TrendAI Vision One – Endpoint Security Reviews

We use Trend Micro One Endpoint Security for endpoint security. We are using the SaaS version of One Endpoint Security. 

I am confident in One Endpoint Security's capability to defend endpoints against threats like malware, ransomware, and malicious scripts. 

One Endpoint Security has predictive machine learning and behavior monitoring, which are essential for endpoint security. Our file scan also scans the memory for malware. Behavior monitoring is particularly effective at detecting ransomware attacks because it can check for unusual encryption methods.

I like the way Trend products integrate with each other. The servers are all tied into Central, which is now integrated into my Vision One console. The on-premises stuff is also integrated with Azure.

We use a single dashboard through The Central to view detections, threat hunting, and investigations. The visibility through the single console is important. When we open the dashboard, it tells us what it has found. For example, I am currently looking at the SaaS version. If I go to One Endpoint Security, I can see all of the agents that are currently connected. It takes a few moments for all of the agents to load. We are currently in a downtime during the summer months. We are a school board, so there are fewer staff members on-site, and not all of the schools are open. We have 12,000 employees and 80,000 students. However, not all of the students are online right now as they would be during the school year. Next Friday, we will have more staff members in the office. When school starts after the Labor Day long weekend in Canada in September, everyone will be back online. Currently, the dashboard only shows 9,140 agents. Last week, it showed 6,400 agents. I have the system set up to remove inactive agents so that the system does not have to constantly scan a bunch of systems that are not even there. I have seen up to 17,000 endpoints on our system.

Vision One is now monitoring my Cloud One workload security and My Cloud Central. This means that Vision One is collecting data from both systems and giving me a comprehensive overview of my security posture. When I open Vision One, I will be able to see visibility into my entire organization. I have configured Vision One to send data to our Syslog server and receive data from our Qualys server. The Qualys server scans my servers for vulnerabilities and reports back to Vision One. I have also set up a service gateway and a workload security data center gateway. The workload security data center gateway feeds data from my VMware ESX servers into Vision One. This allows Vision One to see the real-time status of our VMs, including which ones are powered on, which ones are running the Deep Security Agent, and which ones are still running on my on-prem Deep Security server. Vision One provides me with a risk overview, an exposure overview, and an attack overview. This information includes details about credential access, lateral movement, collection impact, and suspicious mail forwarding rules.

We have our Azure system for Office 365 and on-premises Azure Active Directory also connected to Vision One. This means that Vision One can see all logins to our Azure system and our on-premises AD. I have agents running on our on-premises directory controllers, so this data is also being fed into Vision One. Vision One can also see our Azure domain controllers and our DMZ. I receive alert emails when something serious happens. I haven't received any of these emails since we started using Vision One. However, I receive emails about endpoints that have had files quarantined. The file on the endpoint was too large to move to the main server quarantine, so Vision One just gave me a small error message. Currently, the endpoint protection dashboard shows that out of 19,678 endpoints, agents have been deployed on 13,675. This includes Macs. The dashboard shows one Linux endpoint, which is my service gateway. There are 882 Mac OS endpoints, which is lower than the usual number of 1,100 because not all of them are turned on. There are 12,792 Windows endpoints. The dashboard also shows that 6,003 endpoints have no security protection. These endpoints likely include network equipment, certain Linux servers that are not running Trend Micro software, and proprietary operating systems that are used by our network team and other IT groups. There are also endpoints that are listed in our Active Directory, but they are either turned off or do not have any active systems.

Updates are applied on an hourly basis. If an exploit gets through and an endpoint has not been updated, it will receive the update on the next cycle. The most common reason for an endpoint not receiving an update is a network issue or the endpoint being powered off. Once an endpoint goes online, it is configured to automatically retrieve security updates from the server, or directly from Trend Servers over the internet if the server is unavailable. The first thing the endpoint does when it goes online is update its security patches, signatures, and scan engines. When a detection is made, the endpoint first deletes the file and quarantines it. It then blocks the action of whatever the file was trying to do. The endpoint's virtual patching, behavior monitoring, and predictive machine learning then stop any unusual activity. This may even include an activity that is supposed to happen. We have had members of our ICT department complain that they were unable to install software because the antivirus protection was blocking it. In some cases, we have groups within our organization that are responsible for maintaining their own servers. When they are doing upgrades, they may schedule us to temporarily disable the antivirus protection so that they can complete the upgrade. Even if malware does not get detected by the web reputation system and is downloaded by a user, it may still be detected by the signature-based malware detection system. If it is not detected by either of these systems, it may still be blocked if it tries to contact its master. These master addresses are often common addresses on the internet that are used by bots to communicate with a server that is maintained by the threat actor. If a bot is blocked from contacting its master, it will be unable to function. If we see a large number of bots being blocked, we will investigate the system to see what is causing the issue. In many cases, it turns out to be a legitimate activity that is being blocked by the system. For example, we may have custom scripts running on certain servers that look suspicious to the system. We can manually whitelist these scripts so that they are not blocked. Overall, the system is designed to be overprotective. This is because it is better to block something that is legitimate than to let malware through. We can always fix a false positive, but it is much more difficult to fix a security breach.

I started using One Endpoint Security in August 2020. I learned how to move agents, install software, and get the agent onto the server. I also learned from the documentation, knowledge base, forums, and other users. I found One Endpoint Security to be more difficult to learn than PaperCut because the terminology and concepts are different. PaperCut is just about printing and monitoring, while One Endpoint Security is about cybersecurity. There are also many caveats to consider with One Endpoint Security. I found the scan settings to be particularly challenging. Trend Micro has helpful best practices documents, which I used to learn what the normal settings are for servers and workstations. For example, servers don't need to be scanned for office document exploits because they typically don't have Office installed. I also learned that it's important to balance security with performance. We don't want to scan servers so heavily that it slows them down, but we also don't want to skip important security checks. In January 2021, we changed our policy on security settings. We now tell users that if there are any problems, we will fix them. We would rather have a small problem that we can fix quickly than have to restore a server from backup, which can take days.

One Endpoint Security provides virtual patching, also known as vulnerability protection, to protect against vulnerabilities before they are exploited. Deep Security and Workload Security call this feature intrusion prevention, but it is essentially the same thing.

Workload security now has a feature called Activity Monitor for each endpoint. This is a free version of their Endpoint Basecamp product that is automatically installed with every One Endpoint Security agent. Even if we are not licensed for Endpoint Basecamp, it will still be installed. On the servers, I had to remove the Endpoint Basecamp and then deactivate and reactivate the workload security agent to get the Activity Monitor working properly. However, I am glad that we get free monitoring for our servers, even though we do not get it for our workstations.

The agent program version column in the agent screen, we could never sort by. It's so handy to be able to sort by that now. We can go to one end of the scale to see the lowest agent version, and then go to the other end to see how many are updated to the latest agent.

Microsoft's new Azure Code Signing is causing a lot of issues for us with One Endpoint Security. We currently have two systems in operation, on-prem and SaaS, and many of the agents won't upgrade beyond version B11564 because these newer versions require Azure Code Signing compliance on the endpoint. If we are not up to date with our Windows updates, we don't have this compliance. Irrespective of the Windows version we are running, we have to apply patches to the machines, if the OS is not damaged, to make them compliant. After that, we can upgrade to the latest version of the respective agent. This process also applies to both Deep Security and Workload Security.

I have two production servers: one for Windows and another for Mac. These servers are available in both on-premise and SaaS versions. Additionally, I have a test server that is located on-premises. The significant distinction with the SaaS version is the absence of a test server where I can install a new version. This means I can't allow the agents on it to upgrade and then perform testing. In contrast, with the production SaaS version of One Endpoint Security, I have numerous agents transitioning and coming online. It's essential that these agents upgrade to a newer version. Among these agents, there are five or six different versions, not counting the really old ones that have yet to upgrade due to ACS non-compliance. I can't leave the testing phase for an extended period because I still have outdated agents that need to be updated. These agents can't be left hanging while I wait to test the newest version that has just been released. New versions seem to come out every couple of months in the SaaS environment. In the past, when I solely used the on-premises version, I would review security bulletins for the SaaS version to identify any issues. I'm apprehensive about potential future situations involving this, primarily because the majority of our agents now operate on the cloud version. If a problem is discovered, rolling back on those agents would be challenging. It would require careful operation to revert them to a different version.

The on-premises version of One Endpoint Security has an update function that allows us to manually update a bunch of servers. For example, if I just turned on a policy, I can force the agents to quickly download the policy and start following the update procedure or update settings. However, this function is not available in the SaaS version. This is because the system cannot communicate with the agent through the firewall. The SaaS version has an automatic update function and an update source entry in the update agents sub-menu, but it does not have a way to force agents to update. This is a problem because we cannot automatically update the agents. We have to manually log in to the machines and give them an update command. Currently, we have no choice but to wait until the agents find the updates themselves.

I have been using Trend Micro One Endpoint SecurityOne for three years.

I have the enterprise version, so I can usually talk to someone in the Philippines even during after-hours. I only do this when it's something that can't wait until the next day. If it can wait, I'll let it go until then. But if something is broken and needs to be fixed right away, I'll get in touch with the Philippines team. They have some good people there, and the support is really good. I think Trend's support is probably the best of any of the vendors I work with.

I have a few open tickets, and one of them involves the developers. They keep coming back to me with questions that they have passed on to the service representative I'm working with. The developers want to know why I'm seeing something that they think I shouldn't be seeing. I'm generating a report that is supposed to show me all the endpoints on our workload security server that do not have agent self-protection enabled. This is part of the Vision One report. One of the endpoints that the report identifies is our service gateway. It is running Ubuntu Linux and has a Deep Security agent installed, but agent self-protection is not enabled by default. There is a way to enable it, but it's not typically done for Linux systems. Agent self-protection prevents unauthorized configuration of the Trend Deep Security agent service settings. This means that we can't change or stop the service without first disabling agent self-protection.

I would rate Trend Micro One Endpoint Security ten out of ten.

My concern arises when an endpoint lacks One Endpoint Security, as we are not actively monitoring for this. While we possess a scanner, this is why I intend to maintain the on-premises system's functionality. I plan to transition away from the deep security system and migrate the application team to the cloud version, although this transition process is currently pending. I need to retain the on-premises One Endpoint Security primarily for assessment scanning purposes. This involves scanning all items listed in our active directory, along with the subnets for our VPN, to identify unprotected endpoints. During a recent scan, I identified nine such endpoints and proceeded to install the agent on them. Occasionally, there are instances where the agent won't install, but no error message indicates a connection issue or existing installation. Some of them show as not having the agent installed, even though they do, which can happen when the endpoint is booting up during the assessment scan and the agent hasn't yet been loaded. Resolving this is relatively swift, although there are instances where devices not compliant with ACS will trigger a message stating that the agent cannot be loaded. These devices are then flagged, and I work on making them ACS-compliant to ensure proper agent protection.

The noteworthy aspect of One Endpoint Security is that we didn't begin using it extensively until the third quarter of 2021 when vulnerability scanning was initiated. Although we had an Central server, we were not using any policies on it. To enable Vulnerability Protection, we needed to implement endpoint policies in Central. Vulnerability protection involves virtual patching, where regular scans check our operating system's vulnerability to known exploits. It also includes monitoring applications for vulnerabilities and guarding against those vulnerabilities until they can be patched. This process is largely automatic, as the rules to counter cyber threats are introduced until the system is patched, at which point they are removed automatically. In contrast, on the Deep Security side, I need to execute this process manually. A weekly automated scan takes place, followed by an emailed report. This report aids in identifying missing policies or necessitated rule adjustments based on scan findings.

We have to constantly monitor the systems to make sure it is okay. I have email alerts coming in from Trend Micro One Endpoint Security, and Central Systems. I have folders for workload security, deep security, and Trend Micro in my inbox. I check these folders even when I'm not online to make sure there are no major alerts. In a way, this gives me peace of mind. As long as the agents are running properly and there is enough memory and disk space, everything is fine. However, I still have to manually check the System Event Log to see if any One Endpoint Securityendpoints are running out of memory or disk space. We also use SCCM. I set up a scheduled script to create a report of all endpoints with less than 1 gigabyte of disk space. I put this report in a folder that is accessible to all of our school techs and team leaders. This way, they can check the report periodically to see if any endpoints need to be reimaged or have some garbage removed from the disk.

We normally use it as an antivirus and antispam solution. We use it to block USB ports on PCs and do other things like that.

By implementing Trend Vision One Endpoint Security, we wanted to block all the USB ports on the computers. That was our first target. We also wanted a centralized system where we could track and see all the computers at the same time.

It is a tool that is required for our company's security. There were some cases when the software brought it to our attention that we received some documents with malware that we should not open. It blocked the threat. It is very important for us.

Trend Vision One Endpoint Security has advanced protection capabilities that adapt to protect against unknown and stealthy new threats. The ability to adapt to protect against unknown and stealthy new threats is very helpful. We do not need to be concerned with some threats because it is blocking them. It is easy for us to track all the changes. We cannot install some of the applications by ourselves. We need to get approval from the top company.

Trend Vision One Endpoint Security can detect ransomware with runtime machine-learning capabilities. We do not need to be very concerned about attacks because the software is blocking them and protecting our machines internally. It also automatically sends reports.

It provides us with a single console for cross-layer detection, threat hunting, and investigation. We can have just one console and one system to track all the attacks and threats we have. For us, it is a matter of opening just one system and not navigating through a lot of systems to check what is happening. Everything is consolidated in one console. It saves time.

This single console does not provide end-to-end visibility into the entire IT security environment because we have another one for web filtering. Apex One is there as an antivirus and anti-malware solution for protection from threats.

We have integrated One Endpoint Security with Active Directory. It saves a lot of time for us. It is a worldwide solution. It saves a lot of time and a lot of work, especially for IT.

One Endpoint Security gives us the track for the attacks, and we can prepare our end users to be alert about the threats. We can also give them training.

One Endpoint Security is easy to learn, but when it comes to administration, it is not the easiest tool. It requires some adaptation to the system. Especially, if we do not use it every day, we tend to forget how to go to the system and obtain all the results that we need. It is average in terms of working with the system. It is not the easiest one.

It does not take much time to realize the benefits of One Endpoint Security. After we install the software, all the information automatically pops up on the console, and we can track everything from there. Because it is integrated with Active Directory, it is an easier way of managing the work.

It provides us with virtual patching to protect against vulnerabilities even before a patch is available for the source of the issue. This virtual patching is important.

It gives us safety. In spite of the training, users can forget and click on something they should not. We need the security that One Endpoint Security provides.

There has been a reduction in the alerts that we see. We still get some alerts, but not as many as we used to have before moving to One Endpoint Security. There is about a 75% reduction in alerts.

One Endpoint Security reduced the workload. It is integrated with Active Directory. It is much easier to manage and be aware of any threats. It has reduced about 85% of the workload.

Trend Vision One Endpoint Security saves a lot of time in configuration and management.

It is updated automatically without much intervention from our side. We can also get some reports easily.

The menus can be more user-friendly or easier. For example, if we want to enable access to the USB ports, it should be more user-friendly. It is not easy. We need to navigate through several menus to be able to give access.

I have been using Trend Vision One Endpoint Security for the last 5 years.

It is very stable. I do not remember any issues with One Endpoint Security over the last year. For us, it is very stable.

It is good. Most of the time, we do not notice any changes or upgrades. For us, it is straightforward. 

We do not have plans to increase its usage by a lot.

I have interacted with them just for updates, etc. My interactions were not a lot on the technical side. I would rate them an eight out of ten.

Positive

We had Trend Vision locally installed, and it was advised by the company to change to the Trend Vision One Endpoint Security. We wanted to centralize the corporate office.

Before that, I used Kaspersky. In a different company, I also used a cloud-based and centralized solution where we could track all the machines. Before that, I used to work with McAfee, but it was not centralized. It required individual management.

I was involved in the local deployment of One Endpoint Security and not the corporate one. We have several offices, and I was just involved in this one. It was straightforward.

It took five days because we had to go to all the computers and implement it one by one, but we did not spend the whole day just doing that. We were doing it in phases and by departments.

In terms of maintenance, we had to change the version. It took two or three days to perform the change.

We had two people for deployment. We deployed it across multiple locations.

Overall, I would rate Trend Vision One Endpoint Security a 9 out of 10. It is one of the best solutions in the market. It gets integrated with Active Directory. It is on the cloud. It provides good protection from threats and viruses.

We protect our client's desktops, laptops, and other devices. The servers will be protected by cloud and workload security. It's a complete end-to-end inter-security solution.

The solution provides our customers with malware protection. It has a good level of malware protection to protect against malicious threats. It provides protection against a good number of threats, both known and unknown, and we do get more details to help us log and investigate.

We like that we can catch any malicious threats. We have device and application control. We have more features when we complete office scans.

The device and application control are quite valuable. If users use USB sticks, they can potentially infect devices. We have a list of approved corporate policies, and certain things can not be let through to the endpoints. It helps keep companies safe.

We have protection from malware and ransomware. We get notifications from the console and can take action if we see any malicious activity. 

One Endpoint Security has advanced protection capabilities that adapt to protect against unknown threats. It can protect clients from both known and unknown threats via machine learning. This is critical. We can't always expect certain attacks. Some threats may be very new. And clients are still protected. It can protect against behavior monitoring, for example, via machine learning. 

One Endpoint Security detects ransomware with runtime machine-learning capabilities. This is important. Clients need to know whether a program is trying to encrypt their files and, if so, if it's legitimate or malicious. It gives good protection to our customers to ensure their security is not violated.

One Endpoint Security provides our customers with a single console for cross-layer detection, threat hunting, and investigation. We depend on the Vision One console. With One Endpoint Security, we do have two consoles. There's one for managing policies and one for agent management. We used to have the central manager console, however, now we are using OPEX Central for policy management. On the other console, there is for agent management, threat hunting, and other remediation. Soon we'll have one console again that will centralize everything, including alerts, actions, auto-response, and remediation.

There are options to integrate with other products. However, we may not use any integrations. Any logs generated get passed to the SOC team. They get logs from Splunk also and centralize the management of logs. However, my understanding is that everything can be integrated. 

It's easy to learn One Endpoint Security. It does have user-friendly interfaces.

The Trend Micro portal allows you to access documentation and manuals.  It shows you, for example, how it can be configured and how to use certain features. We refer to the guidelines and articles a lot. 

There hasn't been any issue with administering the solution.

Once we implemented the solution, we immediately witnessed security benefits.

We've noted a reduction in issues as we have increased transparency, and we do have more control. Based on that, we can easily modify policies, have better control over enrollment, and have better visibility into infection threats and how issues may enter systems. We reduced the number of infections and the number of hosts getting infected. We've seen a 10% to 15% drop in threats. 

We are using One Endpoint Security as a Service. We do find that having endpoint deployment in the cloud is reducing people's workloads. The setup files can be downloaded so long as there is internet connectivity. We can do both online and offline installations now. With client enrollments spread across multiple locations, it may not be feasible for the IT team to be onsite to do deployments. It's much easier to have everything done online and this approach reduces a lot of work for the IT team (including traveling to locations, et cetera). Travel logistics can be completely avoided. We've likely saved more than 50% of our time having online deployments. 

It's also reduced administrative overhead. Many reports, for example, are now automated and sent directly to country administrators. We've saved around 50% of administrative overhead using One Endpoint Security. 

We use Trend Micro's managed XDR services in conjunction with One Endpoint Security. We get a lot of risk alerts and detailed information about events, including which endpoints were involved in which particular threats. We can get a lot of information directly from the XDR console. It's one of the best places to find more information about threats. We do threat hunting and management through the XDR console. 

The solution does not have virtual patching. 

The role-based access control needs improvement. We have 40 countries in our environment. We do provide admin access to the countries and cities. A French admin may administrate endpoints in Germany, which is why we need better role-based controls. 

We've used the solution for our clients for more than seven or eight years. 

The solution is very stable. Even when it's offline, it's not completely dependent on the cloud due to the agent. That way, you can protect your device even without the internet. And when you are connected, you have the SmartScan protection as well. 

We have One Endpoint Security deployed across 40 countries and around 40,000 endpoints. 

We started deploying with 1,000 or 2,00 devices and now we have tens of thousands. It has good scalability. 

We may add more endpoints and increase usage. 

Technical support is good. Sometimes there may be issues, and we can send them across to Trend Micro's technical team to investigate. From time to time we'll get troubleshooting recommendations from them.

Positive

I've previously worked with Symantec and McAfee. This is my third solution. I find Trend Micro to be very user-friendly. Everything is integrated under one solution. It's a host-based intrusion prevention system by default and we get protection of all four endpoints with it. 

We previously only used free business services such as lightweight protection and OfficeScan.

The initial deployment of One Endpoint Security was straightforward. We have done both online and offline installations. If a local IT can deploy it they will. If not, it can be done online. The installation of the agent is very easy. If an agent is corrupted, we can use a tool to remove it and install the latest version of a new agent. It's very flexible in that sense. With other products, if an agent is corrupted, it's very hard to remove from the system. Here, it's very easy. You can just remove it and reinstall the agent package. 

With good internet connectivity, you can deploy the solution in 30 to 40 minutes. It's very fast. 

We'll download the MSA package from the console. That'll be given to the IT team, and what they do is push from the SCCM console. Once the systems are online, then they can push it to those systems. It can be done in silent mode without the knowledge of the user.

We have three people handling the deployment, and they are working with nearly 40,000 endpoints. Whoever handles implementation needs to have a good understanding of the endpoint protection software and its requirements and basic knowledge about the antivirus policies, as the policies may need to be altered or changed based on the country's requirements. Sometimes you need to have a scan exclusion and whitelist certain applications or URLs.

As a cloud solution, it doesn't require maintenance. 

We have seen ROI reflected in the good protection we're getting on endpoints. 

The pricing is moderate. It's affordable. The costs are variable. You have the flexibility to choose between different options. 

We evaluated Windows Defender and Symantec. Trend Micro surpassed all other options. 

We are an MSP, a managed service provider. We provide malware and security solutions. 

I'd rate the solution nine out of ten. It can protect desktops, laptops, and most other devices. I'd recommend it to others. It offers very good protection. You can scale it, and it offers many good features. 

We use Trend Micro Apex One for our organization to provide security between departments.

It was implemented to help with all the policies regarding our migration.

Trend Micro Apex One does a good job defending endpoints against threats such as malware, ransomware, and malicious scripts.

Its advanced protection features can adapt to safeguard against unforeseen and cleverly disguised new threats. This is particularly crucial in the education sector, where our staff and students frequently visit research websites that may harbor potential security risks.

Apex One can detect ransomware with runtime machine-learning capabilities. This is useful for us.

Apex One provides us with a single console for cross-layered detection, threat hunting, and investigation.

The single console provides end-to-end visibility into the entire IT security environment.

A single console streamlines our response times, allowing us to save up to two hours. Previously, investigating issues required navigating multiple portals, which was time-consuming.

It is easy to learn and use.

The main benefit is the protection of our devices and systems.

We have not received any viruses or malware since implemention.

Apex One has helped reduce our administrative overhead.

The policies, protection, and ease of use are the most valuable features of Trend Micro Apex One.

When I create and implement a new policy, it takes a couple of hours to apply to the devices.

I would like the ability to customize the report notifications and who they are sent to.

I have been using Trend Micro Apex One for almost three years.

Trend Micro Apex One is stable.

It is easily scalable.

The technical support is good.

Positive

We previously used Symantec. 

I would rate Trend Micro Apex One 9 out of 10.

We have 2 administrators for Apex One with 600 endpoints deployed across multiple departments in one location.

Maintaining Apex One is easy.

Trend Micro Apex One is a user-friendly solution with great features and I recommend it to others.

We use Trend Vision One Endpoint Security for threat investigation, DDI, DLP,  analyzer, and email scanning. Other Trend Micro solutions share their suspicious objects with One Endpoint Security , and One Endpoint Security investigates the suspicious items. 

We are using One Endpoint Security  in the cloud because we are a ministry, and we have more than a hundred branches. All the branches are connected and integrated through the cloud. We have 6,500 endpoints or 20,000 if we include all the branches. 

We have all of the Trend Micro products, so it's beneficial to integrate them all and get consolidated logs of suspicious objects and malware attacks in a single console. We can do the same work with fewer employees because of One Endpoint Security's automation. 

I like Vision Central. We can manage all the Trend Micro products from one console. Vision One protects against zero-day attacks. It has a feature where it identifies suspicious objects and traffic. We believe it's easy to learn.

We perform cross-layer detection, threat hunting, and investigation from a single console. This capability is essential. We have 15-point IPS, DDI, and all these different security products that we can manage from one console. One Endpoint Security gives us end-to-end visibility. We can forward all the logs to the same solution and interact with the SOC team immediately. We get an alert about any suspicious objects or abnormal behavior, enabling us to take immediate action. 

We have had some false positives with One Endpoint Security's ransomware detection. We received an alert, but it wasn't a ransomware attack. When we did an investigation, we found it was only malware.

We have used Trend Vision One Endpoint Security for five or six years. 

One Endpoint Security is highly stable. We have multiple devices configured in high availability. One is active, and one is passive. It's always active and working fine.

One Endpoint Security is easy to scale because some of our devices are VM-based, so when we need that scalability, we can increase the RAM or CPU.

I rate Trend Micro support 9 out of 10. We have contacted them many times. They provide immediate answers and sometimes connect remotely to solve problems for us. 

Positive

We had QRadar and Symantec before that. We did a POC for Trend Micro with good results. One of the biggest benefits is that it is a consolidated solution. Everything is managed from one console. 

The setup wasn't complicated. A Trend Micro engineer deployed it for us. We had an Active Directory deployment and pushed it to all our branches using our management software. 

Every year, the ministry does POCs for other software. We recently did a POC for a Microsoft solution to replace One Endpoint Security , but we are fully satisfied with One Endpoint Security . One advantage of One Endpoint Security is that it's manageable. Once you change the policies, it updates the endpoints automatically. 

I rate Trend Micro Vision One Endpoint Security One 10 out of 10.

We utilize Trend Micro Apex One for endpoint security across all of our clients, managing it centrally alongside the entire Trend Micro suite.

We implemented Trend Micro Apex One to improve our endpoint security.

Trend Micro Apex One is able to identify threats and notify us to investigate from a central location. From there we are able to inform the client and disconnect the affected device to protect the environment.

Apex One employs advanced protection features, including behavior analysis, to adapt to and defend against unknown threats. Apex One's ability to recognize abnormal behavior and terminate processes is crucial for safeguarding our organization's security.

Apex One utilizes runtime machine learning to detect ransomware, a crucial feature for safeguarding our data from ransomware attacks.

We utilize Apex Central as a single unified console for comprehensive management, enhanced visibility, and effective cross-layer threat detection, hunting, and investigations. As managers of Apex One, we require a centralized console for comprehensive threat detection, investigation, and hunting across all layers of the environment to effectively monitor and manage client performance.

Apex One's single console provides end-to-end visibility into the entire IT security environment.

The end-to-end visibility has significantly reduced our response time, enabling us to respond within five minutes.

We have integrated Apex One with other security products. Apex One is able to deploy rapid updates within ten minutes of detecting threats in the network sandbox. 

The ability to deploy updates immediately is crucial for me as a security manager.

Apex One is easy to learn.

Administering Apex One is more straightforward than the other products I manage.

Apex One has helped improve our production. We were able to see the benefits within two months.

Apex One offers virtual patching to mitigate vulnerabilities that attackers could exploit.

We have seen a reduction in viruses and malware since the implementation of Apex One.

Apex One has reduced our administrative overhead because it is easy to use.

Trend Micro Apex One's centralized management is user-friendly and efficient. It provides comprehensive visibility into all client logs and seamlessly integrates with other products, such as CM. This well-structured design facilitates effortless monitoring of the entire environment from a centralized location.

The time required for Apex One to notify us of detection in the central console should be reduced.

I have been using Trend Micro Apex One for almost seven years.

I would rate the stability of Apex One nine out of ten.

Apex One is scalable and can easily manage up to 5,000 endpoints.

Our client has 5,000 employees, and each employee uses two laptops. Therefore, we have plans to increase the usage to cover 10,000 endpoints.

The technical support is good. They are able to action our requests.

Positive

We previously used Kaspersky Endpoint Detection and McAfee. We switched to Trend Micro Apex One because it offered a lower price, better central management, and is a popular solution in our country.

The deployment was straightforward and took approximately six hours to complete. The vendor provided us with resources in advance, including database and IS configurations, before arriving to implement Apex One. This facilitated the download, implementation, and licensing of Apex One. One person was required for the deployment.

The implementation was completed by a third-party vendor.

The price of Apex One is competitive and lower than the prices of the solutions we compared it to.

We evaluated the different Kaspersky and McAfee offerings in addition to Trend Micro.

I would rate Trend Micro Apex One nine out of ten.

Two people are required for maintenance.

I recommend Trend Micro Apex One. It is a good solution.

Many clients come to us after they have been attacked by ransomware. They often ask us to immediately remediate the situation, but this is not possible once a system has been compromised. However, we can usually install Trend Micro Apex One or a Cloud One product right away. This is our standard response to these situations.

Most of the clients I work with are hospitals. They have been using a different endpoint security solution, but they were attacked by ransomware and reached out to us for a different solution.

In one of the use cases we worked on, we simply installed an endpoint security solution. During the proof of concept, the hospital actually encountered a ransomware attack. There were two systems that were attacked: our test PC running Apex One and the other that was using the existing endpoint security solution. The Trend Micro-installed PC was able to navigate the attack, but the files on the other PC were corrupted.

We also simulate other attacks, such as ransomware or simple malware, using the Intelligent Content Analysis and Response tool. We then check the Device Control feature. Apex One also has data loss prevention and application control features. The DLP feature is not as comprehensive as a full-blown DLP solution, but it can be used to leverage regular expressions, specific keywords, and specific attributes. We also test the application control feature.

Our most recent testing has been with the new Vision One product. This is an extended detection and response platform that can be integrated with not only Trend Micro's other solutions, but also with other security solutions from different vendors, such as SIEM, firewalls, NDR, and vulnerability management systems.

When we test the integration of Apex One and Vision One, we focus on automation, remediation, and cost analysis. We can see how an attack was carried out, down to the file level, hostname, and user. If Vision One is integrated with Active Directory, we can also see who the user was at the time of the attack.

This is the scope of the usual use cases we perform during proof of concepts for Trend Micro Apex One.

I would rate Apex One nine out of ten for its ability to defend endpoints against malware, ransomware, and malicious scripts.

Apex One can defend against zero-day attacks and stealthy attacks. This is important because in-house applications can have many vulnerabilities, such as coding errors and misconfigurations, which attackers can exploit. Having Apex One as an advantage would give clients a head start in defending against unknown threats.

It uses runtime machine learning to detect ransomware. Machine learning allows us to monitor activities and suspicious behaviors running in our system, not only at the file transfer level but also at the library and registry level. This is important because it allows us to identify potential threats. Runtime machine learning can see any entry points that ransomware might use to infect a system.

Trend Micro has announced that they will be migrating the Apex One platform to Vision One, which can be integrated with an XDR.

Our clients have integrated Apex One with a vulnerability management firewall, SIEM, MFA solutions integrated with Azure AD, and the native security of Microsoft 365.

Apex One is user-friendly. For those familiar with an endpoint security solution, it will not be difficult to learn Trend Micro Apex One. However, for those who are new to the solution, they will need to take some time to learn the ropes.

Administering Apex One is straightforward, especially for the SaaS solution compared to the on-premises solution. This is because we only need to download the installer. The installer is large, around 400 MB. Once we install it on the system, we can communicate with the management console, which is the same for both solutions. We just need to make sure that all required communication ports, FQDNs, IP addresses, and ports are allowed on the firewall. We usually take into consideration the clients when we are doing POCs, and we need to work with the infrastructure team to check on this.

Apex One provides our clients with virtual patching to protect against vulnerabilities. From the perspective of an impending threat, if a client is able to patch the vulnerability in the meantime, Apex One can see the potential threat and take action to protect the client. This is done by identifying the signatures of the vulnerability and creating a virtual patch. It is important to make sure that clients understand that this is not an official patch, but rather a temporary measure that can be used while the official patch is being developed and applied.

Before using Trend Micro, many of our larger clients, which are hospitals, were constantly attacked by malware. However, after adopting Apex One, the viruses and malware have been significantly reduced or eliminated altogether. This is why they continue to renew their subscriptions to Trend Micro.

Most of the time, we recommend the SaaS version of Apex One because the on-premises solution from Trend Micro requires significant resources from the client. If they do not have the necessary monetary resources, they will need to take this into account. This is because when we build an on-premises Apex One, we need two servers: one for Apex One on-premises and one for Apex in Cloud. Additionally, if we leverage the entire SPE package, we will also need a server for mobile security and file and drive encryption.

The endpoint deployment in the cloud has helped our clients reduce their staff workload, especially on the maintenance side.

Apex One has helped reduce our client's administrative overhead.

Some of our clients use Trend Micro's managed XDR service and they love it because the automation makes things easier for them. 

The ransomware protection and behavior monitoring features of Trend Micro Apex One are actually good. All endpoint security solutions are in the market to defend against and remediate threats. However, Trend Micro is particularly quick to identify suspicious activities. Any malicious virus or malware that can be extracted from the system is something that they can leverage and work on. One way they do this is through virtual patching. Most of the time, vulnerabilities come from legacy operating systems. These operating systems cannot always be updated, such as Windows 7. If Microsoft announces that it will no longer update a specific operating system, there is nothing that can be done about it. However, Trend Micro can anticipate specific vulnerabilities that can be exploited due to the lack of updates. They can then leverage these vulnerabilities to create a virtual patch that can be applied to the specific system. I believe this is one of the many highlights of Trend Micro Apex One.

One of Trend Micro's weaknesses is its high resource utilization. Many of our clients have complained about this, and it is a valid concern. However, we assure our clients that the level of security that Trend Micro provides is worth the high resource utilization. Trend Micro is very fast at detecting and protecting against threats. For example, they were able to identify suspicious signatures for a ransomware attack that was happening worldwide months before the attack actually occurred. We believe that this level of threat intelligence is a major strength of Trend Micro. Of course, no security solution is perfect. There are always ups and downs. However, we believe that Trend Micro's strengths outweigh its weaknesses. However, we do not only offer Trend Micro for this reason.

I have been using Trend Micro Apex One for four years.

Trend Micro has consistently been in Gartner's Leaders Program year after year. Apex One is stable.

Apex One is scalable.

The initial setup is straightforward. We usually plan and gather data before implementing. We ensure that there are no residual old endpoints installed in the system. We then set expectations with the client and proceed with setting up the management console. We install the system step-by-step and then work on the policies. We also integrate with other systems and transfer knowledge and troubleshooting skills. 

I usually complete the deployments on my own, but for our larger clients with over 2,000 endpoints in different locations, we need to be on-site. For a three-month deployment of those 2,000 endpoints, we allocated three engineers. There was also one time when we had to allocate a lot of engineers for a government agency with eight thousand employees.

The pricing for Apex One is midrange, and worth the costs.

I would rate Trend Micro Apex One an eight out of ten.

All security solutions require maintenance. But with SaaS deployment and SaaS security solutions, most of the maintenance is actually covered by the principal itself.

Apex One can be resource-intensive and have high utilization, but it does a great job protecting our clients' endpoints.

The major focus of the client was to protect their endpoints and systems, which include all endpoints they are using, whether they are laptops or desktops. The solution provides all the visibility and threat detection and response needed to reduce the attack surface and manage risk, securing their endpoints.

The implementation of Playbooks and automation led to a reduction in manpower, as everything was automated. With pre-scheduled playbooks, they were assured that Trend Micro could handle threats efficiently, reducing manpower needs and enhancing cost efficiency.

The solution offers great visibility into their IT infrastructure and uses industry-leading threat intelligence strategies. The integration of ML and AI provides complete visibility, suggests responses, detects threats, and includes integration into XDR, which covers email security, endpoint security, cloud security, among other aspects.

There were challenges in uninstalling the Trend Micro solution from certain endpoints. 20% to 30% of endpoints faced difficulty in cleaning or uninstalling the software, and we required additional documentation and technical support.

We have deployed Trend Vision One Endpoint Security and have around three to four, four to five months of working experience with it.

The stability of the solution has been rated as eight out of ten.

The scalability of the solution is good, and I would rate it around eight out of ten.

I have not needed much technical support except during the uninstallation issues, which took some time to resolve. Therefore, I would rate technical support around six point five.

I would rate the initial setup as 6.5 to seven on a scale of one to ten, where one is difficult and ten is easy.

I would recommend this solution to others as it is one of the great solutions that I have worked with before.

I'd rate the solution seven out of ten.