TrendAI Vision One Reviews

My company is Kyndryl, and we work for a UK-based financial institution. That client, the financial institution, has TrendAI Vision One. By using TrendAI Vision One, we are monitoring and doing day-to-day tasks.

In this project, it is related to XDR, but there are many modules. Currently, they are using only HIDS and HIPS. There are many other modules available, but all the modules are based on the license, so they are using only a few of them.

Compared to my previous experience where I worked on some other EDR tools, TrendAI Vision One has many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.

Basically, each endpoint device has an agent called the TrendAI agent, similar to a CrowdStrike agent. The agent is monitoring two things: system events and security events. Based on the events, they are pulling the data at the console for the security team. We monitor if any unusual things happen, and then we have to react. The agent installed on endpoint devices is helping us monitor and do the work.

In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features, but I do not remember. However, it has a very good feature, as I mentioned, Cyber Risk Exposure.

Actually, in Cyber Risk, if I want to see the device level and how many devices have some vulnerability, if I click the device, it will show the count. For example, it is showing that two, three, or four devices are detected with this kind of vulnerability. If the devices have Apache Log4j vulnerability or OGNL, then based on the operating system, if the device has Linux, I have to reach the platform team and say "Okay, this system has this kind of vulnerability, and you have to patch the thing" or update the software. From here, I cannot update anything or upgrade the agents. There is some dependency, you could say.

For deployment, I think it is easy and does not require much effort. I have not done the deployment myself, but for some point in time, for a few of the servers, we have done it, and it is easy and does not require much.

For this, it depends on two or three factors. First, we have to confirm why this alert got triggered and what is the IOC. For example, if it is some private IP, then I have to reach out to the different teams. In my case, I have to reach the vulnerability management team because they have Nessus and Qualys tools, which are vulnerability scanner tools. What they mostly do is they try to scan the particular server and devices, targeting the server. When the IP, let us say the Nessus IP, leads to a server, TrendAI Vision One tries to understand "Okay, I think someone is trying to recon this particular server. This is not a usual thing," so they generate the alert. I have to go through each and every alert, and based on whether the IP is private, I have to reach out to the VM team and other teams and try to confirm whether the IP is genuine or from somewhere else. After that, I have to fine-tune inside TrendAI Vision One, and then they will automatically reduce the false positives.

In my case, I can say that earlier we received many alerts related to recon alerts. If I closed and whitelisted two, three, or five IP addresses, the total has been reduced by approximately 40 percent. Earlier, we received more than 400 or 500 false positive alerts, but nowadays we receive hardly 10 or 15 alerts.

My client is not a small bank. I think it is one of the big banks in the UK, but I do not want to tell you the name. It is very big.

In TrendAI Vision One, there are many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.

They have another feature called Workbench inside the XDR. What Workbench does is that if you receive 100 alerts one day, the Workbench correlates all the alerts and tries to find similar ones. Then it generates one ID. Inside one ID, if 10 alerts are similar, it will consolidate all 10 alerts as one Workbench ID. Inside the Workbench ID, if I investigate and close the Workbench ID, on behalf of that Workbench ID, all 10 alerts will be closed automatically. There is no need to go through each and every alert one by one. This is also a very good feature inside TrendAI Vision One.

In terms of centralized visibility, I can say that it saves much more time. If for one thing I have to go through different tools, obviously I have to invest much more time for a single alert. But here, if one alert triggers, I can correlate with the help of different modules, which is nothing but easy for me.

There is also an inbuilt AI tool inside TrendAI Vision One. Sometimes if I get stuck somewhere during the investigation, I use this AI chatbot, which is known as a companion inside TrendAI Vision One. If I put a use case or ask "Okay, I am here, what do I have to do?" That companion, which is nothing but a chatbot, will go through whatever I put inside the chat, analyze it, and mention some steps. It will say "Okay, from here you can go" and "You can do these things." It is also a very good feature and it makes it easy for me.

As I mentioned, because of that one feature, Workbench ID inside the XDR module, it reduced much more time compared to other tools. But I cannot say a specific number. It is very difficult for me. However, it saves a lot of time. As I mentioned, if 10 alerts are received, in another tool, I have to go through each and every alert one by one. But here, they correlate the alerts based on whatever the IOCs are and why this alert got triggered. Based on the alert, they consolidate the alert. If all 10 alerts have a similar property, they consolidate and generate one ID, a Workbench ID, and they consider it as one. So if I investigate one and close it, all 10 will be closed automatically.

It is very nice and very helpful. It reduces the overall response time. It is very helpful. It is known as a companion, and that one chatbot is known as a companion inside TrendAI Vision One.

In TrendAI Vision One, a few days ago, there was one issue related to resource utilization at some servers. It was not clear whether the reason was the Trend agent or some other security agents such as Sentinel or something else. In this kind of situation, we get stuck. Then we have to reinstall and do all those things.

In Tanium, we have an advantage where even the security team from their end can update the patch. But in TrendAI Vision One, there are no features such as this. We have to depend on the platform team.

They could improve the support case experience because whenever we reach out to the support team, in response, they first put what I think are some ready-made templates, and they just put it as a reply. If I raise a case, they have some ready-made templates. This is my opinion and thought from following some different cases. They can improve here because they just simply reply with whatever they have. Then again, we have to mention more things, and after that, they reply with some genuine points. But initially, they just put some ready-made templates, I think. They can improve here.

I have been using this product for more than a year. In this project, it has been more than a year.

It is stable. I think it rates 9 or 10.

Regarding scalability, if we are talking about it, and if we currently have a thousand servers and increase the count, then we can test the scalability. As of now, I have not gone through it, so it is very hard for me to say much about the scalability.

I do not have that much level of access to other parts due to policy, and they are not using all other modules due to licensing limitations. I cannot say much more about other things because TrendAI Vision One has many modules.

Negative

In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features.

For deployment, I think it is easy and does not require much effort.

You could say 5+. I started my career as a SOC analyst.

I have not used other products, but there is another product called Tanium, which I learned about. In Tanium, we have an advantage.

I need to note that the overall rating I would give this product is 7. It is not bad, but initially, they put some ready-made templates, which I do not like.

I do not know about other projects because here they segregate the team based on the project. I am working for the UK-based project, and some other people are working for the AU-based project. Different people worked in different countries. I do not have any other idea about other projects or whether they are using TrendAI Vision One or not. I cannot say anything.

Definitely, it requires maintenance. If agents are not compatible with particular devices, we have to reach the support team and take help from there, and then we have to upgrade and update based on the risk and compliance policy.

There are many other modules available, but all the modules are based on the license, and they are using only a few of them.

Our usual use cases for Trend Vision One involve the detection of any kind of threat. We are getting alerts from the workbench on Trend Vision One and we perform threat hunting. If there are false positives, we close them, and in the case of true positives, we take action toward remediation and closure. Predominantly, we use it for threat management.

Trend Vision One is an integrated platform where I can get all the information about all the endpoints, whether it be a server, laptop, or desktop. Everything is integrated, allowing me to see everything within one console; that is one of the greatest advantages of Trend Vision One.

In terms of centralized visibility and management across protection layers, Trend Vision One provides protection across all attack vectors. It allows us to manage threats in all phases. We can even perform forensics where we can collect suspicious files remotely to submit to Trend Micro.

Trend Vision One helps reduce the time to detect and respond to threats. We get alerts in real-time. We receive notifications as email alerts, as well as alerts in the console. Through the workbench, we can monitor the console 24/7 with real-time information; there is not much delay.

Trend Vision One has helped us reduce noise from false positives, thanks to the SOAR functionality. We are able to configure automatic responses, and in case any false positives are identified, the Vision One console takes care of them automatically. This helps us reduce a lot of false positives.

Trend Vision One has indeed helped consolidate our use of security vendors and reduce silos. We sometimes get threat notifications from other vendor products, such as Microsoft Cloud App Security, which identifies threats, and we can trace similar traffic from the endpoints in Vision One. This correlation adds more value for our clients.

The most valuable feature of Trend Vision One is response management; when there is a malware issue, we need to isolate the endpoint, which I can do through response management. I can isolate an endpoint, restore the endpoint, and run manual malware scans, which will be very useful when performing malware remediation actions.

In future releases of Trend Vision One, I would like to see improvements regarding role-based access control, as it is important to ensure that when granting admin access to a person, their visibility is limited to only their respective markets. For example, while creating roles for countries like France, Germany, and Italy, they should only manage their own endpoints to maintain privacy and security.

I have been working with Trend Vision One for more than 2 years.

I have not encountered any issues with the stability of Trend Vision One. There have been no problems at all.

Stability is critically important for us with Trend Vision One; it is very stable, providing continuous 24/7 support, and we do not face challenges in accessing services from Trend Micro.

Regarding scalability, Trend Vision One accommodates many endpoints without any challenges, allowing easy expansion of our portfolio.

I would rate the technical support for Trend Vision One a perfect 10 out of 10, as Trend Micro supported us throughout the transition from on-prem servers or other vendors, providing top-notch service at all times.

Positive

Before using Trend Vision One, we were utilizing McAfee, and some of our clients were using Symantec. Currently, most clients have transitioned to Trend Micro.

The decision to switch from McAfee was driven by factors such as high costs and the global presence of organizations. Trend Micro has a more robust global reach and its pricing is very competitive compared to McAfee.

The initial setup of Trend Vision One is not complex; it is straightforward. We had the options in the Trend Vision One console, and we received training from Trend Micro-certified administrators. We had knowledge transfer sessions, and later, we successfully migrated our products from on-prem servers to the cloud. 

We have been using the product for more than 7 to 8 years, and we did not face any challenges during this migration.

We have seen a return on investment with Trend Vision One, primarily in terms of having more confidence in addressing any kind of suspicious activities. Any such activities will be notified to us, allowing us to take action. The return on investment is apparent in managing the endpoints and addressing suspicious activity that might otherwise go unnoticed.

It has saved about 25% to 30% of our time. The risk has been reduced by more than 25% after switching to Trend Vision One.

Its price is very decent. It suits our requirements.

I did evaluate other options, including Microsoft Sentinel, but ultimately, most vendors choose Trend Vision One.

The factors that led us to choose Trend Vision One over Microsoft or other options include costs, and since we already have Microsoft for other protections (like M365 security protection), we opted for protection with a different vendor, rather than the same vendor.

I would rate Trend Vision One a nine out of ten.

TrendAI Vision One provides a platform where everything is consolidated. I started with the proxy and then moved on to the XDR, which TrendAI Vision One provided. We collaborated with them, had POCs for the customer, and they liked it, going ahead with it. The main scenario was to integrate with the cloud security platform since the customer had a hybrid platform and needed one-point access to view the whole infrastructure in one place rather than having different solutions for each cloud and device.

The best feature of TrendAI Vision One that I like the most is the investigation graph, which was the main point demonstrated during the POC. If an attack happens and data is exfiltrated or an attacker finds a backdoor into the system, I need a graph of it rather than going to third-party sources. TrendAI Vision One XDR provides this graph, which helps visualize and make RCA and incident understanding easier, especially when presenting the findings to management.

TrendAI Vision One has greatly reduced my time to detect and respond to threats. After the implementation, I see how it integrates with the SOC team, and the XDR is so consolidated, making it easier for the SOC team to analyze tickets since it does not export logs from different components. The logs from TrendAI Vision One are easy to understand, which has helped me reduce false positives and determine whether they are true or not without checking each system individually, which made my job much easier.

The ability of TrendAI Vision One to provide centralized visibility and management across various protection layers is the best part for me. Many may not appreciate everything under one roof because it creates confusion, but once you get familiar with the dashboard, it becomes easy to navigate. However, it can create confusion because everything is under one roof, showcasing both pros and cons.

Aside from the investigation graph, I find that sometimes when we collect data, the UI seems a bit laggish and is not that interactive during that process. When we extract logs, it can be a bit slow, but everything else is acceptable.

The UI does lag a bit.

The implementation of TrendAI Vision One was not easy; it is not a one-click process. I prefer it for larger organizations that can allocate team resources because the implementation can be complex. Resource utilization is quite high, and there is a scarcity of resources focused on TrendAI Vision One. The availability of troubleshooting guides is not as high as with some other vendors, creating some difficulties, but it is manageable because their support is good. When I open a ticket, they respond quickly.

I have been using TrendAI Vision One for two years in my previous organization, and right now, I am implementing it as a system integrator at our customer location.

Stability-wise, I feel there are times when it is not a stable solution, but I also had another client where it worked smoothly, and I did not have to revisit it often. However, in hybrid setups, I do face multiple issues, but the on-premises platform works quite well.

TrendAI Vision One is scalable. We have deployed it for the maximum users, around two hundred to two hundred fifty, and it handles that well.

For TrendAI Vision One's technical support, I would rate it around seven point five to eight, so let us give it an eight.

Positive

I have worked with SentinelOne and multiple other solutions, and from a user experience perspective, I find SentinelOne to be more convenient compared to TrendAI Vision One. However, for consolidation, the fact that I can find everything under one roof is a plus for TrendAI Vision One, despite my preference for ease of user experience in other products such as SentinelOne.

The implementation of TrendAI Vision One was not easy; it is not a one-click process. I prefer it for larger organizations that can allocate team resources because the implementation can be complex.

In my organization, there are only four TrendAI Vision One specialists, including me.

I would estimate that overall, I have seen approximately a twenty percent return on investment.

I would not say TrendAI Vision One is cheap; I always recommend it for mid-size to large-sized enterprises, not for SMBs, as I have other solutions suited for them. I have never pitched TrendAI Vision One to SMBs because I believe it fits mid-sized to large-sized businesses better.

I have worked with SentinelOne and multiple other solutions, and from a user experience perspective, I find SentinelOne to be more convenient compared to TrendAI Vision One.

I actually believe that it has reduced false positives by more than fifteen to twenty percent.

The switch to TrendAI Vision One did reduce risks significantly. Deploying XDR created a spiderweb effect, monitoring every endpoint and node, which mitigated many attacks and helped prevent some.

The built-in AI is important, and I am currently working on certifications from TrendAI Vision One to better pitch it to AI development companies to demonstrate its benefits. I need hands-on experience with it before I pitch to those companies.

Overall, from implementation to operations, I would rate it a seven.

I do recommend this product; it depends on the case-to-case scenario. If a customer wants everything in a single platform, I recommend TrendAI Vision One without hesitation. Its good support and lack of major issues influence my decision to pitch it to customers looking for a consolidated platform. My overall review rating for TrendAI Vision One is seven.

I am from a partner firm and I deploy TrendAI Vision One at multiple customers. I implement the solution to multiple customers.

The main use cases which I have heard from customers are that, from the email point of view, email security is the first priority. They are searching for a solution which provides email security, which is able to block the files with an integrated DLP.

One of the best parts of TrendAI Vision One is its email security and the endpoint. Email security it provides at the API level, so it offers both MX Gateway and API, but usually we deploy it using API.

TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves, or the agent handles it. In this case, the agent will give you the logs.

TrendAI Vision One also has an XDR. This XDR helps you collect logs from multiple sources. It will correlate the logs of your databases, your endpoint, your servers, your mail, and using all these data silos, it will give you a report if any anomaly or any malicious file is detected or any virus pattern is detected.

Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.

It uses AI to check the logs, to find the malware or to find any phishing attack. It uses an AI and ML engine for that. There is also another AI agent inside the console. For example, if I want to find a policy or check a user, the AI agent can assist me.

They have recently launched a Zero Trust Secure Access, which is a version of SASE. Using their single agent, which is for endpoint, the same agent you can use for Zero Trust Secure Access. So you do not have to install multiple agents. One single agent can work for multiple things for SASE and for endpoint.

Its deployment is easy and fast. TrendAI Vision One console has all the features, like one single console provides email, email security, endpoint security, server and workload protection, XDR, cyber risk management, all the things in one console. It provides a good overview from a CISO and manager level. Whenever I have a meeting with the management, I show them that. Your cyber risk score is this much, from a comparison point of view.

It has another feature which can detect the unknown processes or malicious processes using its AI technology, which may be forming or in the initial stage of a ransomware attack. It is quite good in capturing that also.

From the functionalities perspective, the agent is quite heavy as it can scan different types of files.

None of my customers have faced any attack. We have detected many attacks using ransomware protection and phishing detection.

Although there is a point of improvement in the endpoint protection.

Email security sometimes may lead to some true positive attachments.

One thing I would say is not a good point is they do not have a specific licensing structure. If I bought licensing for 500 users, they convert the licenses to a credit system.

If I am a mid-level enterprise, it provides everything like an integrated DLP. I do not have to spend more money buying other solutions. One solution is enough to cover my DLP needs, endpoints, XDRs, and email security.

In endpoint also, if I have 500 customers, and if I want to change a policy, I have to make a new policy for them and add them to it and then change the policy. This is a complex process.

Management is a bit complex and it could have been easier.

The positive point is centralized management. If you are a mid-level enterprise looking for a solution for most of your cybersecurity products, TrendAI Vision One is a good centralized platform. You should go for it.

I have been working with TrendAI Vision One for almost one year.

Since TrendAI Vision One is a SaaS-based platform, I have never faced the issue of the platform going down or any issues on the console. It is hosted on the cloud, so it is good. I have never faced that issue.

TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves. But in this case, the agent will give you the logs. They have an investigation team that will give you an EXE to collect the log and EXE to clean your system, a diagnostic tool.

Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.

Positive

I have used other tools such as Check Point. In email security, the number of false positives is less in TrendAI Vision One in comparison to Check Point.

Within a day, you can deploy the whole solution in your whole company, maybe 500 users, 1000, or 2000. Within a day, you can deploy the solution of email security.

The first benefit is the ease of deployment using API. You simply have to link the Outlook or the Google Workspace API and within two minutes it is synced.

For endpoints, you have a script. You can simply run that script in your AD server and you can install multiple agents in a few minutes on most of your machines in the network.

My use case for the solution is primarily for EDR purposes, but we are also starting to use the CREM.  This technology allows us to see our endpoints within seconds to ensure they are NIST 800-83 compliant.  This technology is critical in today's world as there are many customers requiring this now.  

We have used advanced threat intelligence, and we continue to do so. There is a way to run a threat query to find where a certain item is located. For example, Quick Assist from Microsoft was used a while back to gain access to our environment, and we didn't know it at the time. Of course, we've since locked that down. Now, we can also use that query we created to monitor if someone tries to use it again. I recently saw an attempt to use it, but they couldn't succeed because we have it blocked. It's really good to know these things, and without the available technology, we wouldn’t be able to do this.

Trend Vision One's automation capabilities have helped, for example, with atypical travel. We have a playbook set up. When Trend Vision One finds someone signed on in the United States and then catches them signed on in Africa, it will immediately run a playbook. This will disable that profile and prohibit that person from logging in. That is huge when you consider the possibilities of what could happen if we didn’t have that feature.

Our response time is greatly enhanced because of all the features that Trend Vision One offers. It simplifies things and makes it clear what’s going on inside our environment. With just a click of a button, we can get the information we need. We can mitigate issues very quickly using Trend Vision One. We can isolate endpoints, effectively removing them from the network while still accessing them through the Trend Vision One console. Additionally, we can run malware scans instantly on computers, and there are so many features available that it can be hard to keep track of them sometimes. Overall, Trend Vision One has really helped a lot. When it comes to time savings, I would estimate that our response time has improved by at least 40%.

Using this solution has benefited our business greatly. It keeps me informed of everything happening in our environment. We have site admins at every location with specific admin authority to do certain things. Trend Vision One monitors that, allowing me to validate actions taken by admins. Trend Vision One caught various incidents, and it gives me a clear understanding of our environment and its activities, with quick searches and deeper capabilities.

With Trend Vision One, my favorite feature is the app they provide. You can turn on different features and notifications. The other night I was sitting at supper when the app went off, and I got an alert that was very strange. It turned out to be an event, and we got our cyber team together to mitigate the issue with Trend's IR Teams help, preventing any major problems. That app is a lifesaver.

The dashboard provides extensive information. It gives detailed information regarding endpoints and servers, tracking everything. You can search for things and run threat analysis. There are many features within there, and it's difficult to pinpoint one because all the features work very effectively together.

The centralized management feature contributes to faster decision-making within our security operations, greatly enhancing our response time. With all the features that Trend Vision One offers, it simplifies things. It clarifies what's going on inside your environment; with a click of a button, you can see what's happening and mitigate very fast.

In Trend Vision One, there is always room for improvement. The console is well done, but there might be a bit of improvement needed with the app's capabilities. I know they are constantly working on it, and they have regular Webinars "What's New In Trend Vision One" to share updates and enhancements that are taking place.  

Trend also allows its VIP customers to pretest new features or products and enables us to give feedback on those we test.  This is an incredible benefit to Trend's VIP program.  I do not know of any other product like Trend Micro.

I've been using this solution for quite a while. It was about eight years ago when our company had Trend implemented at every location. We have eleven locations overall. In my opinion, it wasn't managed properly; the situation was quite poor. There were many updates that were needed. I approached management and expressed my desire to take over the project. I said, "I want this. I will do it, fix it, and make it work." Management agreed and gave me the responsibility.

What I did next was take all the servers, fix and upgrade them, and prepare them for migration to one on-site server. After that, we decided to move to the cloud. I gathered everything together and worked with Trend to get all of our endpoints and servers transitioned to the cloud. It's been an ongoing process with Trend, as there is always something that needs to be done.

I rate the stability of Trend Vision One as a ten out of ten.

I would rate the scalability of Trend Vision One as nine out of ten.

It is really good. They even have a feedback system to report suggestions or problems, which are addressed promptly. We also benefit from 24/7 monitoring, and we have direct contacts for technical issues and ongoing weekly support calls.

I would rate them a nine out of ten. There's always room for improvement. Five years ago, I would rate it as a five, but support has significantly improved in availability, responsiveness, and keeping me updated.

We purchased the software through CDW, which used to be called Sirius. That's how we acquired it. I have several contacts at Trend that I can reach out to directly, as I have been working with them for about eight years. They have helped me implement the software directly. I worked with Trend through the entire process. They have a learning platform with videos that break down each product. They show you step-by-step how to implement or use each solution. Trend Micro Service One, monitors our corporation, 24/7/365 support service. We can contact a representative, and they’ll get back to us if we encounter any problems or technical issues in our environment. They’ll even join us on a conference call to help. We also have a weekly call with them, where we can ask questions, and they guide us to the right resources and documentation. It’s really an incredible support package.

It wasn’t complicated to deploy. Now they offer a product called Server and Workload Protection, which is tailored specifically for servers. We're in the process of upgrading our servers to use this product. It’s more focused on server-specific security and functionality. When I used it about five years ago, the process was quite complex. I had problems and issues. Over the years, we moved away from the product — about four years ago — and we’re only now starting to return to it. The changes made in those four years are incredible. It’s like night and day. What used to take me days to deploy to one server now takes about half an hour. Trend is constantly updating, enhancing, and improving how things are done. It’s a continually evolving package. They’re even integrating AI capabilities now, which will greatly enhance what Trend products can do.

The capability of Trend Vision One to be deployed both on-premises and in the cloud has been extremely beneficial to my organization in terms of flexibility and scalability. Being in the cloud eliminates the need for on-prem servers. With several divisions, managing all of those on-prem servers was a nightmare. It was not an option, so I migrated to the cloud, which is a one-stop shop. We have our entire corporation in the cloud, making it easy to see everything without logging onto multiple servers; this saves a lot of time.

The solution itself does require some maintenance. The updates are automatic, so we don't need to manually check. However, some endpoints have to be maintained more carefully, ensuring they are fully updated because missing MS updates can prevent Trend Vision One from working correctly. It's good practice to keep everything up to date, which is crucial for managing over 1,000 endpoints and 200 servers. Trend Vision One allows us to see all software on a person's computer, even outdated web browsers, and it flags potential threats, which is an incredible feature.

In my organization, approximately three people work with Trend Vision One.

In terms of return on investment, I've seen a 100% return. It has paid for itself. Our company went through a ransomware event, and if Trend Vision One's IR Team had not stopped it, that could've closed the company's doors.

Trend Vision One is definitely cost-efficient compared to other solutions. I have seen others that are double or triple the price. I'm surprised Trend Vision One hasn't raised their prices, considering everything offered. Depending on the features selected, cost varies, but overall, endpoint and server security is very reasonable.

Comparing Trend Vision One to other solutions, I've seen other vendors with complicated software requiring extensive training to understand. If software is that hard to learn, I don't find it to be a viable solution. Learning takes weeks or months, potentially creating holes in security instead of securing it.

I would absolutely recommend Trend Vision One to other users because it's cost-efficient and it just works. It tells you what you need to do, alerts you of threats, and informs you about software needing updates. They have an IR team that is exceptional and works on the mitigation and remediation until all issues have been resolved!  Over time, it becomes easier to understand, especially moving from on-prem to cloud deployment; there's no comparison. 

I would rate the solution overall as a ten out of ten.

My use cases for Trend Vision One are typically reactive, letting it scan and monitor our environment, and we typically respond quickly to any workbenches that come up. 

We also try to adapt to the Cyber Risk Index or the security score, keeping that at the lowest amount possible on a weekly or bi-weekly basis as we push out updates and do maintenance.

My favorite features in Trend Vision One include the Cyber Risk Index, which breaks down various pieces of info into one easily digestible score. I appreciate the workbenches. They provide a visual of how they operate for the most part, and I value the in-depth details they offer since we can mostly operate off of that, giving us enough info to crunch and figure out what's happening.

While it's not an actual feature of the application, I appreciate the clinics and seminars that Trend provides, as I went to one last year that got me from zero to beginner, and I hope to advance to intermediate with another seminar series this year.

Trend Vision One helps reduce my mean time to detect and respond to threats as without it, we would be scrambling and confused with not much information to go off of for threat hunting. I'm not sure what we were using previously. As long as I've been here, it's been Trend Vision One, and we're very happy with it. We're hesitant to shop around for any other provider since we think it's a very good product, and we appreciate the speed and breadth of data we receive from it.

I sometimes see noise from false positives with Trend Vision One. One clear instance involved the AI deep fake feature, which would throw up false positives whenever someone had a Teams meeting with a blurred background, leading us to turn it off as it activated for every meeting. Additionally, there were minor false positives throughout the year related to Microsoft update files and certain DLLs, however, they don't clutter Trend Vision One much and have essentially gone away in recent months.

I am very happy with Trend Vision One's platform ability to provide centralized visibility and management across protection layers. The platform extends into various categories, offering oversight over email and even flagging suspicious activities that occur on a server, despite not having a Trend Vision One agent on it. For instance, an admin setting up remote access on that server was flagged as suspicious, and I appreciate the reach that Trend Vision One has across different scattered categories it monitors.

In terms of improving Trend Vision One, it might sound silly, yet it seems notoriously uncooperative with middle clicks and opening sections in new tabs. I'm a big tab browser, and it feels hitting a brick wall when I have to refresh in a new tab or make a copy of a tab to move forward. If we can enable middle clicks to open sections in new tabs, it would greatly benefit me personally.

I've been using Trend Vision One for a few months, approximately eight to ten months at this point.

Regarding stability, I don't think Trend Vision One has ever caused any lagging, crashing, or downtime. There was one situation where we may have misconfigured something, forgetting a checkbox, and Trend Vision One's scheduled scans might have used some CPU resources, however, that's on our end. Besides that, Trend Vision One works exactly as intended and has never hindered our operations, feeling more a collaborator than a roadblock.

I don't think I've encountered any issues with scalability; we're growing steadily, and I believe Trend Vision One can keep up with our demand. Our company has about 200 employees in Canada, and I can foresee that if we doubled in size, Trend Vision One would accommodate that very easily.

I have contacted the technical support before. We're very happy with the technical support from Trend Vision One, feeling we have our own dedicated technician who knows the entire suite of applications. They are very intelligent and responsive, and as we submit feature requests, they seem to make it into the actual list of features in Trend Vision One, so we maintain a good relationship with their technical support and development teams.

Positive

I'm not sure what we were using previously. As long as I've been here, it's been Trend Vision One, and we're very happy with it. We're hesitant to shop around for any other provider as we consider it a very good product.

The experience of first using Trend Vision One is really difficult due to the steep learning curve. Thankfully, I attended a Trend Vision One seminar that got me from zero to beginner, as without that, it involves a lot of guesswork with little grounding to go off of. I really recommend their seminars and tutorials.

I do not know much about the pricing of Trend Vision One. My understanding is it's expensive. We pay for it anyway, and there's always sticker shock. Still, we feel it's necessary as this product covers all our needs.

We're hesitant to shop around for any other provider. Trend Vision One is a very good product, and we appreciate the speed and breadth of data we receive from it.

I'm not sure if I use the cyber risk exposure management capabilities. Trend Vision One requires very little maintenance on my end, mostly just keeping up with refreshing the license, which is about all I hear related to Trend Vision One maintenance.

Some top security challenges in my industry include securing anything exposed to the internet, especially since we were previously hit with ransomware. The ability of Trend Vision One to detect and cut off threats early, clean up files before they execute, and address phishing emails helps us significantly. We also have their email and collaborative security, which is crucial along with having zero-day protections to receive early warnings of threats, allowing us to act immediately outside our maintenance windows.

I'm not completely sure where we use the Trend Vision One sensors, as I didn't set them up. However, we do have a DDI that we paid a lot for, which is one of our biggest data sources and populates much of the information in Trend Vision One. We also have a network sensor at our different location in the United States, which is a temporary holdover until we can upgrade to something more robust.

It's not critical for my company that Trend Vision One has AI built into its platform in terms of needing a language model to explain things, however, AI is actually critical for threat detection and behavioral analysis. That aspect of behavior monitoring and action based on behavior is very important.

Trend Vision One has helped my organization reduce its cyber risk. For instance, even prior to acquiring the DDI, the DDI's presence on our network found a threat actively in progress, and we were able to act on it, demonstrating its effectiveness from day zero.

On a scale from one to ten, I would rate Trend Vision One a nine overall.

We operate as an MSP. Most of my clients are financial institutions, such as one of the largest banks in Pakistan. We primarily serve enterprise-level financial institutions and banks. 

The best features in TrendAI Vision One are the workbench and the XDR feature for the playbooks. We continue to use these two features extensively. 

We also have our own product called SIRP, which is a SOAR platform, and we integrate it with TrendAI Vision One for automations, alert information, auto enrichment, and IOC enrichment. 

We appreciate that TrendAI Vision One provides a good API with actions for our SIRP operations. 

While we did not calculate specific MTTR and MTTD metrics, it has significantly reduced suspicious alerts and benign alerts compared to what we previously experienced.

TrendAI Vision One provides its own MDR services for detection capabilities, similar to CrowdStrike. Their team collaborates effectively with us on response and detection. The solution doesn't require frequent maintenance, and services are not regularly interrupted.

Areas that need improvement in TrendAI Vision One include the AI-based mechanism, AI-based detections, and AI-based autonomous detections, which are currently lacking. Additionally, they need to add more integrations to their playbooks. They should lower the cost for integrations as they charge for each individual integration. TrendAI Vision One does not initially disclose to customers that they need to purchase additional licenses and pay more for integrations. They need to modify their licensing mechanism and improve their AI-based detections.

We have been using TrendAI Vision One for approximately six to seven years. We provide services to different customers on various security controls and security products.

TrendAI Vision One demonstrates strong stability, warranting a rating of seven out of ten.

TrendAI Vision One is scalable. For DMG area operations, they have their own dedicated product available.

I cannot provide detailed feedback about TrendAI Vision One support as we haven't needed to utilize it extensively. The configuration process is straightforward enough that we rarely require support assistance.

Neutral

Most of the enterprise-level clients use CrowdStrike or Cylance. TrendAI Vision One or TrendAI Vision One Apex Central is used by most smaller banks, while bigger banks predominantly use CrowdStrike and Cylance.

In Pakistan and the MENA region, clients prefer on-premises deployment unless cloud services are available. When cloud hosting is located in the US or other countries, Saudi and UAE clients typically opt for on-premises deployment.

Vision One is very easy to deploy. We don't have to do much of anything on that. We just have to deploy the agent, and we have to configure the policy. It's not very complicated.

Regarding pricing, TrendAI Vision One offers very competitive rates compared to CrowdStrike and Cylance. Customers who cannot afford CrowdStrike's pricing can easily opt for TrendAI Vision One.

We are not a partner with Trend Micro; we only provide deployment services. TrendAI Vision One can generate false positives; however, this depends on the whitelisting configuration, particularly in the application control area and IOC whitelisting. The detection mechanism is good, though CrowdStrike performs better in detections and reducing false positives due to its behavioral-based analysis and AI-based features. In comparison with other vendors, CrowdStrike ranks first, followed by Cylance, then TrendAI Vision One. Cylance and TrendAI Vision One can work together effectively.

I would primarily recommend CrowdStrike, and then TrendAI Vision One for customers with budget constraints. CrowdStrike's recent launch of a new AI model and features such as the MDC module for comprehensive log collection provide superior visibility and control compared to TrendAI Vision One.

The overall rating for TrendAI Vision One is seven out of ten.

TrendAI Vision One serves as my use case starting simply with its sensor agent as a basic Endpoint Detection and Response solution. After that, we started using its endpoint protection, and now we are integrated with its NDR solution, which is Network Detection and Response. We are moving forward towards its complete suite.

The best features of TrendAI Vision One that I prefer most are two main ones. One of them is its Attack Surface Discovery, which gives us the overall security posture of our network. The second is its Observed Attack Techniques section, which is mapped on MITRE ATT&CK and gives us an overall view of what is happening in our system and provides us with automatic detections based on the telemetry data.

One area that has room for improvement is the interface of TrendAI Vision One, which is very slow due to its data center being based in America. If the data center were in a nearby location, its response would be very quick. I think just the interface because everything else we can find in TrendAI Vision One such as endpoint protection, D-SIM security, DLP solution, and FIM, so there is nothing left behind.

I have been using TrendAI Vision One for almost two years.

I would rate the stability of TrendAI Vision One as nine because in the last two years, we have never had downtime except for one recent incident when Azure cloud was down, which was from Azure's side, not from Trend Micro. Overall, we have not received any downtime from Trend Micro's end.

TrendAI Vision One is very scalable. We can integrate different solutions with it and perform some type of automation with this solution, so it is very scalable. I would rate it nine.

I would rate the technical support that Trend Micro provides as seven point five. It depends on the functionality we are using. In most cases, the support quickly resolves the issue, and in some cases, they take some time.

Positive

The deployment of TrendAI Vision One is very handy. There are not any complex issues I faced during the deployment, and it is a very quick deployment. The different guides they provide during deployment and for other configurations help us a lot in the overall deployment of the solution. The deployment process took approximately one point five to two months overall. We are working on an enterprise solution, so for each step, we have to do some testing on the configuration and then we do a full deployment. We are still testing its new features and enhancing it, so it is an ongoing process for us.

We are using the sensors of TrendAI Vision One to cover almost seven thousand endpoints. It is covering our enterprise endpoints, and it is very critical to get overall telemetry data from all of the endpoints. It gives us better visibility into what is actually happening on these systems.

The top security challenges I faced in my industry before using TrendAI Vision One were about getting the whole telemetry data, meaning what is actually happening on the system. SIEM solutions only get limited logs, and secondly, we could not calculate our attack surface, which means what is our proper security posture and where we are standing according to our security level.

My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers is that it provides overall very good visibility in the network. It gets integrated with other security solutions, and we can centrally manage it. It can be integrated with our Active Directory, our firewalls, and security solutions for automatic IOCs blocking. In that respect, it is very much better.

Regarding the Cyber Risk Exposure Management, it helps my organization identify blind spots by calculating based on the vulnerabilities identified on our endpoints, the configuration settings on different endpoints, and on the Active Directory level, the number of alerts we are getting from different points. By calculating all of these, it gives us an overall percentage. Based on that, we assess how we are actually standing in terms of our security posture.

The solution has helped consolidate the use of security vendors because we are also using its MDR service for critical and high-level alerts, and it is cloud-based, so we do not usually need any type of vendor support to solve daily issues. If we get anyone, we can directly open a case with TrendAI Vision One, and the issue can be solved within one or two days.

Almost fifty people use the solution. They are all in Pakistan and working on-site.

The Service Gateway Management machine we use in our network requires maintenance on a monthly basis or every one to two months when we get a new update from them. To manage the different types of functionalities it provides, its license is credit-based, so we have to carefully use all of the functionalities provided by TrendAI Vision One. So it requires some type of maintenance as well.

Maintaining TrendAI Vision One is very easy and very handy.

I do not know the exact pricing of TrendAI Vision One, but the type of structure licenses they provide is very useful for us. We purchase overall credits and can use these credits according to our needs. So the structure of licensing is very much better than other vendors.

I chose TrendAI Vision One here in Pakistan because we have their principal support here in Pakistan, and we can directly connect with them and reach out to them. So the main purpose of purchasing TrendAI Vision One was its principal support.

TrendAI Vision One has reduced our time to detect and respond to threats almost sixty-five to seventy percent. We get alerts in real-time on the Observed Attack Techniques section, and for the higher critical alerts, our MDR service from Trend Micro sends us an email alert within approximately thirty minutes, and they also give us a call reminder to respond to that alert. Then it depends on us how we respond to that alert with different teams and come to the solution.

I cannot quantify by how much TrendAI Vision One has reduced our false positives, as we get false positive alerts on a daily basis. But in the high and critical section, we only get the most relevant alerts. In the medium and low sections, there are very false positive alerts and we are working with Trend Micro and our vendor to reduce these observed attack techniques.

I would recommend TrendAI Vision One because it provides many services in a single console, such as Attack Surface Discovery, awareness session, vulnerability, attack simulation, DLP, and many other EDR services, NDR services, and email security gateway. I would recommend this suite as one console can be used for many solutions.

It is very important for us that TrendAI Vision One has AI built into the platform as we are doing a proof of concept for its new technology, which is called ZTSA. The industry is evolving with respect to artificial intelligence, and we have to secure that area from both data leakage and data protection. So it is very important, and we are doing a proof of concept of ZTSA, which is its new feature of TrendAI Vision One.

I rate this review nine overall.