TrendAI Vision One Reviews

I can describe several use cases for TrendAI Vision One, including endpoint security with very nice features such as anti-malware, advanced threat protection, machine learning, device control, application control, web reputation, and DLP use cases that are very good. Server security includes vulnerability management, virtual patching, integrity and log inspection, anti-malware, and web reputation. Network security provides very holistic views, and XDR operations correlate multiple layers of security and give an advanced holistic view of multiple layers of investigations easily.

TrendAI Vision One is a centralized platform-based solution that provides good visibility across endpoint security, email security, server security, cloud security, and XDR operations. The product offers very good visibility overall.

A good advantage of the product is the threat correlation and attack path visibility, which is helpful to SOC teams for investigating incidents. TrendAI Vision One platform has helped me consolidate my use of security vendors and reduce silos. This is very helpful for protecting organizational assets and daily workloads, allowing SOC teams to investigate threats, perform threat hunting, and take action. TrendAI Vision One is capable of managing risk once assets enter the dashboard and scanning all assets. Network security scans all data and provides information about network vulnerabilities, such as agentless devices and agent devices, easily identifying vulnerabilities and allowing for mitigation.

Email security helps to protect users from phishing emails. Cyber Risk Exposure Management provides comprehensive visibility and AI attack path visibility for proactive security, protecting the organization's assets and proactively providing the attack path.

I would like to see some areas of the product improved or enhanced in the future. I have used multiple products such as Kaspersky, and I appreciate TrendAI Vision One for its easily viewable dashboard and one-window solution platform-based approach that provides good visibility across all products.

While acknowledging the good aspects, I believe some elements could be improved or new features could be included in TrendAI Vision One. AI-based detection is currently available, but I hope for enhancements in other areas such as encryption, which is not currently available in this security product.

I have a total experience of approximately three years using this product.

Regarding stability, I have not experienced any crashes, downtimes, or performance issues with TrendAI Vision One. Cloud-based solutions have no downtime, whereas on-premises solutions might face some downtime for patch upgrades and version upgrades for the server.

I find TrendAI Vision One scalable and have not encountered limitations or scalability issues with it. The product provides feasibility, and I find this product very helpful.

My evaluation of customer service and technical support is that their support is very good, and I am already satisfied with the technical support of this project.

I rate the technical support as very helpful for issue resolution. I have found use case information already available online and have read articles and performed actions for resolution.

When issues are not resolved at L1 and L2 support, I create tickets. The Trend Micro engineer aligns with the support team and resolves issues quickly.

Regarding the initial setup process, I find it a bit complex with TrendAI Vision One. The integration of multiple products with TrendAI Vision One and configuring the policies is somewhat complex for a new user.

Regarding ROI, my customers have seen returns with TrendAI Vision One. Customers are already using this cloud-based solution, and those who previously used Kaspersky find it useful for encryption aspects. I recommend this product as it is a very good product for various industries with strong signatures for anti-malware and ransomware prevention.

I do not have clear information about the pricing aspect, including setup cost and licensing details. Cost and licensing details are unclear to me.

I am using TrendAI Vision One for integrating multiple security solutions, such as the integration of firewalls and SIEM solutions for XDR.

The XDR sensor is installed on multiple security layers such as endpoint security and email security. The sensor collects telemetry data from the endpoint security and provides a holistic view of the data. SOC teams find it very helpful to collect telemetry to investigate threats easily.

My organization easily collects assets and reviews the risk score, advanced threat protections, and attack surface. This is a very good product for collecting all asset data and providing a comprehensive dashboard regarding vulnerability protection and risk score, highlighting the risk score and attack surface.

The industry faces top challenges such as server security and email security. The industry uses legacy servers, and TrendAI Vision One workload security protects those legacy servers. TrendAI Vision One provides workload virtual patching, which offers protection for the servers.

I use the Cyber Risk Exposure Management capabilities in TrendAI Vision One. Cyber Risk Exposure Management is the best product for the live industry, highlighting the company and correlating the industry's risk scores.

My impressions of TrendAI Vision One platform's ability to provide centralized visibility and management across protection layers are very positive. It is a very good solution for providing centralized platform-based solutions while using multiple security tools such as cloud security and cloud email gateway protection and service gateway. I have already experienced this product, and it is very helpful for SOC teams, management, and Cyber Risk Exposure Management for C-level use. This is a very good product.

Having TrendAI Vision One in hybrid environments has affected my ability to manage risk positively. It is important to my organization that TrendAI Vision One has AI built into its platform. TrendAI Vision One is the best for AI-driven security, which is a very good point of the TrendAI Vision One console. AI-driven features are very helpful for user-friendliness. Once a new user uses TrendAI Vision One, AI-driven features assist in understanding the policies and SOC operations.

TrendAI Vision One has helped my organization reduce noise from false positives, as it has significantly reduced false positives. Regarding overall cyber risk, TrendAI Vision One has helped reduce cyber risk for my client's organization. It provides an overall comprehensive dashboard overview of organizations, offering compliance, best practices, and training sessions for threat detection. This is a very helpful dashboard for Cyber Risk Exposure Management, customized for partners and industries.

The amount of risk reduced by switching to TrendAI Vision One platform includes risk metrics that show higher scores when the attack surface is high. The dashboard gives live vulnerability assessments and displays the risk scores of dashboards and organizations.

The main benefits that TrendAI Vision One brings to the table include benefiting my customers by pitching the endpoint security and Cyber Risk Exposure Management project. I have already mentioned to customers the advantages of using one product, and I am also using the demo for other products from the same console and have activated the license.

TrendAI Vision One has helped to reduce my time to detect and respond to threats through proactive security for detection, mitigation, and delivery of the attack path. I had an incident with one user who downloaded a file, and the endpoint security agent detected the malicious file and performed actions to clean and delete it. XDR created the workbench, and I investigated easily for threat scores and performed actions, enabling SOC teams to be helpful in threat hunting.

The key differences of TrendAI Vision One in comparison to other technologies such as Kaspersky include that I have already mentioned the advantages of the product, but drawbacks exist for new users. It is very complex for policy configurations and integration with other products.

Many industries in Pakistan use TrendAI Vision One platform for consolidated security across hybrid environments. More than the usual number of customers are using endpoint security, cloud security, and XDR operations. I purchase TrendAI Vision One through local partners. I give this product a rating of nine to ten out of ten. Given my experience with TrendAI Vision One over three years, I recommend using this product, as it is very helpful for the industry cybersecurity framework.

My company is Kyndryl, and we work for a UK-based financial institution. That client, the financial institution, has TrendAI Vision One. By using TrendAI Vision One, we are monitoring and doing day-to-day tasks.

In this project, it is related to XDR, but there are many modules. Currently, they are using only HIDS and HIPS. There are many other modules available, but all the modules are based on the license, so they are using only a few of them.

Compared to my previous experience where I worked on some other EDR tools, TrendAI Vision One has many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.

Basically, each endpoint device has an agent called the TrendAI agent, similar to a CrowdStrike agent. The agent is monitoring two things: system events and security events. Based on the events, they are pulling the data at the console for the security team. We monitor if any unusual things happen, and then we have to react. The agent installed on endpoint devices is helping us monitor and do the work.

In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features, but I do not remember. However, it has a very good feature, as I mentioned, Cyber Risk Exposure.

Actually, in Cyber Risk, if I want to see the device level and how many devices have some vulnerability, if I click the device, it will show the count. For example, it is showing that two, three, or four devices are detected with this kind of vulnerability. If the devices have Apache Log4j vulnerability or OGNL, then based on the operating system, if the device has Linux, I have to reach the platform team and say "Okay, this system has this kind of vulnerability, and you have to patch the thing" or update the software. From here, I cannot update anything or upgrade the agents. There is some dependency, you could say.

For deployment, I think it is easy and does not require much effort. I have not done the deployment myself, but for some point in time, for a few of the servers, we have done it, and it is easy and does not require much.

For this, it depends on two or three factors. First, we have to confirm why this alert got triggered and what is the IOC. For example, if it is some private IP, then I have to reach out to the different teams. In my case, I have to reach the vulnerability management team because they have Nessus and Qualys tools, which are vulnerability scanner tools. What they mostly do is they try to scan the particular server and devices, targeting the server. When the IP, let us say the Nessus IP, leads to a server, TrendAI Vision One tries to understand "Okay, I think someone is trying to recon this particular server. This is not a usual thing," so they generate the alert. I have to go through each and every alert, and based on whether the IP is private, I have to reach out to the VM team and other teams and try to confirm whether the IP is genuine or from somewhere else. After that, I have to fine-tune inside TrendAI Vision One, and then they will automatically reduce the false positives.

In my case, I can say that earlier we received many alerts related to recon alerts. If I closed and whitelisted two, three, or five IP addresses, the total has been reduced by approximately 40 percent. Earlier, we received more than 400 or 500 false positive alerts, but nowadays we receive hardly 10 or 15 alerts.

My client is not a small bank. I think it is one of the big banks in the UK, but I do not want to tell you the name. It is very big.

In TrendAI Vision One, there are many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.

They have another feature called Workbench inside the XDR. What Workbench does is that if you receive 100 alerts one day, the Workbench correlates all the alerts and tries to find similar ones. Then it generates one ID. Inside one ID, if 10 alerts are similar, it will consolidate all 10 alerts as one Workbench ID. Inside the Workbench ID, if I investigate and close the Workbench ID, on behalf of that Workbench ID, all 10 alerts will be closed automatically. There is no need to go through each and every alert one by one. This is also a very good feature inside TrendAI Vision One.

In terms of centralized visibility, I can say that it saves much more time. If for one thing I have to go through different tools, obviously I have to invest much more time for a single alert. But here, if one alert triggers, I can correlate with the help of different modules, which is nothing but easy for me.

There is also an inbuilt AI tool inside TrendAI Vision One. Sometimes if I get stuck somewhere during the investigation, I use this AI chatbot, which is known as a companion inside TrendAI Vision One. If I put a use case or ask "Okay, I am here, what do I have to do?" That companion, which is nothing but a chatbot, will go through whatever I put inside the chat, analyze it, and mention some steps. It will say "Okay, from here you can go" and "You can do these things." It is also a very good feature and it makes it easy for me.

As I mentioned, because of that one feature, Workbench ID inside the XDR module, it reduced much more time compared to other tools. But I cannot say a specific number. It is very difficult for me. However, it saves a lot of time. As I mentioned, if 10 alerts are received, in another tool, I have to go through each and every alert one by one. But here, they correlate the alerts based on whatever the IOCs are and why this alert got triggered. Based on the alert, they consolidate the alert. If all 10 alerts have a similar property, they consolidate and generate one ID, a Workbench ID, and they consider it as one. So if I investigate one and close it, all 10 will be closed automatically.

It is very nice and very helpful. It reduces the overall response time. It is very helpful. It is known as a companion, and that one chatbot is known as a companion inside TrendAI Vision One.

In TrendAI Vision One, a few days ago, there was one issue related to resource utilization at some servers. It was not clear whether the reason was the Trend agent or some other security agents such as Sentinel or something else. In this kind of situation, we get stuck. Then we have to reinstall and do all those things.

In Tanium, we have an advantage where even the security team from their end can update the patch. But in TrendAI Vision One, there are no features such as this. We have to depend on the platform team.

They could improve the support case experience because whenever we reach out to the support team, in response, they first put what I think are some ready-made templates, and they just put it as a reply. If I raise a case, they have some ready-made templates. This is my opinion and thought from following some different cases. They can improve here because they just simply reply with whatever they have. Then again, we have to mention more things, and after that, they reply with some genuine points. But initially, they just put some ready-made templates, I think. They can improve here.

I have been using this product for more than a year. In this project, it has been more than a year.

It is stable. I think it rates 9 or 10.

Regarding scalability, if we are talking about it, and if we currently have a thousand servers and increase the count, then we can test the scalability. As of now, I have not gone through it, so it is very hard for me to say much about the scalability.

I do not have that much level of access to other parts due to policy, and they are not using all other modules due to licensing limitations. I cannot say much more about other things because TrendAI Vision One has many modules.

Negative

In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features.

For deployment, I think it is easy and does not require much effort.

You could say 5+. I started my career as a SOC analyst.

I have not used other products, but there is another product called Tanium, which I learned about. In Tanium, we have an advantage.

I need to note that the overall rating I would give this product is 7. It is not bad, but initially, they put some ready-made templates, which I do not like.

I do not know about other projects because here they segregate the team based on the project. I am working for the UK-based project, and some other people are working for the AU-based project. Different people worked in different countries. I do not have any other idea about other projects or whether they are using TrendAI Vision One or not. I cannot say anything.

Definitely, it requires maintenance. If agents are not compatible with particular devices, we have to reach the support team and take help from there, and then we have to upgrade and update based on the risk and compliance policy.

There are many other modules available, but all the modules are based on the license, and they are using only a few of them.

TrendAI Vision One provides a platform where everything is consolidated. I started with the proxy and then moved on to the XDR, which TrendAI Vision One provided. We collaborated with them, had POCs for the customer, and they liked it, going ahead with it. The main scenario was to integrate with the cloud security platform since the customer had a hybrid platform and needed one-point access to view the whole infrastructure in one place rather than having different solutions for each cloud and device.

The best feature of TrendAI Vision One that I like the most is the investigation graph, which was the main point demonstrated during the POC. If an attack happens and data is exfiltrated or an attacker finds a backdoor into the system, I need a graph of it rather than going to third-party sources. TrendAI Vision One XDR provides this graph, which helps visualize and make RCA and incident understanding easier, especially when presenting the findings to management.

TrendAI Vision One has greatly reduced my time to detect and respond to threats. After the implementation, I see how it integrates with the SOC team, and the XDR is so consolidated, making it easier for the SOC team to analyze tickets since it does not export logs from different components. The logs from TrendAI Vision One are easy to understand, which has helped me reduce false positives and determine whether they are true or not without checking each system individually, which made my job much easier.

The ability of TrendAI Vision One to provide centralized visibility and management across various protection layers is the best part for me. Many may not appreciate everything under one roof because it creates confusion, but once you get familiar with the dashboard, it becomes easy to navigate. However, it can create confusion because everything is under one roof, showcasing both pros and cons.

Aside from the investigation graph, I find that sometimes when we collect data, the UI seems a bit laggish and is not that interactive during that process. When we extract logs, it can be a bit slow, but everything else is acceptable.

The UI does lag a bit.

The implementation of TrendAI Vision One was not easy; it is not a one-click process. I prefer it for larger organizations that can allocate team resources because the implementation can be complex. Resource utilization is quite high, and there is a scarcity of resources focused on TrendAI Vision One. The availability of troubleshooting guides is not as high as with some other vendors, creating some difficulties, but it is manageable because their support is good. When I open a ticket, they respond quickly.

I have been using TrendAI Vision One for two years in my previous organization, and right now, I am implementing it as a system integrator at our customer location.

Stability-wise, I feel there are times when it is not a stable solution, but I also had another client where it worked smoothly, and I did not have to revisit it often. However, in hybrid setups, I do face multiple issues, but the on-premises platform works quite well.

TrendAI Vision One is scalable. We have deployed it for the maximum users, around two hundred to two hundred fifty, and it handles that well.

For TrendAI Vision One's technical support, I would rate it around seven point five to eight, so let us give it an eight.

Positive

I have worked with SentinelOne and multiple other solutions, and from a user experience perspective, I find SentinelOne to be more convenient compared to TrendAI Vision One. However, for consolidation, the fact that I can find everything under one roof is a plus for TrendAI Vision One, despite my preference for ease of user experience in other products such as SentinelOne.

The implementation of TrendAI Vision One was not easy; it is not a one-click process. I prefer it for larger organizations that can allocate team resources because the implementation can be complex.

In my organization, there are only four TrendAI Vision One specialists, including me.

I would estimate that overall, I have seen approximately a twenty percent return on investment.

I would not say TrendAI Vision One is cheap; I always recommend it for mid-size to large-sized enterprises, not for SMBs, as I have other solutions suited for them. I have never pitched TrendAI Vision One to SMBs because I believe it fits mid-sized to large-sized businesses better.

I have worked with SentinelOne and multiple other solutions, and from a user experience perspective, I find SentinelOne to be more convenient compared to TrendAI Vision One.

I actually believe that it has reduced false positives by more than fifteen to twenty percent.

The switch to TrendAI Vision One did reduce risks significantly. Deploying XDR created a spiderweb effect, monitoring every endpoint and node, which mitigated many attacks and helped prevent some.

The built-in AI is important, and I am currently working on certifications from TrendAI Vision One to better pitch it to AI development companies to demonstrate its benefits. I need hands-on experience with it before I pitch to those companies.

Overall, from implementation to operations, I would rate it a seven.

I do recommend this product; it depends on the case-to-case scenario. If a customer wants everything in a single platform, I recommend TrendAI Vision One without hesitation. Its good support and lack of major issues influence my decision to pitch it to customers looking for a consolidated platform. My overall review rating for TrendAI Vision One is seven.

TrendAI Vision One is a unified platform and single dashboard where all endpoints, email servers, clouds, and networks are in one place. It provides AI detection and AI-based threat detection. Any abnormality or abnormal behavior of any server or endpoint is caught, and it predicts security in a proactive mode. It correlates across all endpoints, email, network, and cloud to give the full attack story: how the attack happened, what is the location of the attack, and how we can prevent that attack.

I am using TrendAI Vision One on all our servers with three main components: servers, endpoints, and email security. The unified visibility where one dashboard provides access is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.

TrendAI Vision One sensors are basically the data collectors that capture different parts of the IT environment. If there are no sensors, there will be no visibility. Sensors are the eyes and ears of TrendAI Vision One. They are used to collect logs, abnormal behavior, email activity, and network activity. The system correlates everything, detects the attack, and sends alerts to the SOC so we can work effectively. We have endpoint sensors that are installed on laptops and servers.

One of the biggest challenges nowadays is ransomware attacks, which are the most common and damaging threat. Attackers encrypt data and steal it. With the help of TrendAI Vision One, it reduces the data leak risk from our environment. The second main challenge is phishing and social engineering attacks. Technology is growing fast, so phishing and social engineering attacks are more common. The third main challenge is identity and access compromise, where attacks target our active directory, which is the backbone of the industry. If any of the identities are compromised, an attacker can get full access. TrendAI Vision One is helping us prevent that attack. These are the three top challenges that every organization has to face, and TrendAI Vision One is resolving these kinds of issues on a daily basis.

The cyber risk management capability is used in our organization to identify and prioritize cybersecurity risks in a structured way. There are multiple capabilities under that. First, we need to identify the risk and understand what are all the possible risks we have, what are the vulnerabilities, misconfigurations, threats, and asset exposures. The second main thing is asset visibility, which is very important because we should know what type of asset visibility we have. The third main point is risk assessment, which evaluates the impact and likelihood. For example, if something is down and it is of high importance, it will be marked as a high impact. The fourth stage is risk prioritization, which prioritizes the risk and identifies what are the critical assets and what are the high-end critical vulnerabilities. Every risk has its own weightage. Some are critical, some are high, some are low. This helps us to prioritize risk. And then, of course, comes risk mitigation. Once we find the risk, for example, if something is high-end and critical, the last step is to mitigate it. This includes patching vulnerabilities, fixing misconfiguration things, strengthening our hardening controls, and applying security tools to that. And then, we go back to the first step, continuous monitoring. The next day we will start to find new zero-day attacks, new threats, and new external risks.

TrendAI Vision One, which we are using on all our servers, is the most valuable feature. We are using three things: servers, endpoints, and TrendAI Vision One's email security. The unified visibility where one dashboard is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.

My overall experience with TrendAI Vision One is very good. We discuss it every week in our leadership discussions. Overall, this platform is very mature. It is a unified XDR platform that improves the threat visibility part and the correlation part across the enterprise. The best part is it has strong XDR correlation. It has centralized visibility with one dashboard that contains all the information: all our risk posture, all our assets, and all our threats. The AI-driven technology, the AI-driven detection, and the scoring part are very good, as is the broad coverage they provide.

Alert noise and false positives are areas that should be improved. The initial deployment generates too many alerts, so we need better AI filtering and more accurate prioritization. Also, the integration complexity can be an issue. Sometimes, integrating TrendAI Vision One with our SIEM tool or other cloud platforms can be time-consuming. Some improvements should be made there. They need to make easier, plug-and-play integrations and provide better documentation.

One feature is SOAR (Security Orchestration, Automation and Response), which is an automated response engine. Currently, they have partial automation. If there is an auto-containment feature for endpoints, users, and the network, or if there are many pre-built playbooks for ransomware, phishing, and insider threats, it would be beneficial. For example, we just need to one-click and auto-remediation is done. That is the feature I am looking for. This would be used to help us detect, investigate, and respond automatically.

We have been using TrendAI Vision One for the last two years, and we recently renewed it as well.

We purchased TrendAI Vision One for all our servers. The basics are simple. We signed up, logged in, and provided access to our cloud console. Then, the step-by-step onboarding process started where we had an endpoint agent deployment for each machine. We downloaded the agent and installed it on each machine. Then the migration from the existing solution started. For the deployment part, we use one tool named ManageEngine's ITSM tool, from where we can write a script for that agent and have a mass deployment.

Regarding cost and licensing transparency, we are using a credit-based model. We have a certain number of credits that we are using. The pricing is mild. They could make simpler pricing for better usage visibility, but I am okay with the pricing because we are getting good quality. I would not say it is a high price because we are getting a good product.

TrendAI Vision One is a powerful XDR platform. However, it requires proper tuning and proper integration. If we have done proper tuning and proper integration with all our servers, endpoints, and cloud platforms, it will give very good, accurate results.

From false positive to true positive, the percentage is almost 60% to 70%, approximately 65%. However, it needs proper tuning every week. We have to tune the policies every week so that we can get better visibility and accuracy.

Regarding mean time to detect, TrendAI Vision One definitely helps. It reduces the mean time to detect compared to traditional tools. It basically detects threats in real time. Real-time detection means it uses AI analytics, global threat intelligence, and correlation signals across all endpoints. Threats are detected almost immediately once any suspicious or malicious activity is observed. It reduces the time to detect by almost 60%.

TrendAI Vision One is a powerful and mature XDR tool. Of course, every tool has room to improve. But for us right now, it is a good tool. There are a number of tools, and every tool has its own capability and its own visibility. This tool is a very good, powerful tool. My overall rating for this solution is nine out of ten.

I am from a partner firm and I deploy TrendAI Vision One at multiple customers. I implement the solution to multiple customers.

The main use cases which I have heard from customers are that, from the email point of view, email security is the first priority. They are searching for a solution which provides email security, which is able to block the files with an integrated DLP.

One of the best parts of TrendAI Vision One is its email security and the endpoint. Email security it provides at the API level, so it offers both MX Gateway and API, but usually we deploy it using API.

TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves, or the agent handles it. In this case, the agent will give you the logs.

TrendAI Vision One also has an XDR. This XDR helps you collect logs from multiple sources. It will correlate the logs of your databases, your endpoint, your servers, your mail, and using all these data silos, it will give you a report if any anomaly or any malicious file is detected or any virus pattern is detected.

Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.

It uses AI to check the logs, to find the malware or to find any phishing attack. It uses an AI and ML engine for that. There is also another AI agent inside the console. For example, if I want to find a policy or check a user, the AI agent can assist me.

They have recently launched a Zero Trust Secure Access, which is a version of SASE. Using their single agent, which is for endpoint, the same agent you can use for Zero Trust Secure Access. So you do not have to install multiple agents. One single agent can work for multiple things for SASE and for endpoint.

Its deployment is easy and fast. TrendAI Vision One console has all the features, like one single console provides email, email security, endpoint security, server and workload protection, XDR, cyber risk management, all the things in one console. It provides a good overview from a CISO and manager level. Whenever I have a meeting with the management, I show them that. Your cyber risk score is this much, from a comparison point of view.

It has another feature which can detect the unknown processes or malicious processes using its AI technology, which may be forming or in the initial stage of a ransomware attack. It is quite good in capturing that also.

From the functionalities perspective, the agent is quite heavy as it can scan different types of files.

None of my customers have faced any attack. We have detected many attacks using ransomware protection and phishing detection.

Although there is a point of improvement in the endpoint protection.

Email security sometimes may lead to some true positive attachments.

One thing I would say is not a good point is they do not have a specific licensing structure. If I bought licensing for 500 users, they convert the licenses to a credit system.

If I am a mid-level enterprise, it provides everything like an integrated DLP. I do not have to spend more money buying other solutions. One solution is enough to cover my DLP needs, endpoints, XDRs, and email security.

In endpoint also, if I have 500 customers, and if I want to change a policy, I have to make a new policy for them and add them to it and then change the policy. This is a complex process.

Management is a bit complex and it could have been easier.

The positive point is centralized management. If you are a mid-level enterprise looking for a solution for most of your cybersecurity products, TrendAI Vision One is a good centralized platform. You should go for it.

I have been working with TrendAI Vision One for almost one year.

Since TrendAI Vision One is a SaaS-based platform, I have never faced the issue of the platform going down or any issues on the console. It is hosted on the cloud, so it is good. I have never faced that issue.

TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves. But in this case, the agent will give you the logs. They have an investigation team that will give you an EXE to collect the log and EXE to clean your system, a diagnostic tool.

Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.

Positive

I have used other tools such as Check Point. In email security, the number of false positives is less in TrendAI Vision One in comparison to Check Point.

Within a day, you can deploy the whole solution in your whole company, maybe 500 users, 1000, or 2000. Within a day, you can deploy the solution of email security.

The first benefit is the ease of deployment using API. You simply have to link the Outlook or the Google Workspace API and within two minutes it is synced.

For endpoints, you have a script. You can simply run that script in your AD server and you can install multiple agents in a few minutes on most of your machines in the network.

My use case for the solution is primarily for EDR purposes, but we are also starting to use the CREM.  This technology allows us to see our endpoints within seconds to ensure they are NIST 800-83 compliant.  This technology is critical in today's world as there are many customers requiring this now.  

We have used advanced threat intelligence, and we continue to do so. There is a way to run a threat query to find where a certain item is located. For example, Quick Assist from Microsoft was used a while back to gain access to our environment, and we didn't know it at the time. Of course, we've since locked that down. Now, we can also use that query we created to monitor if someone tries to use it again. I recently saw an attempt to use it, but they couldn't succeed because we have it blocked. It's really good to know these things, and without the available technology, we wouldn’t be able to do this.

Trend Vision One's automation capabilities have helped, for example, with atypical travel. We have a playbook set up. When Trend Vision One finds someone signed on in the United States and then catches them signed on in Africa, it will immediately run a playbook. This will disable that profile and prohibit that person from logging in. That is huge when you consider the possibilities of what could happen if we didn’t have that feature.

Our response time is greatly enhanced because of all the features that Trend Vision One offers. It simplifies things and makes it clear what’s going on inside our environment. With just a click of a button, we can get the information we need. We can mitigate issues very quickly using Trend Vision One. We can isolate endpoints, effectively removing them from the network while still accessing them through the Trend Vision One console. Additionally, we can run malware scans instantly on computers, and there are so many features available that it can be hard to keep track of them sometimes. Overall, Trend Vision One has really helped a lot. When it comes to time savings, I would estimate that our response time has improved by at least 40%.

Using this solution has benefited our business greatly. It keeps me informed of everything happening in our environment. We have site admins at every location with specific admin authority to do certain things. Trend Vision One monitors that, allowing me to validate actions taken by admins. Trend Vision One caught various incidents, and it gives me a clear understanding of our environment and its activities, with quick searches and deeper capabilities.

With Trend Vision One, my favorite feature is the app they provide. You can turn on different features and notifications. The other night I was sitting at supper when the app went off, and I got an alert that was very strange. It turned out to be an event, and we got our cyber team together to mitigate the issue with Trend's IR Teams help, preventing any major problems. That app is a lifesaver.

The dashboard provides extensive information. It gives detailed information regarding endpoints and servers, tracking everything. You can search for things and run threat analysis. There are many features within there, and it's difficult to pinpoint one because all the features work very effectively together.

The centralized management feature contributes to faster decision-making within our security operations, greatly enhancing our response time. With all the features that Trend Vision One offers, it simplifies things. It clarifies what's going on inside your environment; with a click of a button, you can see what's happening and mitigate very fast.

In Trend Vision One, there is always room for improvement. The console is well done, but there might be a bit of improvement needed with the app's capabilities. I know they are constantly working on it, and they have regular Webinars "What's New In Trend Vision One" to share updates and enhancements that are taking place.  

Trend also allows its VIP customers to pretest new features or products and enables us to give feedback on those we test.  This is an incredible benefit to Trend's VIP program.  I do not know of any other product like Trend Micro.

I've been using this solution for quite a while. It was about eight years ago when our company had Trend implemented at every location. We have eleven locations overall. In my opinion, it wasn't managed properly; the situation was quite poor. There were many updates that were needed. I approached management and expressed my desire to take over the project. I said, "I want this. I will do it, fix it, and make it work." Management agreed and gave me the responsibility.

What I did next was take all the servers, fix and upgrade them, and prepare them for migration to one on-site server. After that, we decided to move to the cloud. I gathered everything together and worked with Trend to get all of our endpoints and servers transitioned to the cloud. It's been an ongoing process with Trend, as there is always something that needs to be done.

I rate the stability of Trend Vision One as a ten out of ten.

I would rate the scalability of Trend Vision One as nine out of ten.

It is really good. They even have a feedback system to report suggestions or problems, which are addressed promptly. We also benefit from 24/7 monitoring, and we have direct contacts for technical issues and ongoing weekly support calls.

I would rate them a nine out of ten. There's always room for improvement. Five years ago, I would rate it as a five, but support has significantly improved in availability, responsiveness, and keeping me updated.

We purchased the software through CDW, which used to be called Sirius. That's how we acquired it. I have several contacts at Trend that I can reach out to directly, as I have been working with them for about eight years. They have helped me implement the software directly. I worked with Trend through the entire process. They have a learning platform with videos that break down each product. They show you step-by-step how to implement or use each solution. Trend Micro Service One, monitors our corporation, 24/7/365 support service. We can contact a representative, and they’ll get back to us if we encounter any problems or technical issues in our environment. They’ll even join us on a conference call to help. We also have a weekly call with them, where we can ask questions, and they guide us to the right resources and documentation. It’s really an incredible support package.

It wasn’t complicated to deploy. Now they offer a product called Server and Workload Protection, which is tailored specifically for servers. We're in the process of upgrading our servers to use this product. It’s more focused on server-specific security and functionality. When I used it about five years ago, the process was quite complex. I had problems and issues. Over the years, we moved away from the product — about four years ago — and we’re only now starting to return to it. The changes made in those four years are incredible. It’s like night and day. What used to take me days to deploy to one server now takes about half an hour. Trend is constantly updating, enhancing, and improving how things are done. It’s a continually evolving package. They’re even integrating AI capabilities now, which will greatly enhance what Trend products can do.

The capability of Trend Vision One to be deployed both on-premises and in the cloud has been extremely beneficial to my organization in terms of flexibility and scalability. Being in the cloud eliminates the need for on-prem servers. With several divisions, managing all of those on-prem servers was a nightmare. It was not an option, so I migrated to the cloud, which is a one-stop shop. We have our entire corporation in the cloud, making it easy to see everything without logging onto multiple servers; this saves a lot of time.

The solution itself does require some maintenance. The updates are automatic, so we don't need to manually check. However, some endpoints have to be maintained more carefully, ensuring they are fully updated because missing MS updates can prevent Trend Vision One from working correctly. It's good practice to keep everything up to date, which is crucial for managing over 1,000 endpoints and 200 servers. Trend Vision One allows us to see all software on a person's computer, even outdated web browsers, and it flags potential threats, which is an incredible feature.

In my organization, approximately three people work with Trend Vision One.

In terms of return on investment, I've seen a 100% return. It has paid for itself. Our company went through a ransomware event, and if Trend Vision One's IR Team had not stopped it, that could've closed the company's doors.

Trend Vision One is definitely cost-efficient compared to other solutions. I have seen others that are double or triple the price. I'm surprised Trend Vision One hasn't raised their prices, considering everything offered. Depending on the features selected, cost varies, but overall, endpoint and server security is very reasonable.

Comparing Trend Vision One to other solutions, I've seen other vendors with complicated software requiring extensive training to understand. If software is that hard to learn, I don't find it to be a viable solution. Learning takes weeks or months, potentially creating holes in security instead of securing it.

I would absolutely recommend Trend Vision One to other users because it's cost-efficient and it just works. It tells you what you need to do, alerts you of threats, and informs you about software needing updates. They have an IR team that is exceptional and works on the mitigation and remediation until all issues have been resolved!  Over time, it becomes easier to understand, especially moving from on-prem to cloud deployment; there's no comparison. 

I would rate the solution overall as a ten out of ten.

As a reseller for the Trend Micro solution, I also consult for the product, as we are a reseller cum consultant. TrendAI Vision One is a platform that supports multiple solutions, including endpoint security solution, identity security solution, email security solution, and network security solution.

In the past few months, I have worked on around twelve to fifteen use cases for Trend Micro's solutions, including endpoint security with web security and zero-trust secure access. I have also provided a cloud security module as a separate use case for a customer, and I have predominantly worked on other use cases such as IPS, TippingPoint, and intrusion prevention systems within the TrendAI Vision One console.

The major advantages of TrendAI Vision One are its good visibility across our infrastructure, providing detailed visibility on emails within TrendAI Vision One Email Security, including how many emails are received by mail servers on a daily, weekly, and hourly basis.

The second advantage is that since TrendAI Vision One is a single platform, it offers surface attack surface monitoring, allowing me to monitor different types of end nodes, such as servers, mailboxes, and users, which enhances incident response and investigation activities.

Cyber Risk Exposure Management (CREM) in TrendAI Vision One is one of the best functionalities, as it helps identify blind spots by discovering resources in multiple environments, such as on-premises data centers and various cloud platforms including Google Cloud Platform and Azure.

Switching to TrendAI Vision One has improved the security posture and endpoint security deployments by around twenty percent compared to the previous vendor.

The ability of TrendAI Vision One to reduce time to detect and respond to threats can be improved. To identify and detect sophisticated attacks effectively, I need a better detection rate and minimal time to respond.

While the major area for improvement in TrendAI Vision One is the time to detect and respond, apart from that, it is actually good, with great visibility and functionalities.

I have not yet examined whether TrendAI Vision One helps to consolidate the use of security vendors and reduce silos, but I believe it may have a partial silos working model as there are certain isolations that happen.

At this stage, we are not utilizing the full potential of AI in TrendAI Vision One, as we have not gathered sufficient feedback on its performance.

I have been working with Trend Micro for the past six to seven years, and the whole company actually evolved from Trend Micro to TrendAI. TrendAI Vision One has evolved in recent months.

Stability and reliability in TrendAI Vision One can be improved, but I would rate it as good, around a seven out of ten. I have faced issues, especially regarding stability, and while improvements have been made, I cannot say it is perfectly stable.

In terms of scalability, TrendAI Vision One is scalable based on license purchases, but it does have some limitations, as it is credit-based licensing to an extent.

I find that customer support from TrendAI has improved, and I would rate it around seven out of ten. Technical support is improving, but there is still potential to be better, particularly in their level of expertise.

TrendAI Vision One differs from Trend Micro Vision One in that key components have been integrated, but more or less, all other functionalities remain very similar.

The installation procedure for TrendAI Vision One is easy, but understanding the console can be quite complex.

In terms of ROI, TrendAI Vision One provides a better return on investment compared to Trend Micro, as it offers multiple solutions that yield more security and a better security posture compared to third-party solutions. I would say the ROI is around fifty to sixty percent better compared to other products.

Regarding the price, setup cost, and licensing, it is quite affordable and the pricing model has improved, making it better than before and not as expensive compared to other brands.

Comparing TrendAI Vision One to competitive vendors including SentinelOne, the detection rate is not that bad, and while there are other vendors with better detection rates, the key selling point of Trend Micro is that it is a platform offering multiple solutions, including third-party integrations, which is unique compared to other vendors.

According to the MITRE framework, the detection rate of TrendAI Vision One is around eighty-four percent.

Regarding false positives, they are common with every other solution, but the generation of false positives heavily depends on the configuration. The purpose of the product is to alert the admin team whenever a suspicious process is triggered, and whether it is generating too much noise is based on how it is configured.

TrendAI Vision One sensors are indeed critical for coverage in our organization's network, but some customers have complained about bandwidth usage; however, I believe it does not consume excessive bandwidth when configured properly.

I would rate TrendAI Vision One around eight to eight point five, possibly even nine, in overall satisfaction.

We operate as an MSP. Most of my clients are financial institutions, such as one of the largest banks in Pakistan. We primarily serve enterprise-level financial institutions and banks. 

The best features in TrendAI Vision One are the workbench and the XDR feature for the playbooks. We continue to use these two features extensively. 

We also have our own product called SIRP, which is a SOAR platform, and we integrate it with TrendAI Vision One for automations, alert information, auto enrichment, and IOC enrichment. 

We appreciate that TrendAI Vision One provides a good API with actions for our SIRP operations. 

While we did not calculate specific MTTR and MTTD metrics, it has significantly reduced suspicious alerts and benign alerts compared to what we previously experienced.

TrendAI Vision One provides its own MDR services for detection capabilities, similar to CrowdStrike. Their team collaborates effectively with us on response and detection. The solution doesn't require frequent maintenance, and services are not regularly interrupted.

Areas that need improvement in TrendAI Vision One include the AI-based mechanism, AI-based detections, and AI-based autonomous detections, which are currently lacking. Additionally, they need to add more integrations to their playbooks. They should lower the cost for integrations as they charge for each individual integration. TrendAI Vision One does not initially disclose to customers that they need to purchase additional licenses and pay more for integrations. They need to modify their licensing mechanism and improve their AI-based detections.

We have been using TrendAI Vision One for approximately six to seven years. We provide services to different customers on various security controls and security products.

TrendAI Vision One demonstrates strong stability, warranting a rating of seven out of ten.

TrendAI Vision One is scalable. For DMG area operations, they have their own dedicated product available.

I cannot provide detailed feedback about TrendAI Vision One support as we haven't needed to utilize it extensively. The configuration process is straightforward enough that we rarely require support assistance.

Neutral

Most of the enterprise-level clients use CrowdStrike or Cylance. TrendAI Vision One or TrendAI Vision One Apex Central is used by most smaller banks, while bigger banks predominantly use CrowdStrike and Cylance.

In Pakistan and the MENA region, clients prefer on-premises deployment unless cloud services are available. When cloud hosting is located in the US or other countries, Saudi and UAE clients typically opt for on-premises deployment.

Vision One is very easy to deploy. We don't have to do much of anything on that. We just have to deploy the agent, and we have to configure the policy. It's not very complicated.

Regarding pricing, TrendAI Vision One offers very competitive rates compared to CrowdStrike and Cylance. Customers who cannot afford CrowdStrike's pricing can easily opt for TrendAI Vision One.

We are not a partner with Trend Micro; we only provide deployment services. TrendAI Vision One can generate false positives; however, this depends on the whitelisting configuration, particularly in the application control area and IOC whitelisting. The detection mechanism is good, though CrowdStrike performs better in detections and reducing false positives due to its behavioral-based analysis and AI-based features. In comparison with other vendors, CrowdStrike ranks first, followed by Cylance, then TrendAI Vision One. Cylance and TrendAI Vision One can work together effectively.

I would primarily recommend CrowdStrike, and then TrendAI Vision One for customers with budget constraints. CrowdStrike's recent launch of a new AI model and features such as the MDC module for comprehensive log collection provide superior visibility and control compared to TrendAI Vision One.

The overall rating for TrendAI Vision One is seven out of ten.