrating multiple security solutions, such as the integration of firewalls and SIEM solutions for XDR.

The XDR sensor is installed on multiple security layers such as endpoint security and email security. The sensor collects telemetry data from the endpoint security and provides a holistic view of the data. SOC teams find it very helpful to collect telemetry to investigate threats easily.

My organization easily collects assets and reviews the risk score, advanced threat protections, and attack surface. This is a very good product for collecting all asset data and providing a comprehensive dashboard regarding vulnerability protection and risk score, highlighting the risk score and attack surface.

The industry faces top challenges such as server security and email security. The industry uses legacy servers, and TrendAI Vision One workload security protects those legacy servers. TrendAI Vision One provides workload virtual patching, which offers protection for the servers.

I use the Cyber Risk Exposure Management capabilities in TrendAI Vision One. Cyber Risk Exposure Management is the best product for the live industry, highlighting the company and correlating the industry's risk scores.

My impressions of TrendAI Vision One platform's ability to provide centralized visibility and management across protection layers are very positive. It is a very good solution for providing centralized platform-based solutions while using multiple security tools such as cloud security and cloud email gateway protection and service gateway. I have already experienced this product, and it is very helpful for SOC teams, management, and Cyber Risk Exposure Management for C-level use. This is a very good product.

Having TrendAI Vision One in hybrid environments has affected my ability to manage risk positively. It is important to my organization that TrendAI Vision One has AI built into its platform. TrendAI Vision One is the best for AI-driven security, which is a very good point of the TrendAI Vision One console. AI-driven features are very helpful for user-friendliness. Once a new user uses TrendAI Vision One, AI-driven features assist in understanding the policies and SOC operations.

TrendAI Vision One has helped my organization reduce noise from false positives, as it has significantly reduced false positives. Regarding overall cyber risk, TrendAI Vision One has helped reduce cyber risk for my client's organization. It provides an overall comprehensive dashboard overview of organizations, offering compliance, best practices, and training sessions for threat detection. This is a very helpful dashboard for Cyber Risk Exposure Management, customized for partners and industries.

The amount of risk reduced by switching to TrendAI Vision One platform includes risk metrics that show higher scores when the attack surface is high. The dashboard gives live vulnerability assessments and displays the risk scores of dashboards and organizations.

The main benefits that TrendAI Vision One brings to the table include benefiting my customers by pitching the endpoint security and Cyber Risk Exposure Management project. I have already mentioned to customers the advantages of using one product, and I am also using the demo for other products from the same console and have activated the license.

TrendAI Vision One has helped to reduce my time to detect and respond to threats through proactive security for detection, mitigation, and delivery of the attack path. I had an incident with one user who downloaded a file, and the endpoint security agent detected the malicious file and performed actions to clean and delete it. XDR created the workbench, and I investigated easily for threat scores and performed actions, enabling SOC teams to be helpful in threat hunting.

The key differences of TrendAI Vision One in comparison to other technologies such as Kaspersky include that I have already mentioned the advantages of the product, but drawbacks exist for new users. It is very complex for policy configurations and integration with other products.

Many industries in Pakistan use TrendAI Vision One platform for consolidated security across hybrid environments. More than the usual number of customers are using endpoint security, cloud security, and XDR operations. I purchase TrendAI Vision One through local partners. I give this product a rating of nine to ten out of ten. Given my experience with TrendAI Vision One over three years, I recommend using this product, as it is very helpful for the industry cybersecurity framework.

My company is Kyndryl, and we work for a UK-based financial institution. That client, the financial institution, has TrendAI Vision One. By using TrendAI Vision One, we are monitoring and doing day-to-day tasks.

In this project, it is related to XDR, but there are many modules. Currently, they are using only HIDS and HIPS. There are many other modules available, but all the modules are based on the license, so they are using only a few of them.

Compared to my previous experience where I worked on some other EDR tools, TrendAI Vision One has many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.

Basically, each endpoint device has an agent called the TrendAI agent, similar to a CrowdStrike agent. The agent is monitoring two things: system events and security events. Based on the events, they are pulling the data at the console for the security team. We monitor if any unusual things happen, and then we have to react. The agent installed on endpoint devices is helping us monitor and do the work.

In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features, but I do not remember. However, it has a very good feature, as I mentioned, Cyber Risk Exposure.

Actually, in Cyber Risk, if I want to see the device level and how many devices have some vulnerability, if I click the device, it will show the count. For example, it is showing that two, three, or four devices are detected with this kind of vulnerability. If the devices have Apache Log4j vulnerability or OGNL, then based on the operating system, if the device has Linux, I have to reach the platform team and say "Okay, this system has this kind of vulnerability, and you have to patch the thing" or update the software. From here, I cannot update anything or upgrade the agents. There is some dependency, you could say.

For deployment, I think it is easy and does not require much effort. I have not done the deployment myself, but for some point in time, for a few of the servers, we have done it, and it is easy and does not require much.

For this, it depends on two or three factors. First, we have to confirm why this alert got triggered and what is the IOC. For example, if it is some private IP, then I have to reach out to the different teams. In my case, I have to reach the vulnerability management team because they have Nessus and Qualys tools, which are vulnerability scanner tools. What they mostly do is they try to scan the particular server and devices, targeting the server. When the IP, let us say the Nessus IP, leads to a server, TrendAI Vision One tries to understand "Okay, I think someone is trying to recon this particular server. This is not a usual thing," so they generate the alert. I have to go through each and every alert, and based on whether the IP is private, I have to reach out to the VM team and other teams and try to confirm whether the IP is genuine or from somewhere else. After that, I have to fine-tune inside TrendAI Vision One, and then they will automatically reduce the false positives.

In my case, I can say that earlier we received many alerts related to recon alerts. If I closed and whitelisted two, three, or five IP addresses, the total has been reduced by approximately 40 percent. Earlier, we received more than 400 or 500 false positive alerts, but nowadays we receive hardly 10 or 15 alerts.

My client is not a small bank. I think it is one of the big banks in the UK, but I do not want to tell you the name. It is very big.

In TrendAI Vision One, there are many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.

They have another feature called Workbench inside the XDR. What Workbench does is that if you receive 100 alerts one day, the Workbench correlates all the alerts and tries to find similar ones. Then it generates one ID. Inside one ID, if 10 alerts are similar, it will consolidate all 10 alerts as one Workbench ID. Inside the Workbench ID, if I investigate and close the Workbench ID, on behalf of that Workbench ID, all 10 alerts will be closed automatically. There is no need to go through each and every alert one by one. This is also a very good feature inside TrendAI Vision One.

In terms of centralized visibility, I can say that it saves much more time. If for one thing I have to go through different tools, obviously I have to invest much more time for a single alert. But here, if one alert triggers, I can correlate with the help of different modules, which is nothing but easy for me.

There is also an inbuilt AI tool inside TrendAI Vision One. Sometimes if I get stuck somewhere during the investigation, I use this AI chatbot, which is known as a companion inside TrendAI Vision One. If I put a use case or ask "Okay, I am here, what do I have to do?" That companion, which is nothing but a chatbot, will go through whatever I put inside the chat, analyze it, and mention some steps. It will say "Okay, from here you can go" and "You can do these things." It is also a very good feature and it makes it easy for me.

As I mentioned, because of that one feature, Workbench ID inside the XDR module, it reduced much more time compared to other tools. But I cannot say a specific number. It is very difficult for me. However, it saves a lot of time. As I mentioned, if 10 alerts are received, in another tool, I have to go through each and every alert one by one. But here, they correlate the alerts based on whatever the IOCs are and why this alert got triggered. Based on the alert, they consolidate the alert. If all 10 alerts have a similar property, they consolidate and generate one ID, a Workbench ID, and they consider it as one. So if I investigate one and close it, all 10 will be closed automatically.

It is very nice and very helpful. It reduces the overall response time. It is very helpful. It is known as a companion, and that one chatbot is known as a companion inside TrendAI Vision One.

In TrendAI Vision One, a few days ago, there was one issue related to resource utilization at some servers. It was not clear whether the reason was the Trend agent or some other security agents such as Sentinel or something else. In this kind of situation, we get stuck. Then we have to reinstall and do all those things.

In Tanium, we have an advantage where even the security team from their end can update the patch. But in TrendAI Vision One, there are no features such as this. We have to depend on the platform team.

They could improve the support case experience because whenever we reach out to the support team, in response, they first put what I think are some ready-made templates, and they just put it as a reply. If I raise a case, they have some ready-made templates. This is my opinion and thought from following some different cases. They can improve here because they just simply reply with whatever they have. Then again, we have to mention more things, and after that, they reply with some genuine points. But initially, they just put some ready-made templates, I think. They can improve here.

I have been using this product for more than a year. In this project, it has been more than a year.

It is stable. I think it rates 9 or 10.

Regarding scalability, if we are talking about it, and if we currently have a thousand servers and increase the count, then we can test the scalability. As of now, I have not gone through it, so it is very hard for me to say much about the scalability.

I do not have that much level of access to other parts due to policy, and they are not using all other modules due to licensing limitations. I cannot say much more about other things because TrendAI Vision One has many modules.

Negative

In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features.

For deployment, I think it is easy and does not require much effort.

You could say 5+. I started my career as a SOC analyst.

I have not used other products, but there is another product called Tanium, which I learned about. In Tanium, we have an advantage.

I need to note that the overall rating I would give this product is 7. It is not bad, but initially, they put some ready-made templates, which I do not like.

I do not know about other projects because here they segregate the team based on the project. I am working for the UK-based project, and some other people are working for the AU-based project. Different people worked in different countries. I do not have any other idea about other projects or whether they are using TrendAI Vision One or not. I cannot say anything.

Definitely, it requires maintenance. If agents are not compatible with particular devices, we have to reach the support team and take help from there, and then we have to upgrade and update based on the risk and compliance policy.

There are many other modules available, but all the modules are based on the license, and they are using only a few of them.