TrendAI Vision One Reviews

Trend Vision One serves as my use case starting simply with its sensor agent as a basic Endpoint Detection and Response solution. After that, we started using its endpoint protection, and now we are integrated with its NDR solution, which is Network Detection and Response. We are moving forward towards its complete suite.

The best features of Trend Vision One that I prefer most are two main ones. One of them is its Attack Surface Discovery, which gives us the overall security posture of our network. The second is its Observed Attack Techniques section, which is mapped on MITRE ATT&CK and gives us an overall view of what is happening in our system and provides us with automatic detections based on the telemetry data.

One area that has room for improvement is the interface of Trend Vision One, which is very slow due to its data center being based in America. If the data center were in a nearby location, its response would be very quick. I think just the interface because everything else we can find in Trend Vision One such as endpoint protection, D-SIM security, DLP solution, and FIM, so there is nothing left behind.

I have been using Trend Vision One for almost two years.

I would rate the stability of Trend Vision One as nine because in the last two years, we have never had downtime except for one recent incident when Azure cloud was down, which was from Azure's side, not from Trend Micro. Overall, we have not received any downtime from Trend Micro's end.

Trend Vision One is very scalable. We can integrate different solutions with it and perform some type of automation with this solution, so it is very scalable. I would rate it nine.

I would rate the technical support that Trend Micro provides as seven point five. It depends on the functionality we are using. In most cases, the support quickly resolves the issue, and in some cases, they take some time.

Positive

The deployment of Trend Vision One is very handy. There are not any complex issues I faced during the deployment, and it is a very quick deployment. The different guides they provide during deployment and for other configurations help us a lot in the overall deployment of the solution. The deployment process took approximately one point five to two months overall. We are working on an enterprise solution, so for each step, we have to do some testing on the configuration and then we do a full deployment. We are still testing its new features and enhancing it, so it is an ongoing process for us.

We are using the sensors of Trend Vision One to cover almost seven thousand endpoints. It is covering our enterprise endpoints, and it is very critical to get overall telemetry data from all of the endpoints. It gives us better visibility into what is actually happening on these systems.

The top security challenges I faced in my industry before using Trend Vision One were about getting the whole telemetry data, meaning what is actually happening on the system. SIEM solutions only get limited logs, and secondly, we could not calculate our attack surface, which means what is our proper security posture and where we are standing according to our security level.

My impressions of Trend Vision One's ability to provide centralized visibility and management across protection layers is that it provides overall very good visibility in the network. It gets integrated with other security solutions, and we can centrally manage it. It can be integrated with our Active Directory, our firewalls, and security solutions for automatic IOCs blocking. In that respect, it is very much better.

Regarding the Cyber Risk Exposure Management, it helps my organization identify blind spots by calculating based on the vulnerabilities identified on our endpoints, the configuration settings on different endpoints, and on the Active Directory level, the number of alerts we are getting from different points. By calculating all of these, it gives us an overall percentage. Based on that, we assess how we are actually standing in terms of our security posture.

The solution has helped consolidate the use of security vendors because we are also using its MDR service for critical and high-level alerts, and it is cloud-based, so we do not usually need any type of vendor support to solve daily issues. If we get anyone, we can directly open a case with Trend Vision One, and the issue can be solved within one or two days.

Almost fifty people use the solution. They are all in Pakistan and working on-site.

The Service Gateway Management machine we use in our network requires maintenance on a monthly basis or every one to two months when we get a new update from them. To manage the different types of functionalities it provides, its license is credit-based, so we have to carefully use all of the functionalities provided by Trend Vision One. So it requires some type of maintenance as well.

Maintaining Trend Vision One is very easy and very handy.

I do not know the exact pricing of Trend Vision One, but the type of structure licenses they provide is very useful for us. We purchase overall credits and can use these credits according to our needs. So the structure of licensing is very much better than other vendors.

I chose Trend Vision One here in Pakistan because we have their principal support here in Pakistan, and we can directly connect with them and reach out to them. So the main purpose of purchasing Trend Vision One was its principal support.

Trend Vision One has reduced our time to detect and respond to threats almost sixty-five to seventy percent. We get alerts in real-time on the Observed Attack Techniques section, and for the higher critical alerts, our MDR service from Trend Micro sends us an email alert within approximately thirty minutes, and they also give us a call reminder to respond to that alert. Then it depends on us how we respond to that alert with different teams and come to the solution.

I cannot quantify by how much Trend Vision One has reduced our false positives, as we get false positive alerts on a daily basis. But in the high and critical section, we only get the most relevant alerts. In the medium and low sections, there are very false positive alerts and we are working with Trend Micro and our vendor to reduce these observed attack techniques.

I would recommend Trend Vision One because it provides many services in a single console, such as Attack Surface Discovery, awareness session, vulnerability, attack simulation, DLP, and many other EDR services, NDR services, and email security gateway. I would recommend this suite as one console can be used for many solutions.

It is very important for us that Trend Vision One has AI built into the platform as we are doing a proof of concept for its new technology, which is called ZTSA. The industry is evolving with respect to artificial intelligence, and we have to secure that area from both data leakage and data protection. So it is very important, and we are doing a proof of concept of ZTSA, which is its new feature of Trend Vision One.

I rate this review nine overall.

Our use case for Trend Vision One is for our security platform. We use it for antivirus, XDR, and network telemetry purposes.

Trend Vision One helped us to consolidate our use of security vendors and reduce silos. We had three or four consoles from different products, and we consolidated them into one console with this product. 

Trend Vision One helped reduce the time to detect and respond to threats by 70% to 80%.

Trend Vision One has helped us reduce noise from false positives.

We have been using cyber risk exposure management for 2 months since upgrading in April. It helps us identify blind spots by providing more visibility and insights into our environment, making it a valuable feature. 

We use the network sensor, and its coverage is critical. With SIEM, we gain substantial insights into our environment, and having a complete 360 view is necessary in today's security world. It reduces the risk by 50%.

Having AI built into the Trend Vision One platform is important for our organization. It reduces many manual steps, resulting in more and quicker detections and advanced automation for remediation, improving efficiency by 60% to 70%. The solution aims to reduce risks and enhance detection.

I like how easy it is, and there is a single pane of glass. We have one console for everything. 

Trend Vision One provides centralized visibility and management across protection layers. It has the functionality of different products and management of a single pane of glass. We have one console for everything. As a security engineer, it's easier to check the alerts and find everything. It consolidates a lot of consoles into one, and that's what we like most about it.

Vulnerability scanning could be improved. They need to see more CVEs and scan products for known vulnerabilities, allowing for better display and review of potentially exploitable servers by hackers or through configuration settings.

We have been using Trend Vision One for approximately 18 months.

We haven't experienced any stability issues. It has proven to be stable.

The scalability of Trend Vision One is good.

I have contacted technical support from Trend Micro. The quality and speed of support are good.

Positive

It was easy. It took us one day to fully deploy Trend Vision One.

Some maintenance is required for updating agents on the servers.

The deployment involved just one person working with the vendor in one day.

Trend Vision One has reduced risks by 50%. We have reduced the response time by approximately 70%-80%.

When we have a good product such as Trend Vision One, the price is fine.

We have used Trend Micro products for many years, and we upgraded to Trend Vision One. We didn't test any alternatives, staying with what we've used for years.

I would rate Trend Vision One an eight out of ten.

My use case for Trend Vision One is deploying it for an entity within a company. I deployed Trend Vision One to protect all kinds of endpoints, including mobiles, machines, mailboxes, and servers.

The best features of Trend Vision One that I appreciate include its centralized nature, the Copilot AI agent, its simplicity of use, and the quality of their API.

Trend Vision One has helped reduce my time to detect and time to respond to threats by approximately 10%.

To improve Trend Vision One to a perfect score, I believe better pricing and more support would be ideal.

I have been using Trend Vision One for one year.

I would rate the stability of Trend Vision One highly, as there were no bugs. I would give it a 10.

Regarding scalability, Trend Vision One is scalable. I would give it an eight.

I rate the technical support an eight.

The coverage for my organization's network is critical. When we have questions, we return to them. When we need something, we return to them, and they were always available.

Positive

The risk reduced by switching to Trend Vision One is similar to other EDR or XDR solutions. It can detect malicious operations and threats, but the exact percentage is difficult to quantify. For the company I was deploying it for, we detected many threats. I would rate the risk reduction as a 10 because the company in question did not have an XDR or EDR solution in place before.

The deployment of Trend Vision One is easy; it is just an executable.

It takes almost one day for Trend Vision One to appear in the console.

In my organization, we had four specialists working with Trend Vision One: myself and three security engineers. I was the project manager.

I can estimate the ROI seen from Trend Vision One to be approximately 15%.

When it comes to pricing, I find Trend Vision One not expensive compared to other products.

I compare Trend Vision One with other solutions and vendors on the market, and we can see that it is well-placed in Gartner, so it is one of the best products.

Trend Vision One helps with centralized visibility and protection across multiple layers.

The visibility and protection provided by Trend Vision One allow us to see all the assets in one console, which is beneficial. We can also see all the features in one console, which is equally advantageous.

I did not use the cyber risk exposure management capabilities with Trend Vision One, nor did my clients use that for identifying blind spots.

The top security challenges in the industry include handling the decommissioning of old products, specifically a Microsoft product. Additionally, not all features are centralized in one console, which is not ideal for the correlation of investigations.

Trend Vision One is deployed as a cloud solution and a SaaS solution.

I used Trend Vision One sensors.

I would recommend Trend Vision One to other users because it is easy to use and easy to deploy, as these are the most important factors. The importance of having AI built into Trend Vision One is significant; I use the AI aspects. When I want to look for a feature, I go to AI. When I want to create, for example, an IOC, I go to AI, and it assists with this.

Trend Vision One use cases are mostly related to endpoints, such as detecting registry modifications or new software being added, as well as monitoring for malicious activities including PowerShell scripts, double extension files, ransomware, and crypto miners. Since I work for the financial sector, it is crucial to ensure there are no remote software programs running, especially regarding banking security.

Trend Vision One has two types of alerts that help reduce the time to detect and respond to threats. The first is based on alerts and workbench ID, while the second is host-based detections, allowing me to see all different threats on particular endpoints over a selected time frame. I can check for various endpoints affected by different alerts and customize this for specific time frames. Monitoring critical assets, threat hunting, and running queries are feasible tasks, providing a comprehensive overview of endpoint security and the ability to remove malicious files quickly.

One of the best features of Trend Vision One is its ability to let me remediate endpoints without disturbing branch users, as long as the endpoint is online and connected. I can delete files or take control through the console by informing the bank's security team to get approval. Another great feature is viewing alerts, segregating them by type and host, which makes it easier to fine-tune security and monitor critical resources. Additionally, the ability to create reference sets for known malicious hashes enhances detection capabilities across endpoints.

Trend Vision One saves resources and time. It provides better visibility of endpoints compared to other security management tools, which makes it invaluable. For smaller organizations that may not afford multiple tools, an XDR solution can handle their security needs effectively.

Trend Vision One allows mitigation of threats without interrupting branch users' regular work, which is its unique selling point.

The area for improvement is to provide more clarity on the query part, including examples for creating reference sets and documenting capabilities thoroughly so future users can benefit without needing to experiment.

Documenting the capabilities of endpoint consoles would also be beneficial for new users understanding what can be done effectively.

I initially used the first EDR approximately two years ago, and now I have been using Trend Vision One for eight to nine months.

The stability of Trend Vision One is good; I would rate it an eight.

I would rate the scalability at eight and a half.

I have not worked with technical support yet, so I cannot rate it.

Neutral

I have not worked with other solutions yet, so I can only speak to my experience with Trend Vision One XDR, which I find to be good for handling threats across endpoints.

I am not aware of the deployment process since I have not been involved with it.

Only a few of us are using the solution currently—my manager and I. Due to my background in threat hunting, I have admin access to monitor various alerts and create reference sets for potential threats effectively.

Only three or four users have access to Trend Vision One, including my manager and me from the vendor side, and two from the bank end.

I am a vendor hired for SOC security and threat hunting, working for IBM clients.

I cannot estimate the return on investment accurately, as I do not have insight into the financials. However, I can say that the tool is good, particularly the basic subscription which provides me with necessary tools and knowledge to protect security.

I do not have any information regarding the pricing, so I cannot comment on that.

Every organization typically installs antivirus agents on their endpoints and servers.

My false positives have decreased, but reducing them requires thorough investigation. For example, each endpoint has its own scanning device, such as Windows Defender.

Apex Central is attempting to stop the services of Windows Defender, leading to alerts when malicious behavior is detected. Through thorough investigation, I have identified that while Apex Central might not directly stop processes, it does so using CMDlets. Hence, I decided to whitelist that.

Trend Vision One reduces endpoint risk by approximately 60 to 70 percent; the remaining 30 percent can be due to other factors such as phishing and web interactions.

For small organizations, implementing Trend Vision One is a wise choice because it delivers great visibility and clarity on endpoint threats, enabling effective monitoring and quarantining regardless of the environment.

Trend Vision One sensors are being used on the endpoints.

I do not know if Cyber Risk Exposure Management comes under the basic subscription, as I mostly focus on threat hunting and do not recall using it.

If the suggested improvements are implemented, it will be even more flexible and feasible.

I give this review an overall rating of 9 out of 10, and I definitely recommend Trend Vision One to other users because it provides solid security for endpoint protection.

Trend Vision One sensors are used at the endpoint to gather information from endpoints, which has proven to be very useful. The coverage provided by Trend Vision One is critical for our organization's network because it's a comprehensive way to get all the relevant data from the endpoints regarding antivirus security and similar security settings.

Some basic features of the Cyber Risk Exposure Management capabilities in Trend Vision One are being used. Plans exist to expand the usage, but currently the overview of the cyber risk settings is checked, though it hasn't been used much in the last few months.

Trend Vision One has helped consolidate the use of security vendors and reduce silos, but other vendors have not been replaced. Trend Vision One alone is sufficient for current needs, so other vendors for such solutions do not need to be used, at least not for now.

Trend Vision One is used for consolidated security across hybrid environments.

The comprehensive overview of the security status is the most valuable feature of Trend Vision One. Trend Vision One platform's ability to provide centralized visibility and management is quite good because all the relevant data are present, providing everything needed. The interface is quite simple to use and all the relevant data can be seen there.

Trend Vision One has helped reduce the time to detect and respond to threats because information is gathered more quickly and all the relevant points are visible. If there's any problem, it can be seen much easier and quicker.

Trend Vision One has also helped reduce cyber risks because it decreases cyber risks as there is more control over the environment.

There are currently no particular suggestions on how Trend Vision One can be improved because improvements have been seen in nearly every version, and satisfaction with what can be seen and used is high.

Additional features are not desired to be seen in the next release of Trend Vision One because not all the features that are available now are being used. For current needs, everything is already there. Perhaps in the future something else will be needed, but everything that is currently needed is already included.

Trend Vision One has improved its integration with other products, with other vendors, or with mobile device management. The mobile device management solution has improved over the years and was pretty basic when it started, but now it has much more options. Some improvements could be made, but all the possibilities of the platform are not being fully utilized, so some features that could be discussed may not have been explored yet, though they may already be available.

Trend Vision One has been used for a couple of years.

There have been no problems with scaling Trend Vision One. The organization is not large, so there were no problems in scaling. Trend Vision One appears to be tailored for much bigger organizations, so no scaling problems were encountered.

There has not been much contact with technical support, though some checks and presentations were conducted, which were quite good. The response was very quick and all the information needed was received, resulting in high satisfaction.

Technical support would be rated nine out of ten. Regarding local technical support, it is also quite good through the partner network and directly. If something is escalated directly to Trend Micro, responses are received. There is high satisfaction with the current support level.

Positive

The initial setup of Trend Vision One was seamless because it was a migration from an on-premises Trend Micro service to a cloud-based one, so there were no particular problems.

External partners were used for the implementation of Trend Vision One, though the process was overseen. There was a transfer of knowledge during the implementation.

Return on investment from Trend Vision One has not been calculated in the traditional sense, but price-wise, it's a better solution than some others that have been looked at or researched. Trend Vision One is quite convenient for the organization.

Before Trend Vision One, a broader marketplace was evaluated. A granular possibility to purchase only needed options without purchasing unnecessary components was not observed in other solutions. The licensing model of Trend Vision One is the best among other solutions that have been seen.

For integrations with third-party solutions, integration was done for log management. Logs are downloaded or shipped from Trend Micro solutions to internal log management solutions, and there were no particular problems in integrations. Many other integrations specifically with Trend Micro were not conducted.

Trend Vision One is considered the best option on the market at the moment for this organization. Trend Vision One appears to be quite popular in the region, with many companies using it, both bigger and smaller organizations. A community provides information and support, making Trend Vision One popular in the area.

Trend Vision One has been using AI technologies already for some time, which shows awareness of the landscape. It is believed that Trend Vision One will tailor the solution accordingly, as AI is already being used in some solutions within the platform, indicating good direction for the product.

Trend Vision One provides learning courses, and events from partners sometimes offer opportunities to gather new information on the products. Additionally, a community is available, creating a good landscape for learning and support in the region.

The partnership program is not well known because collaboration is through partners, but it is believed that partner satisfaction is high.

Trend Vision One received an overall rating of eight out of ten.

Our use cases are essentially all the classic defense mechanisms that are used to protect devices, secure emails, and ensure that we don’t pull in anything harmful. We also monitor Internet and Intranet traffic to detect abnormal behavior and address it. This has helped us in many situations where we’ve faced external attacks, which then usually try to go back out. I always say that they try to drill through the wall and get back out, and in that way, we’ve been able to recognize when someone has gained access to our devices. 

We operate in 60 countries with 4,000 to 4,500 employees, of which nearly 2,000 are based in Frankfurt. All of the end devices of our colleagues are under IT security monitoring. The Deep Discovery Inspector is implemented at three global locations: one in Europe, one in Asia, and one in the USA. This allows us to detect any issues early on, and with network segmentation, we can minimize potential damage in case of an incident.

The biggest security concerns in our industry are not really industry-specific but are intrusions. Identity theft is a challenge and then there are issues where people are manipulated into making money transfers to what seem like customer accounts that don’t actually exist. 

Another is the classic attack, where ransomware is used to infiltrate systems and gain access through encryption and similar methods. 

Additionally, we also have the issue of IP protection.

Trend Vision One has significantly improved our company because we can now track and see how many attacks we have. Since we’ve implemented it, we haven’t had any major attacks that have successfully entered the company. So, we know the defense mechanism is working.

In terms of our ability to manage risks, we already had the stances for risk management in place, from our side, from a purely conceptual standpoint. Through a solution like this, we always want to get a more concrete approach for the operational side. We aim to identify and assess risks and then determine the measures we can take to mitigate those risks. That’s where Trend Micro is very helpful.

Trend Vision One has significantly helped reduce our time to detect and respond to threats. 

In terms of whether or not Trend Vision One has helped my organization reduce noise from false positives, it’s always a matter of perspective in terms of whether or not the number of alarms has truly been reduced or if they were false alarms. We rolled out the solution across the company, and as a result, we now monitor more devices and have a more comprehensive view of security. Therefore, the number of alarms and false alarms has certainly increased, because we are now looking at all devices. Previously, we didn’t monitor them, so we didn’t notice them.

We have always seen alarms and false alarms. However, we have incorporated mechanisms to identify where the false alarms are coming from, and we continuously refine the system. Sometimes, activities in the internal IT administrative area trigger alarms that are not actual threats, and we continuously adjust and refine those rules to reduce false alarms. We didn’t have a solution in place before to compare whether or not it has reduced false positives. The mechanisms we have now allow us to assess both alarms and false alarms in detail and, in the case of false alarms, to trace where they come from and implement rules to prevent them from happening again. 

Trend Vision One has definitely reduced my organization's cyber risk. We took a holistic view of all devices, became more aware of IT security risks from the outset, and then integrated all devices into that view. In the incidents we encountered at the beginning, as we increasingly implemented and observed this solution, a clear path was outlined on how to address and resolve these issues.

We implement the sensors globally from the angle that we are, in fact, global and operate worldwide. The importance lies in the fact that we know attacks can happen from anywhere, and therefore we decided to implement this as a standard solution within our company, The Samson Group. The Samson Group itself has 60 legal entities worldwide, and from our side, this is more of a governance requirement, meaning it must be used to protect the entire organization.

We have found the Deep Discovery Inspector that is in place exceptionally valuable. It has consistently helped us identify areas where issues are happening and where there have been small vulnerabilities in the network that could lead to issues. This happens when, at some point, an unauthorized device—one that shouldn’t be in the network—somehow gains access. This is certainly one of Trend Micro's standout features, as it has provided us with insight into what is happening in our network, which has prevented us from facing significant damage.

We have a positive impression of Trend Vision One's ability to provide us with centralized visibility and management across protection layers. The impression is definitely positive for us. That’s also why we decided to extend the contracts. It’s a very mature solution that is well-understood and user-friendly for people working in this field.

Trend Micro helps us consolidate security vendors because we are now establishing this as standard software for the company. We only work with one solution provider, which is part of the consolidation. When selecting the solutions, we carefully considered what was important to us and where issues occurred. For example, we were particularly pleased that the base and system come from a Japanese company, meaning we don’t have to put ourselves in the hands of Russian or American companies to make this happen.

We use the CREM features and from our perspective, it is very helpful because it provides a supportive function. In situations where we notice something, we also have a very direct line to the team.

When it comes to having AI, from a high-level perspective, I don’t really care how it’s done in terms of the solution. It's great if AI is used because we measure based on the results we achieve. It must meet the requirements for performance and speed. Today, AI is the tool of choice to achieve the necessary speed and performance. But it’s not about the fact that AI is involved; it’s about the fact that, at the end of the day, a fast and reliable solution has been created.

We still have devices that are not traditional IT equipment but rather fall under the category of Operational Technology (OT) devices. There is increasingly a blending of the traditional OT world, which requires a specific focus, as OT devices often don't use standard Ethernet protocols and similar technologies. These are areas where I believe more can be done by Trend Vision One. 

Taking it a step further, we also produce items that include IT elements, which are then used by customers. It would be great if there were Trend Micro products that could enhance the security of these devices, either as part of our product or in some other way integrated into our offering. But that's a different approach. At the moment, we use Trend Micro to protect our own company and our internal networks, but expanding this to our customer-facing products is an idea for the future.

We have been using Trend Micro for a long time, since 2020. We started in 2019 and signed our first Trend Vision One contract in 2020.

The stability is very high. We rarely encounter stability issues. When we do have issues, we typically find that they originate from our side, usually because certain information couldn't be provided by the server.

Compared to other companies, we're not huge, but during the rollout and expansion, we found that it scales easily. We haven't encountered any issues with scaling effects or anything like that.

Their technical support is excellent because we continuously see that when an issue arises, direct communication is sought. The ability to act quickly and be in direct communication is very important to us. It's not just about high-level support with the chatbot; rather, when an issue occurs, we have the experts on-site and ready to respond swiftly, which is crucial. In such situations, you need to act quickly without wasting time on what should happen next.

Positive

We have used a lot of products. Over the past few years, we have been consolidating into a single corporation and replacing other solutions with the corporate mandate of Trend Micro. The reason is for efficiency reasons, among others. By using the same solution across the entire company, we can manage and maintain it centrally, ensuring uniform behavior without having to deal with individual solutions for each part of the organization.

I was involved in the setup in terms of managing the role and function, but not from a technical standpoint.

My colleagues reported that it is a very well-designed software. We’ve experienced other solutions where we’ve worked on software for a long time, and it didn’t go as smoothly. I haven’t heard any complaints, so the setup must have been good.

We took a risk-based approach to implement this. We started rolling it out in some large manufacturing companies, where the potential damage in case of an incident would be the greatest. From there, we moved to the smaller legal entities, such as just sales offices or similar, so from large to small.

We have a relatively small team in the global function with three people who worked on it. We also have a packaging team and similar resources when it comes to creating installation scripts for end devices.

In terms of maintenance, we have purchased Trend Vision One as part of a SaaS solution. This includes updates and ongoing support, such as the provision of virus signatures, so we don't have dedicated staff specifically for maintenance. We do have designated contacts around the world dedicated to handling alarms and events. This is an additional responsibility for the IT team members after their training, so I can't give you a precise number of people involved. These activities are integrated into the existing IT staff who manage them alongside their regular tasks.

We have seen a return on investment fundamentally more qualitatively, proportionally, and quantitatively. We haven't done a strict ROI calculation. We know it's in place to counter potential damage, but it's hard to quantify potential damage in an ROI calculation. On the other hand, we had two incidents during the rollout for the global company. Thankfully, we also had cyber security insurance, and the insurance covered the incidents because, through Trend Micro and the implementation of the solution, along with the data it provided, we were able to demonstrate what had happened. Without this, we certainly wouldn’t have received the insurance payout.

Of course, we'd prefer for it to be free. Security has its price. Regarding the prices we've experienced, we consider Trend Micro to be competitive. However, we sometimes wish for a higher discount based on more usage as the company grows.

We looked around at other solutions. When we started evaluating options in 2019, we explored the typical solution portfolios available at the time. We considered several options, and then, based on different factors, we decided on a company operating out of Japan, rather than an extension of an American company. I don't quite remember all the details, but at the time, there was also a Russian solution that was quite popular in the European market, which we decided not to pursue further.

The main differences between these products and Trend Vision One were the functionality and the overall environment. We wanted a truly independent solution. From the perspective of German and European data protection laws, it was a matter of weighing where we could place the most trust and where we would see those principles reflected in the implementation.

My advice would be that one should really take the time to think carefully about what they want and need, and particularly engage in conversations with colleagues to find the right solution. One could say that to perform Deep Discovery Inspector on network traffic, more nodes could be added but at some point, the cost-benefit effect becomes minimal. 

We always felt that Trend Micro provided us with very good advice, suggesting that more than three nodes in a global context weren't necessary. Any additional nodes would only slightly improve performance, making it not worthwhile. It's important to listen to the Trend Micro team and communicate openly. What's key is that you have to think about your scenarios and risks in advance—this is something they can't take off your hands. For example, network segmentation, which isn't part of Trend Micro's offering, is a mechanism we also bring in. It's important to work hand in hand, and there needs to be a lot of dialogue at this stage.

Foreign Language: (German)

Hat die Unternehmenssicherheit signifikant verbessert, da wir nun Angriffe sehr genau nachverfolgen und erkennen können

Was ist unser primärer Anwendungsfall?

Im Wesentlichen alle klassischen Abwehrmechanismen, die zum Schutz von Geräten, zur Sicherung von E-Mails und zur Vermeidung von Schadsoftware verwendet werden. Darüber hinaus überwachen wir Internet- und Intranetverkehr, um abnormales Verhalten zu erkennen und entsprechend zu handeln. Dies hat uns in vielen Situationen geholfen, in denen wir mit externen Angriffen konfrontiert waren, die normalerweise versuchen, erneut auszubrechen. Ich sage immer, dass diese Angriffe versuchen, sich durch die Wand zu bohren und dann wieder auszubrechen. Auf diese Weise konnten wir erkennen, wann jemand Zugang zu unseren Geräten erlangt hat.

Wir sind in 60 Ländern mit 4.000 bis 4.500 Mitarbeitern tätig, von denen fast 2.000 in Frankfurt ansässig sind. Alle Endgeräte unserer Kolleginnen und Kollegen stehen unter IT-Sicherheitsüberwachung. Die Deep Discovery Inspection wird an drei globalen Standorten implementiert: einem in Europa, einem in Asien und einem in den USA. Dies ermöglicht es uns, Probleme frühzeitig zu erkennen und mit Netzwerksegmentierung potenziellen Schaden im Falle eines Vorfalls zu minimieren.

Die größten Sicherheitsbedenken in unserer Branche sind nicht unbedingt branchenspezifisch, sondern beinhalten Angriffe. Identitätsdiebstahl ist eine Herausforderung, ebenso wie Situationen, in denen Personen dazu manipuliert werden, Geldüberweisungen an scheinbare Kundenkonten zu tätigen, die tatsächlich nicht existieren.

Ein weiteres Beispiel ist der klassische Angriff, bei dem Ransomware genutzt wird, um Systeme zu infiltrieren und durch Verschlüsselung und ähnliche Methoden Zugang zu erlangen.

Zudem haben wir auch mit dem Thema IP-Schutz zu kämpfen.

Wie hat es meinem Unternehmen geholfen? Trend Vision One hat die Sicherheit unseres Unternehmens signifikant verbessert, da wir jetzt Angriffe sehr genau nachverfolgen und erkennen können. Seit der Implementierung hatten wir keine größeren erfolgreichen Angriffe mehr. Das zeigt: Die Verteidigungsmechanismen funktionieren.

Hinsichtlich unseres Risikomanagements hatten wir bereits Strategien zur Risikobewältigung aus konzeptioneller Sicht implementiert. Eine Lösung wie diese ermöglicht uns jedoch, einen konkreteren operativen Ansatz zu verfolgen. Ziel ist es, Risiken zu identifizieren, zu bewerten und dann Maßnahmen zu ergreifen, um diese zu mindern. Trend Micro ist dabei äußerst hilfreich.

Trend Vision One hat uns geholfen, die Zeit zur Erkennung und Reaktion auf Bedrohungen erheblich zu reduzieren.

Ob Trend Vision One meinem Unternehmen geholfen hat, den Lärm durch Fehlalarme zu reduzieren, ist eine Frage der Perspektive. Wir haben die Lösung unternehmensweit ausgerollt, wodurch wir jetzt mehr Geräte überwachen und eine umfassendere Sicherheitsübersicht haben. Die Anzahl der Alarme und Fehlalarme ist dadurch gestiegen, da wir nun mehr Geräte einbeziehen, die zuvor nicht überwacht wurden.

Wir haben Mechanismen implementiert, um Fehlalarme zu identifizieren und kontinuierlich das System zu verbessern. Manchmal lösen interne IT Administrationsaktivitäten Alarme aus, die keine Bedrohungen darstellen. Hier passen wir die Regeln kontinuierlich an, um Fehlalarme zu reduzieren.

Trend Vision One hat definitiv das Cyberrisiko in unserem Unternehmen reduziert. Wir haben einen ganzheitlichen Blick auf alle Geräte geworfen, sind uns der IT Sicherheitsrisiken von Anfang an bewusster geworden und haben alle Geräte in diese Übersicht integriert.

Was ist besonders wertvoll?

Die globale Implementierung der Sensoren ist für uns von zentraler Bedeutung, da Angriffe von überall erfolgen können. Daher haben wir entschieden, dies als Standardlösung innerhalb unseres Unternehmens, der Samson Group, zu etablieren.

Die Deep Discovery Inspection ist ein besonders wertvolles Feature, da sie uns regelmäßig dabei hilft, Schwachstellen im Netzwerk zu identifizieren. Insbesondere wenn ein unbefugtes Gerät Zugang zum Netzwerk erlangt, bietet uns Trend Micro Einblicke, die uns vor größeren Schäden bewahren.

Trend Vision One bietet uns eine zentrale Übersicht und Management-Funktion über alle Schutzebenen hinweg. Diese Funktionalität ist reif und benutzerfreundlich, weshalb wir die Verträge verlängert haben. Trend Micro unterstützt uns bei der Konsolidierung von Sicherheitsanbietern, indem wir jetzt nur mit einem Lösungsanbieter arbeiten, der als Standardsoftware im gesamten Unternehmen eingesetzt wird.

Was könnte verbessert werden?

Es gibt weiterhin Geräte, die nicht in die klassische IT-Ausstattung fallen, sondern in den Bereich der Operational Technology (OT). OT-Geräte verwenden oft keine Standard-Ethernet-Protokolle, was spezielle Aufmerksamkeit erfordert. Hier könnte Trend Vision One mehr leisten.

Darüber hinaus wäre es wünschenswert, wenn Trend Micro auch Lösungen anbieten würde, um die Sicherheit der von uns produzierten IT-Produkte zu verbessern, die an Kunden geliefert werden.

Wie lange nutze ich die Lösung?

Wir verwenden Trend Micro bereits seit einiger Zeit, genauer gesagt seit 2020. Angefangen haben wir 2019 und haben unseren ersten Vertrag für Trend Vision One im Jahr 2020 unterzeichnet.

Was denke ich über die Stabilität der Lösung?

Die Stabilität ist sehr hoch. Wir stoßen selten auf Stabilitätsprobleme. Wenn es doch Probleme gibt, stellen wir in der Regel fest, dass sie von unserer Seite kommen, meist weil der Server bestimmte Informationen nicht bereitstellen konnte.

Was denke ich über die Skalierbarkeit der Lösung?

Im Vergleich zu anderen Unternehmen sind wir nicht riesig, aber während der Einführung und Expansion haben wir festgestellt, dass die Lösung leicht skaliert. Wir hatten keine Probleme mit Skalierungseffekten oder Ähnlichem.

Was halte ich von dem Kundenservice und Support?

Der technische Support ist hervorragend, da wir immer wieder sehen, dass bei auftretenden Problemen der direkte Kontakt gesucht wird. Die Fähigkeit, schnell zu handeln und direkt zu kommunizieren, ist für uns sehr wichtig. Es geht nicht nur um Support auf hoher Ebene mit einem Chatbot, sondern darum, dass Experten vor Ort sind und schnell reagieren können, wenn ein Problem auftritt. Das ist entscheidend, denn in solchen Situationen muss man schnell handeln, ohne Zeit zu verlieren.

Wie bewerte ich den Kundenservice und Support bewerten?

Positiv.

Welche Lösung habe ich zuvor genutzt und warum habe ich gewechselt?

Wir haben viele Produkte verwendet. In den letzten Jahren haben wir uns zu einer einheitlichen Unternehmenskultur konsolidiert und andere Lösungen durch die Unternehmensvorgabe von Trend Micro ersetzt. Ein Grund dafür sind Effizienzüberlegungen. Durch die Verwendung derselben Lösung im gesamten Unternehmen können wir sie zentral verwalten und warten, was ein einheitliches Verhalten sicherstellt, ohne dass jede Organisationseinheit eigene Lösungen benötigt.

Wie war der anfängliche Set-Up?

Ich war in Bezug auf die Verwaltung der Rolle und Funktion beteiligt, jedoch nicht aus technischer Sicht.

Meine Kollegen berichteten, dass es sich um eine sehr gut konzipierte Software handelt. Wir haben andere Lösungen erlebt, bei denen die Arbeit mit der Software viel länger gedauert hat und nicht so reibungslos verlief. Ich habe keine Beschwerden gehört, daher muss die Einrichtung gut gewesen sein.

Wir haben einen risikobasierten Ansatz gewählt, um die Implementierung durchzuführen. Wir begannen damit, die Lösung in großen

Fertigungsunternehmen einzuführen, wo der potenzielle Schaden im Falle eines Vorfalls am größten wäre. Von dort aus gingen wir zu kleineren rechtlichen Einheiten über, wie reinen Vertriebsbüros oder Ähnlichem, also von groß nach klein.

Wir haben ein relativ kleines globales Team mit drei Personen, die an der Implementierung gearbeitet haben. Außerdem gibt es ein Verpackungsteam und ähnliche Ressourcen, die Installationsskripte für Endgeräte erstellen.

Wie sieht es mit der Wartung aus?

Wir haben Trend Vision One als Teil einer SaaS-Lösung gekauft. Diese umfasst Updates und laufenden Support, wie die Bereitstellung von Virensignaturen, sodass wir keine dedizierten Mitarbeiter speziell für die Wartung haben. Wir haben jedoch weltweit benannte Ansprechpartner, die für die Bearbeitung von Alarmen und Ereignissen verantwortlich sind. Diese Aufgaben sind eine zusätzliche Verantwortung der IT-Teammitglieder nach deren Schulung. Daher kann ich Ihnen keine genaue Anzahl an Personen nennen, die daran beteiligt sind. Diese Aktivitäten sind in das bestehende IT-Personal integriert, das sie neben seinen regulären Aufgaben verwaltet.

Was war unser ROI?

Wir haben einen Return on Investment im Wesentlichen qualitativ, proportional und quantitativ gesehen. Eine strikte ROI-Berechnung haben wir nicht durchgeführt. Wir wissen, dass die Lösung eingesetzt wird, um potenzielle Schäden zu verhindern, aber es ist schwierig, potenzielle Schäden in einer ROI Berechnung zu quantifizieren. Andererseits hatten wir während der Einführung für das globale Unternehmen zwei Vorfälle. Zum Glück hatten wir auch eine Cyberversicherung, die die Vorfälle abgedeckt hat, weil wir durch Trend Micro und die Implementierung der Lösung sowie die bereitgestellten Daten nachweisen konnten, was passiert war. Ohne dies hätten wir sicherlich keine Versicherungszahlung erhalten.

Was sind meine Erfahrungen mit Preisen, Einrichtungskosten und Lizenzierung?

Natürlich würden wir uns wünschen, dass es kostenlos wäre. Sicherheit hat jedoch ihren Preis. Was die von uns erlebten Preise betrifft, halten wir Trend Micro für wettbewerbsfähig. Manchmal wünschen wir uns jedoch einen höheren Rabatt bei steigender Nutzung, da das Unternehmen wächst.

Welche anderen Lösungen habe ich evaluiert?

Wir haben uns andere Lösungen angesehen. Als wir 2019 mit der Evaluierung begonnen haben, haben wir die typischen Lösungsportfolios geprüft, die zu dieser Zeit verfügbar waren. Wir haben mehrere Optionen in Betracht gezogen und uns dann, basierend auf verschiedenen Faktoren, für ein Unternehmen aus Japan entschieden, anstatt für eine Erweiterung eines amerikanischen Unternehmens. Ich erinnere mich nicht mehr an alle Details, aber damals gab es auch einerussische Lösung, die auf dem europäischen Markt recht beliebt war, die wir jedoch nicht weiter verfolgt haben.

Die Hauptunterschiede zwischen diesen Produkten und Trend Vision One lagen in der Funktionalität und der Gesamtumgebung. Wir wollten eine wirklich unabhängige Lösung. Aus Sicht der deutschen und europäischen Datenschutzgesetze war es eine Frage des Abwägens, wo wir das größte Vertrauen haben können und wo wir diese Prinzipien in der Umsetzung wiedererkennen würden.

Welche weiteren Ratschläge habe ich?

Mein Rat wäre, sich wirklich Zeit zu nehmen, um sorgfältig zu überlegen, was man will und braucht, und sich insbesondere mit Kollegen auszutauschen, um die richtige Lösung zu finden. Man könnte sagen, dass man zur Durchführung einer Deep Discovery Inspection auf Netzwerkverkehr mehr Knoten hinzufügen könnte, aber irgendwann wird der Kosten-Nutzen-Effekt minimal.

Wir hatten immer das Gefühl, dass uns Trend Micro sehr gut beraten hat und uns empfahl, dass mehr als drei Knoten im globalen Kontext nicht notwendig wären. Zusätzliche Knoten würden die Leistung nur geringfügig verbessern, was sich nicht lohnen würde. Es ist wichtig, auf das Team von Trend Micro zu hören und offen zu kommunizieren. Entscheidend ist, dass man seine Szenarien und Risiken im Voraus durchdenkt – das können sie einem nicht abnehmen. Zum Beispiel ist die Netzwerksegmentierung, die nicht Teil des Angebots von Trend Micro ist, ein Mechanismus, den wir ebenfalls einsetzen. Es ist wichtig, Hand in Hand zu arbeiten, und es muss in dieser Phase viel Dialog geben.

Welches Bereitstellungsmodell nutzen Sie für diese Lösung?

Hybrid-Cloud

Cloud oder Hybrid Cloud: Welcher Cloud-Anbieter wird genutzt? Amazon Web Services (AWS)

My use case is to monitor my entire infrastructure, investigate the latest vulnerabilities, identify loopholes, and monitor live threat detections to mitigate these threats.

Trend Vision One's best features are the ESRM and its email gateways, along with its playbooks, which are useful for testing any threat or vulnerability.

It helps in identifying blind spots by providing comprehensive knowledge about risk assessment and a method to compare our organization with others, allowing us to understand our current stage in cybersecurity.

Trend Vision One needs to work on its logging system as the logging systems are very complex, and they need to reform their logs in a more informative way.

I have been using Trend Vision One for the last three years.

I would rate the stability an eight.

I would rate the scalability a nine.

Their response rate is approximately 80 to 90%, and they mitigate the issue.

I would rate the technical support a nine.

Positive

I compare Trend Vision One with Trellix and Kaspersky, and compared to both of these, Trend Vision One is very useful with one-window operation and is a market-gaining product.

The deployment is easy and very moderate, taking approximately one month.

It was a partner purchase.

The ROI is positive, and I see a reduction of 100%.

Trend Vision One is not so expensive; it is very moderate.

Trend Vision One is very effective and very market competitive, which is why we are using it.

I will definitely recommend this product because of its deep knowledge and deep features, such as ESRM, playbooks, and other email gateways.

We have approximately 50 users.

I do use Trend Vision One sensors, and they totally cover our network as we are using network sensors and service gateways to scan the whole network and gather information about our loopholes, mitigations, and vulnerabilities with respect to the latest CVEs.

I give this product a rating of 9.

My main use case for Trend Vision One is XDR security in our AWS environment for our EC2 instances, and I'm hoping to accomplish effective security measures with it.

The best features Trend Vision One offers are the dashboard, reporting, and the customer service experience, specifically the customer service experience.

What makes the customer service experience stand out is that the onboarding process was exceptionally smooth. John, our account manager, was able to coordinate us with a technical resource to help with a white-glove onboarding process to ensure that our migration from Trend Micro Cloud One to Vision One was smooth and successful.

Trend Vision One has impacted my organization positively, and it's our XDR solution, so it works as intended.

Having Trend Vision One as my XDR solution has helped my team significantly. The Sentinel integration is a huge help for allowing us to detect and respond to events in our AWS environment.

I cannot think of anything that Trend Vision One can be improved.

I have been using Trend Vision One for about a week.

Trend Vision One is stable. I have experienced minimal issues with reliability or downtime.

Trend Vision One's scalability is excellent. It can handle my organization's growth and changing needs.

The customer support is exceptional. Working with their technical resource, Victor, was fantastic, and I am very happy with the customer service that we experienced from both Victor and John.

I would rate the customer support exceptionally high on a scale of one to ten.

I did not previously use a different solution before Trend Vision One.

I have seen a return on investment. I have been a Trend Micro customer for years and I continue to see value in their platform and have used it at several jobs.

My experience with pricing, setup cost, and licensing was very easy. Our enterprise account manager, John, made all of that very easy, as he was able to send me the private offer, walk us through accepting it inside of the AWS Marketplace, and helped us cancel our existing subscription.

Before choosing Trend Vision One, I evaluated other options. I considered Microsoft Sentinel and Microsoft Defender.

The advice I would give to others looking into using Trend Vision One is to try it.

I rate Trend Vision One an 8 out of 10.