TrendAI Vision One Reviews

My main use case for TrendAI Vision One is for endpoint security and XDR, as we need to handle incidents effectively.

TrendAI Vision One provides all the details for incident handling in our bank security operations, such as identifying where a threat is coming from, its impact, and a workbench to manage responses, making it easy to mitigate issues. In my daily work, TrendAI Vision One helps us first on the endpoint by preventing threats, allowing us not to worry about the types of daily updates, which we schedule based on preferences. Additionally, with XDR, we receive all threat events and their impacts, which helps us mitigate cyber risks and create playbooks.

The best features of TrendAI Vision One are its integration capabilities with third-party intelligence such as STIX and MISP, along with collaboration and integration with tools such as Splunk, IBM QRadar, and DSPM and SASE products. The integrations with third-party tools such as Splunk and QRadar help our team significantly; we utilize syslog to gather all endpoint logs and QRadar logs. We simply generate an API and API key to facilitate integration with Splunk or QRadar.

TrendAI Vision One has in-depth analysis and recognition features that provide a diagram of a workbench if a preventive attack is happening or has occurred, allowing me to access all logs and additional information regarding the threat's origin, impact, and mitigation strategies.

TrendAI Vision One has positively impacted our organization by giving us fewer false positive alerts, and with its support, we are securing our environment against upcoming vulnerabilities such as zero-day attacks. Reducing false positives and handling zero-day attacks has streamlined our team's daily workflow and improved our overall security posture. For example, we integrated with Netskope and IBM QRadar, which reduced our workload by decreasing alerts, as QRadar detects genuine files that may have been previously flagged.

I do not have any specific suggestions for improving TrendAI Vision One.

I have been using TrendAI Vision One for three years.

In my experience, TrendAI Vision One is stable.

The scalability of TrendAI Vision One is notably low maintenance, and their support for the agent is long-term. We update the agent quarterly, and their Basecamp services share a data lake, making information gathering effortless.

The customer support for TrendAI Vision One is very good. We create a case, and Trend support connects remotely, typically within twenty-four hours.

Positive

Previously, we used Sophos, which was very bulky and caused slowness issues, prompting us to switch to TrendAI Vision One.

The setup cost is reasonable, and the licensing is relatively low.

We have directly purchased TrendAI Vision One from Trend Micro and did not acquire it through the AWS marketplace.

We have seen a return on investment because it is easy to use. One agent installed on the endpoint saves both money and time, as we only need L1 engineers to support the endpoints, reducing the number of employees needed to manage them.

In my opinion, the pricing for TrendAI Vision One is somewhat high.

Before choosing TrendAI Vision One, we evaluated other options such as SentinelOne and CrowdStrike.

I rate TrendAI Vision One a ten out of ten. Most importantly, I chose ten out of ten because it is easy to control and install the product, and the support from Trend engineers is exceptional along with the help we receive from salespersons. I advise those looking into using TrendAI Vision One to consider it seriously, as it offers XDR features, endpoint security features, and ZTNA features, eliminating the need for multiple agents or plugins. TrendAI Vision One is a very good solution that is easy to use. Their knowledge-based articles are extremely helpful, allowing us as techies to troubleshoot issues independently without always relying on senior staff or support.

Our use cases are essentially all the classic defense mechanisms that are used to protect devices, secure emails, and ensure that we don’t pull in anything harmful. We also monitor Internet and Intranet traffic to detect abnormal behavior and address it. This has helped us in many situations where we’ve faced external attacks, which then usually try to go back out. I always say that they try to drill through the wall and get back out, and in that way, we’ve been able to recognize when someone has gained access to our devices. 

We operate in 60 countries with 4,000 to 4,500 employees, of which nearly 2,000 are based in Frankfurt. All of the end devices of our colleagues are under IT security monitoring. The Deep Discovery Inspector is implemented at three global locations: one in Europe, one in Asia, and one in the USA. This allows us to detect any issues early on, and with network segmentation, we can minimize potential damage in case of an incident.

The biggest security concerns in our industry are not really industry-specific but are intrusions. Identity theft is a challenge and then there are issues where people are manipulated into making money transfers to what seem like customer accounts that don’t actually exist. 

Another is the classic attack, where ransomware is used to infiltrate systems and gain access through encryption and similar methods. 

Additionally, we also have the issue of IP protection.

Trend Vision One has significantly improved our company because we can now track and see how many attacks we have. Since we’ve implemented it, we haven’t had any major attacks that have successfully entered the company. So, we know the defense mechanism is working.

In terms of our ability to manage risks, we already had the stances for risk management in place, from our side, from a purely conceptual standpoint. Through a solution like this, we always want to get a more concrete approach for the operational side. We aim to identify and assess risks and then determine the measures we can take to mitigate those risks. That’s where Trend Micro is very helpful.

Trend Vision One has significantly helped reduce our time to detect and respond to threats. 

In terms of whether or not Trend Vision One has helped my organization reduce noise from false positives, it’s always a matter of perspective in terms of whether or not the number of alarms has truly been reduced or if they were false alarms. We rolled out the solution across the company, and as a result, we now monitor more devices and have a more comprehensive view of security. Therefore, the number of alarms and false alarms has certainly increased, because we are now looking at all devices. Previously, we didn’t monitor them, so we didn’t notice them.

We have always seen alarms and false alarms. However, we have incorporated mechanisms to identify where the false alarms are coming from, and we continuously refine the system. Sometimes, activities in the internal IT administrative area trigger alarms that are not actual threats, and we continuously adjust and refine those rules to reduce false alarms. We didn’t have a solution in place before to compare whether or not it has reduced false positives. The mechanisms we have now allow us to assess both alarms and false alarms in detail and, in the case of false alarms, to trace where they come from and implement rules to prevent them from happening again. 

Trend Vision One has definitely reduced my organization's cyber risk. We took a holistic view of all devices, became more aware of IT security risks from the outset, and then integrated all devices into that view. In the incidents we encountered at the beginning, as we increasingly implemented and observed this solution, a clear path was outlined on how to address and resolve these issues.

We implement the sensors globally from the angle that we are, in fact, global and operate worldwide. The importance lies in the fact that we know attacks can happen from anywhere, and therefore we decided to implement this as a standard solution within our company, The Samson Group. The Samson Group itself has 60 legal entities worldwide, and from our side, this is more of a governance requirement, meaning it must be used to protect the entire organization.

We have found the Deep Discovery Inspector that is in place exceptionally valuable. It has consistently helped us identify areas where issues are happening and where there have been small vulnerabilities in the network that could lead to issues. This happens when, at some point, an unauthorized device—one that shouldn’t be in the network—somehow gains access. This is certainly one of Trend Micro's standout features, as it has provided us with insight into what is happening in our network, which has prevented us from facing significant damage.

We have a positive impression of Trend Vision One's ability to provide us with centralized visibility and management across protection layers. The impression is definitely positive for us. That’s also why we decided to extend the contracts. It’s a very mature solution that is well-understood and user-friendly for people working in this field.

Trend Micro helps us consolidate security vendors because we are now establishing this as standard software for the company. We only work with one solution provider, which is part of the consolidation. When selecting the solutions, we carefully considered what was important to us and where issues occurred. For example, we were particularly pleased that the base and system come from a Japanese company, meaning we don’t have to put ourselves in the hands of Russian or American companies to make this happen.

We use the CREM features and from our perspective, it is very helpful because it provides a supportive function. In situations where we notice something, we also have a very direct line to the team.

When it comes to having AI, from a high-level perspective, I don’t really care how it’s done in terms of the solution. It's great if AI is used because we measure based on the results we achieve. It must meet the requirements for performance and speed. Today, AI is the tool of choice to achieve the necessary speed and performance. But it’s not about the fact that AI is involved; it’s about the fact that, at the end of the day, a fast and reliable solution has been created.

We still have devices that are not traditional IT equipment but rather fall under the category of Operational Technology (OT) devices. There is increasingly a blending of the traditional OT world, which requires a specific focus, as OT devices often don't use standard Ethernet protocols and similar technologies. These are areas where I believe more can be done by Trend Vision One. 

Taking it a step further, we also produce items that include IT elements, which are then used by customers. It would be great if there were Trend Micro products that could enhance the security of these devices, either as part of our product or in some other way integrated into our offering. But that's a different approach. At the moment, we use Trend Micro to protect our own company and our internal networks, but expanding this to our customer-facing products is an idea for the future.

We have been using Trend Micro for a long time, since 2020. We started in 2019 and signed our first Trend Vision One contract in 2020.

The stability is very high. We rarely encounter stability issues. When we do have issues, we typically find that they originate from our side, usually because certain information couldn't be provided by the server.

Compared to other companies, we're not huge, but during the rollout and expansion, we found that it scales easily. We haven't encountered any issues with scaling effects or anything like that.

Their technical support is excellent because we continuously see that when an issue arises, direct communication is sought. The ability to act quickly and be in direct communication is very important to us. It's not just about high-level support with the chatbot; rather, when an issue occurs, we have the experts on-site and ready to respond swiftly, which is crucial. In such situations, you need to act quickly without wasting time on what should happen next.

Positive

We have used a lot of products. Over the past few years, we have been consolidating into a single corporation and replacing other solutions with the corporate mandate of Trend Micro. The reason is for efficiency reasons, among others. By using the same solution across the entire company, we can manage and maintain it centrally, ensuring uniform behavior without having to deal with individual solutions for each part of the organization.

I was involved in the setup in terms of managing the role and function, but not from a technical standpoint.

My colleagues reported that it is a very well-designed software. We’ve experienced other solutions where we’ve worked on software for a long time, and it didn’t go as smoothly. I haven’t heard any complaints, so the setup must have been good.

We took a risk-based approach to implement this. We started rolling it out in some large manufacturing companies, where the potential damage in case of an incident would be the greatest. From there, we moved to the smaller legal entities, such as just sales offices or similar, so from large to small.

We have a relatively small team in the global function with three people who worked on it. We also have a packaging team and similar resources when it comes to creating installation scripts for end devices.

In terms of maintenance, we have purchased Trend Vision One as part of a SaaS solution. This includes updates and ongoing support, such as the provision of virus signatures, so we don't have dedicated staff specifically for maintenance. We do have designated contacts around the world dedicated to handling alarms and events. This is an additional responsibility for the IT team members after their training, so I can't give you a precise number of people involved. These activities are integrated into the existing IT staff who manage them alongside their regular tasks.

We have seen a return on investment fundamentally more qualitatively, proportionally, and quantitatively. We haven't done a strict ROI calculation. We know it's in place to counter potential damage, but it's hard to quantify potential damage in an ROI calculation. On the other hand, we had two incidents during the rollout for the global company. Thankfully, we also had cyber security insurance, and the insurance covered the incidents because, through Trend Micro and the implementation of the solution, along with the data it provided, we were able to demonstrate what had happened. Without this, we certainly wouldn’t have received the insurance payout.

Of course, we'd prefer for it to be free. Security has its price. Regarding the prices we've experienced, we consider Trend Micro to be competitive. However, we sometimes wish for a higher discount based on more usage as the company grows.

We looked around at other solutions. When we started evaluating options in 2019, we explored the typical solution portfolios available at the time. We considered several options, and then, based on different factors, we decided on a company operating out of Japan, rather than an extension of an American company. I don't quite remember all the details, but at the time, there was also a Russian solution that was quite popular in the European market, which we decided not to pursue further.

The main differences between these products and Trend Vision One were the functionality and the overall environment. We wanted a truly independent solution. From the perspective of German and European data protection laws, it was a matter of weighing where we could place the most trust and where we would see those principles reflected in the implementation.

My advice would be that one should really take the time to think carefully about what they want and need, and particularly engage in conversations with colleagues to find the right solution. One could say that to perform Deep Discovery Inspector on network traffic, more nodes could be added but at some point, the cost-benefit effect becomes minimal. 

We always felt that Trend Micro provided us with very good advice, suggesting that more than three nodes in a global context weren't necessary. Any additional nodes would only slightly improve performance, making it not worthwhile. It's important to listen to the Trend Micro team and communicate openly. What's key is that you have to think about your scenarios and risks in advance—this is something they can't take off your hands. For example, network segmentation, which isn't part of Trend Micro's offering, is a mechanism we also bring in. It's important to work hand in hand, and there needs to be a lot of dialogue at this stage.

Foreign Language: (German)

Hat die Unternehmenssicherheit signifikant verbessert, da wir nun Angriffe sehr genau nachverfolgen und erkennen können

Was ist unser primärer Anwendungsfall?

Im Wesentlichen alle klassischen Abwehrmechanismen, die zum Schutz von Geräten, zur Sicherung von E-Mails und zur Vermeidung von Schadsoftware verwendet werden. Darüber hinaus überwachen wir Internet- und Intranetverkehr, um abnormales Verhalten zu erkennen und entsprechend zu handeln. Dies hat uns in vielen Situationen geholfen, in denen wir mit externen Angriffen konfrontiert waren, die normalerweise versuchen, erneut auszubrechen. Ich sage immer, dass diese Angriffe versuchen, sich durch die Wand zu bohren und dann wieder auszubrechen. Auf diese Weise konnten wir erkennen, wann jemand Zugang zu unseren Geräten erlangt hat.

Wir sind in 60 Ländern mit 4.000 bis 4.500 Mitarbeitern tätig, von denen fast 2.000 in Frankfurt ansässig sind. Alle Endgeräte unserer Kolleginnen und Kollegen stehen unter IT-Sicherheitsüberwachung. Die Deep Discovery Inspection wird an drei globalen Standorten implementiert: einem in Europa, einem in Asien und einem in den USA. Dies ermöglicht es uns, Probleme frühzeitig zu erkennen und mit Netzwerksegmentierung potenziellen Schaden im Falle eines Vorfalls zu minimieren.

Die größten Sicherheitsbedenken in unserer Branche sind nicht unbedingt branchenspezifisch, sondern beinhalten Angriffe. Identitätsdiebstahl ist eine Herausforderung, ebenso wie Situationen, in denen Personen dazu manipuliert werden, Geldüberweisungen an scheinbare Kundenkonten zu tätigen, die tatsächlich nicht existieren.

Ein weiteres Beispiel ist der klassische Angriff, bei dem Ransomware genutzt wird, um Systeme zu infiltrieren und durch Verschlüsselung und ähnliche Methoden Zugang zu erlangen.

Zudem haben wir auch mit dem Thema IP-Schutz zu kämpfen.

Wie hat es meinem Unternehmen geholfen? Trend Vision One hat die Sicherheit unseres Unternehmens signifikant verbessert, da wir jetzt Angriffe sehr genau nachverfolgen und erkennen können. Seit der Implementierung hatten wir keine größeren erfolgreichen Angriffe mehr. Das zeigt: Die Verteidigungsmechanismen funktionieren.

Hinsichtlich unseres Risikomanagements hatten wir bereits Strategien zur Risikobewältigung aus konzeptioneller Sicht implementiert. Eine Lösung wie diese ermöglicht uns jedoch, einen konkreteren operativen Ansatz zu verfolgen. Ziel ist es, Risiken zu identifizieren, zu bewerten und dann Maßnahmen zu ergreifen, um diese zu mindern. Trend Micro ist dabei äußerst hilfreich.

Trend Vision One hat uns geholfen, die Zeit zur Erkennung und Reaktion auf Bedrohungen erheblich zu reduzieren.

Ob Trend Vision One meinem Unternehmen geholfen hat, den Lärm durch Fehlalarme zu reduzieren, ist eine Frage der Perspektive. Wir haben die Lösung unternehmensweit ausgerollt, wodurch wir jetzt mehr Geräte überwachen und eine umfassendere Sicherheitsübersicht haben. Die Anzahl der Alarme und Fehlalarme ist dadurch gestiegen, da wir nun mehr Geräte einbeziehen, die zuvor nicht überwacht wurden.

Wir haben Mechanismen implementiert, um Fehlalarme zu identifizieren und kontinuierlich das System zu verbessern. Manchmal lösen interne IT Administrationsaktivitäten Alarme aus, die keine Bedrohungen darstellen. Hier passen wir die Regeln kontinuierlich an, um Fehlalarme zu reduzieren.

Trend Vision One hat definitiv das Cyberrisiko in unserem Unternehmen reduziert. Wir haben einen ganzheitlichen Blick auf alle Geräte geworfen, sind uns der IT Sicherheitsrisiken von Anfang an bewusster geworden und haben alle Geräte in diese Übersicht integriert.

Was ist besonders wertvoll?

Die globale Implementierung der Sensoren ist für uns von zentraler Bedeutung, da Angriffe von überall erfolgen können. Daher haben wir entschieden, dies als Standardlösung innerhalb unseres Unternehmens, der Samson Group, zu etablieren.

Die Deep Discovery Inspection ist ein besonders wertvolles Feature, da sie uns regelmäßig dabei hilft, Schwachstellen im Netzwerk zu identifizieren. Insbesondere wenn ein unbefugtes Gerät Zugang zum Netzwerk erlangt, bietet uns Trend Micro Einblicke, die uns vor größeren Schäden bewahren.

Trend Vision One bietet uns eine zentrale Übersicht und Management-Funktion über alle Schutzebenen hinweg. Diese Funktionalität ist reif und benutzerfreundlich, weshalb wir die Verträge verlängert haben. Trend Micro unterstützt uns bei der Konsolidierung von Sicherheitsanbietern, indem wir jetzt nur mit einem Lösungsanbieter arbeiten, der als Standardsoftware im gesamten Unternehmen eingesetzt wird.

Was könnte verbessert werden?

Es gibt weiterhin Geräte, die nicht in die klassische IT-Ausstattung fallen, sondern in den Bereich der Operational Technology (OT). OT-Geräte verwenden oft keine Standard-Ethernet-Protokolle, was spezielle Aufmerksamkeit erfordert. Hier könnte Trend Vision One mehr leisten.

Darüber hinaus wäre es wünschenswert, wenn Trend Micro auch Lösungen anbieten würde, um die Sicherheit der von uns produzierten IT-Produkte zu verbessern, die an Kunden geliefert werden.

Wie lange nutze ich die Lösung?

Wir verwenden Trend Micro bereits seit einiger Zeit, genauer gesagt seit 2020. Angefangen haben wir 2019 und haben unseren ersten Vertrag für Trend Vision One im Jahr 2020 unterzeichnet.

Was denke ich über die Stabilität der Lösung?

Die Stabilität ist sehr hoch. Wir stoßen selten auf Stabilitätsprobleme. Wenn es doch Probleme gibt, stellen wir in der Regel fest, dass sie von unserer Seite kommen, meist weil der Server bestimmte Informationen nicht bereitstellen konnte.

Was denke ich über die Skalierbarkeit der Lösung?

Im Vergleich zu anderen Unternehmen sind wir nicht riesig, aber während der Einführung und Expansion haben wir festgestellt, dass die Lösung leicht skaliert. Wir hatten keine Probleme mit Skalierungseffekten oder Ähnlichem.

Was halte ich von dem Kundenservice und Support?

Der technische Support ist hervorragend, da wir immer wieder sehen, dass bei auftretenden Problemen der direkte Kontakt gesucht wird. Die Fähigkeit, schnell zu handeln und direkt zu kommunizieren, ist für uns sehr wichtig. Es geht nicht nur um Support auf hoher Ebene mit einem Chatbot, sondern darum, dass Experten vor Ort sind und schnell reagieren können, wenn ein Problem auftritt. Das ist entscheidend, denn in solchen Situationen muss man schnell handeln, ohne Zeit zu verlieren.

Wie bewerte ich den Kundenservice und Support bewerten?

Positiv.

Welche Lösung habe ich zuvor genutzt und warum habe ich gewechselt?

Wir haben viele Produkte verwendet. In den letzten Jahren haben wir uns zu einer einheitlichen Unternehmenskultur konsolidiert und andere Lösungen durch die Unternehmensvorgabe von Trend Micro ersetzt. Ein Grund dafür sind Effizienzüberlegungen. Durch die Verwendung derselben Lösung im gesamten Unternehmen können wir sie zentral verwalten und warten, was ein einheitliches Verhalten sicherstellt, ohne dass jede Organisationseinheit eigene Lösungen benötigt.

Wie war der anfängliche Set-Up?

Ich war in Bezug auf die Verwaltung der Rolle und Funktion beteiligt, jedoch nicht aus technischer Sicht.

Meine Kollegen berichteten, dass es sich um eine sehr gut konzipierte Software handelt. Wir haben andere Lösungen erlebt, bei denen die Arbeit mit der Software viel länger gedauert hat und nicht so reibungslos verlief. Ich habe keine Beschwerden gehört, daher muss die Einrichtung gut gewesen sein.

Wir haben einen risikobasierten Ansatz gewählt, um die Implementierung durchzuführen. Wir begannen damit, die Lösung in großen

Fertigungsunternehmen einzuführen, wo der potenzielle Schaden im Falle eines Vorfalls am größten wäre. Von dort aus gingen wir zu kleineren rechtlichen Einheiten über, wie reinen Vertriebsbüros oder Ähnlichem, also von groß nach klein.

Wir haben ein relativ kleines globales Team mit drei Personen, die an der Implementierung gearbeitet haben. Außerdem gibt es ein Verpackungsteam und ähnliche Ressourcen, die Installationsskripte für Endgeräte erstellen.

Wie sieht es mit der Wartung aus?

Wir haben Trend Vision One als Teil einer SaaS-Lösung gekauft. Diese umfasst Updates und laufenden Support, wie die Bereitstellung von Virensignaturen, sodass wir keine dedizierten Mitarbeiter speziell für die Wartung haben. Wir haben jedoch weltweit benannte Ansprechpartner, die für die Bearbeitung von Alarmen und Ereignissen verantwortlich sind. Diese Aufgaben sind eine zusätzliche Verantwortung der IT-Teammitglieder nach deren Schulung. Daher kann ich Ihnen keine genaue Anzahl an Personen nennen, die daran beteiligt sind. Diese Aktivitäten sind in das bestehende IT-Personal integriert, das sie neben seinen regulären Aufgaben verwaltet.

Was war unser ROI?

Wir haben einen Return on Investment im Wesentlichen qualitativ, proportional und quantitativ gesehen. Eine strikte ROI-Berechnung haben wir nicht durchgeführt. Wir wissen, dass die Lösung eingesetzt wird, um potenzielle Schäden zu verhindern, aber es ist schwierig, potenzielle Schäden in einer ROI Berechnung zu quantifizieren. Andererseits hatten wir während der Einführung für das globale Unternehmen zwei Vorfälle. Zum Glück hatten wir auch eine Cyberversicherung, die die Vorfälle abgedeckt hat, weil wir durch Trend Micro und die Implementierung der Lösung sowie die bereitgestellten Daten nachweisen konnten, was passiert war. Ohne dies hätten wir sicherlich keine Versicherungszahlung erhalten.

Was sind meine Erfahrungen mit Preisen, Einrichtungskosten und Lizenzierung?

Natürlich würden wir uns wünschen, dass es kostenlos wäre. Sicherheit hat jedoch ihren Preis. Was die von uns erlebten Preise betrifft, halten wir Trend Micro für wettbewerbsfähig. Manchmal wünschen wir uns jedoch einen höheren Rabatt bei steigender Nutzung, da das Unternehmen wächst.

Welche anderen Lösungen habe ich evaluiert?

Wir haben uns andere Lösungen angesehen. Als wir 2019 mit der Evaluierung begonnen haben, haben wir die typischen Lösungsportfolios geprüft, die zu dieser Zeit verfügbar waren. Wir haben mehrere Optionen in Betracht gezogen und uns dann, basierend auf verschiedenen Faktoren, für ein Unternehmen aus Japan entschieden, anstatt für eine Erweiterung eines amerikanischen Unternehmens. Ich erinnere mich nicht mehr an alle Details, aber damals gab es auch einerussische Lösung, die auf dem europäischen Markt recht beliebt war, die wir jedoch nicht weiter verfolgt haben.

Die Hauptunterschiede zwischen diesen Produkten und Trend Vision One lagen in der Funktionalität und der Gesamtumgebung. Wir wollten eine wirklich unabhängige Lösung. Aus Sicht der deutschen und europäischen Datenschutzgesetze war es eine Frage des Abwägens, wo wir das größte Vertrauen haben können und wo wir diese Prinzipien in der Umsetzung wiedererkennen würden.

Welche weiteren Ratschläge habe ich?

Mein Rat wäre, sich wirklich Zeit zu nehmen, um sorgfältig zu überlegen, was man will und braucht, und sich insbesondere mit Kollegen auszutauschen, um die richtige Lösung zu finden. Man könnte sagen, dass man zur Durchführung einer Deep Discovery Inspection auf Netzwerkverkehr mehr Knoten hinzufügen könnte, aber irgendwann wird der Kosten-Nutzen-Effekt minimal.

Wir hatten immer das Gefühl, dass uns Trend Micro sehr gut beraten hat und uns empfahl, dass mehr als drei Knoten im globalen Kontext nicht notwendig wären. Zusätzliche Knoten würden die Leistung nur geringfügig verbessern, was sich nicht lohnen würde. Es ist wichtig, auf das Team von Trend Micro zu hören und offen zu kommunizieren. Entscheidend ist, dass man seine Szenarien und Risiken im Voraus durchdenkt – das können sie einem nicht abnehmen. Zum Beispiel ist die Netzwerksegmentierung, die nicht Teil des Angebots von Trend Micro ist, ein Mechanismus, den wir ebenfalls einsetzen. Es ist wichtig, Hand in Hand zu arbeiten, und es muss in dieser Phase viel Dialog geben.

Welches Bereitstellungsmodell nutzen Sie für diese Lösung?

Hybrid-Cloud

Cloud oder Hybrid Cloud: Welcher Cloud-Anbieter wird genutzt? Amazon Web Services (AWS)

We use TrendAI Vision One as a web proxy to block and allow users to access web pages. We are a customer and an end user.

The best feature about TrendAI Vision One is the GUI; the platform is very user-friendly. The GUI of TrendAI Vision One is amazing and very useful, simple to understand, and simple to configure and learn. It saves my time and money, reducing approximately 20% of my time. AI in TrendAI Vision One was very important. If we integrate AI in TrendAI Vision One, it will provide more detail; all the data can be fetched from the internet to provide detailed network scalability and threats details, vulnerability scans, and port scans. It would be very good if the OEM integrates AI in TrendAI Vision One.

Stability can also be improved. Sometimes when we perform user management or when we go to log in to create the user, there will be some lagging on the network or it will automatically log out, and then we have to log in again on the web page.

When I tried to explore the web gateway and the email gateway, they are present under some options. If they can be provided in a simple interface, it will be very beneficial for the users and end users to understand and configure TrendAI Vision One.

I have used TrendAI Vision One for approximately five to six months, and I have used it in the past 12 months.

I will rate the stability at six to seven.

I will rate scalability at eight or nine, around eight.

Technical support for TrendAI Vision One was perfect; I will rate it at nine.

Positive

The ROI is around 10 to 15%.

The pricing of TrendAI Vision One is moderate.

In comparison to other vendors, the GUI is perfect; it is cost-effective and easy to understand and easy to operate. Overall, the comparison is good for TrendAI Vision One.

TrendAI Vision One provides overall network performance, such as CPU utilization, how many ports are open in the network, and how we can configure the attack in the network. Blind spots in the network can be identified through the platform.

The centralized visibility was also good; we can manage all things in a simple GUI management. It can be consolidated within a hybrid environment.

I would recommend everyone to use TrendAI Vision One because it is the simplest GUI management; a network engineer with one year of experience can also manage TrendAI Vision One, and it can be deployed in any environment such as AWS, Azure, GCP, and also in a hybrid model.

TrendAI Vision One provides detailed network performance, CPU utilization of devices, and malware functions in the devices; it is all the details in one simple GUI where we can manage it, and we can see which end user and which end system is at risk, which is not, and which has updated the antivirus or not. I rate TrendAI Vision One at eight overall. My review rating for this product is seven.

My use case is to monitor my entire infrastructure, investigate the latest vulnerabilities, identify loopholes, and monitor live threat detections to mitigate these threats.

TrendAI Vision One's best features are the ESRM and its email gateways, along with its playbooks, which are useful for testing any threat or vulnerability.

It helps in identifying blind spots by providing comprehensive knowledge about risk assessment and a method to compare our organization with others, allowing us to understand our current stage in cybersecurity.

TrendAI Vision One needs to work on its logging system as the logging systems are very complex, and they need to reform their logs in a more informative way.

I have been using TrendAI Vision One for the last three years.

I would rate the stability an eight.

I would rate the scalability a nine.

Their response rate is approximately 80 to 90%, and they mitigate the issue.

I would rate the technical support a nine.

Positive

I compare TrendAI Vision One with Trellix and Kaspersky, and compared to both of these, TrendAI Vision One is very useful with one-window operation and is a market-gaining product.

The deployment is easy and very moderate, taking approximately one month.

It was a partner purchase.

The ROI is positive, and I see a reduction of 100%.

TrendAI Vision One is not so expensive; it is very moderate.

TrendAI Vision One is very effective and very market competitive, which is why we are using it.

I will definitely recommend this product because of its deep knowledge and deep features, such as ESRM, playbooks, and other email gateways.

We have approximately 50 users.

I do use TrendAI Vision One sensors, and they totally cover our network as we are using network sensors and service gateways to scan the whole network and gather information about our loopholes, mitigations, and vulnerabilities with respect to the latest CVEs.

I give this product a rating of 9.

My main use case for TrendAI Vision One is XDR security in our AWS environment for our EC2 instances, and I'm hoping to accomplish effective security measures with it.

The best features TrendAI Vision One offers are the dashboard, reporting, and the customer service experience, specifically the customer service experience.

What makes the customer service experience stand out is that the onboarding process was exceptionally smooth. John, our account manager, was able to coordinate us with a technical resource to help with a white-glove onboarding process to ensure that our migration from Trend Micro Cloud One to Vision One was smooth and successful.

TrendAI Vision One has impacted my organization positively, and it's our XDR solution, so it works as intended.

Having TrendAI Vision One as my XDR solution has helped my team significantly. The Sentinel integration is a huge help for allowing us to detect and respond to events in our AWS environment.

I cannot think of anything that TrendAI Vision One can be improved.

I have been using TrendAI Vision One for about a week.

TrendAI Vision One is stable. I have experienced minimal issues with reliability or downtime.

TrendAI Vision One's scalability is excellent. It can handle my organization's growth and changing needs.

The customer support is exceptional. Working with their technical resource, Victor, was fantastic, and I am very happy with the customer service that we experienced from both Victor and John.

I would rate the customer support exceptionally high on a scale of one to ten.

Positive

I did not previously use a different solution before TrendAI Vision One.

I have seen a return on investment. I have been a Trend Micro customer for years and I continue to see value in their platform and have used it at several jobs.

My experience with pricing, setup cost, and licensing was very easy. Our enterprise account manager, John, made all of that very easy, as he was able to send me the private offer, walk us through accepting it inside of the AWS Marketplace, and helped us cancel our existing subscription.

Before choosing TrendAI Vision One, I evaluated other options. I considered Microsoft Sentinel and Microsoft Defender.

The advice I would give to others looking into using TrendAI Vision One is to try it.

I rate TrendAI Vision One an 8 out of 10.

We use TrendAI Vision One for our endpoint protection in our data center, mostly focused around our server assets, and we do anti-malware, intrusion prevention, as well as firewall, host-based firewall capabilities.

The ease of configuration, customization, and organization are what I appreciate the most about TrendAI Vision One. 

It is a bit slow to implement kernel support on the Linux side. When doing patching and upgrades on our Linux servers, we often find that the Trend agent doesn't support the kernel version. It's usually not far behind, but we often are in a position where we may not be properly protected for a period.

We started using Trend Deep Security, which was the product prior to TrendAI Vision One, seven or eight years ago, and then we transitioned to TrendAI Vision One two years ago. While we have been using TrendAI Vision One proper for two years, we had essentially the same product in an on-prem version for seven or eight years.

We've had performance issues with the agents of TrendAI Vision One at odd times, but I wouldn't say it's been a widespread issue or a common issue. Once in a while, there have been things that we've attributed to Trend.

The scalability of TrendAI Vision One seems infinite. We're not a huge organization, so we haven't really run into any limitations, but it appears it can scale to accommodate and serve any of our purposes.

The quality of support for TrendAI Vision One is generally very good. If we have any issues with support, we can leverage our sales engineer for support or escalation. I really haven't had any concerns. I have contacted the technical support or customer support via phone number or ticket.

Positive

We have used Microsoft Defender, Sophos, as well as McAfee as alternatives to TrendAI Vision One. I prefer TrendAI Vision One more compared to those alternatives.

We transitioned from our on-premises Deep Security deployment to Vision One, and the process was relatively smooth. However, we encountered a few challenges related to legacy configurations and ensuring proper connectivity to our server assets. With an on-premises software application, we didn’t have to worry about internet accessibility for some of our server nodes. Consequently, we faced issues getting non-internet-connected server endpoints to communicate with the cloud. Luckily, there is a solution for that, but it took some time to get everything functioning properly.

TrendAI Vision One is a large product suite. There are many features that we don't have fully deployed, but the amount of time it took for us to go from on-prem to the cloud for similar services without onboarding anything new that TrendAI Vision One offered was two months for 400 assets, server nodes.

It has reduced our time to detect and respond to threats, but I don’t have a way to quantify that.

I know the pricing for TrendAI Vision One. It's been a while, but it doesn't seem bad. They made some changes to their pricing in the past. It used to be a per-server node pricing structure, but now they do it by credits. I would say it's improved because we can, for the same investment, shift and adjust which capabilities we're leveraging within the platform. It's not super expensive. It's definitely an increased cost over leveraging Microsoft Defender, which we already have the licensing and capability for. We chose to spend money on this as opposed to leveraging a product that we already had, but the cost is fair.

The sensors we're using include the anti-malware products, and we have the EDR sensors deployed on our server endpoints. They have network sensors and other features, but we're not leveraging any of those.

We started onboarding some of our services in the last three or four months to TrendAI Vision One to gain more visibility, so it's early in that adoption. We haven't taken any action based on alerts or notifications from TrendAI Vision One, as we're still in the early stages of getting our third-party services set up and monitored.

TrendAI Vision One hasn't helped us consolidate use of security vendors. This product is solely used for one purpose. We're not leveraging TrendAI Vision One for other areas within IT or at our company, so we haven't reduced silos. We had an opportunity to go with Defender, which would have reduced the number of products we use, but instead we decided to keep using Trend because we did appreciate it. I'm not sure if TrendAI Vision One has helped me to reduce the noise from false positives.

I would rate TrendAI Vision One a nine out of ten.

Our use cases for Trend Vision One are monitoring and alerts.

The biggest challenges we wanted to address with Trend Vision One were securing endpoints and enabling us to quickly respond to incidents or threats. This is the main goal for using this solution.

Trend Vision One has improved the way our organization functions by acting as both a monitoring tool and an antivirus, giving us insight on potential threats and enhancing our response time to security incidents. It is hard to measure the time savings but we save a significant amount of time in responding to potential threats. For example, we don't expect employees to respond to emails, chat, or calls outside of working hours. Trend Vision One has a feature where we can block all access to the laptop or endpoints. It allows us to take immediate action without waiting for the user to respond.

In terms of reducing noise from false positives, unfortunately, some behaviors can be mistaken for bad behaviors, but that isn't the fault of the software itself. It largely depends on how the developers of other applications implement their software and how it is run. We encountered an issue with another software called Rapid7, which periodically runs a command on MacBooks or Apple operating systems. This command, which is quite lengthy, searches for any unsecured credentials or API keys related to GitHub on the laptop. The way the application triggers is significant: it runs under root privileges, executing that command in the terminal for the user. Trend Vision One picks this up as a suspicious command, interpreting it as an attempt to find unsecured credentials. Despite having whitelisted the entire command in Rapid7, Trend Vision One still flagged it. We went back and forth on this issue, but ultimately we decided that it wasn't worth further troubleshooting to silence this alert due to the potential for actual malicious use of such commands. While we could whitelist it, we did not want to risk it being exploited maliciously. In the end, we chose to ignore the alert. They helped us reduce some other noise, but there was some noise that we weren't able to reduce.

Vision One AI has been very useful. All IT people stay up to date with security risks, exposures, alerts, or attacks. Vision One AI helps us explain or understand the alerts and what actions are recommended.

The workbench alerts are something we find very useful, as they help us stay informed about various activities. Not all alerts are positive, but they provide valuable insights into the detection methods and help us understand how certain issues arise. For example, if someone attempts to run a piece of software that encrypts a file, one of our tools, which is used for evidence gathering in surveillance systems, may encrypt the file too quickly. As a result, Trend Vision One may trigger an alert. Although this is a false positive, it still gives us insight into the behavior involved. This allows us to investigate the alert further and provide feedback to the user or development team, letting them know that similar triggers are likely to occur with other security systems or software.

Other useful features include intrusion and mailbox alerts, suspicious unauthorized access, tracing logs, website clicks, and email filtering for bad attachments.

The improvement I have been asking for is an easier way to create MDR requests. Not all alerts that come through Trend Vision One receive an investigation, and we would like the ability to easily request an investigation on lower-scored alerts without logging into the support portal to create a ticket.

I would like to see Trend Vision One and OfficeScan consolidated into one platform. Currently, it is the same space but two different layers. It would be nice to have both combined instead of having two clients.

There is room for improvement when it comes to support.

I've been working with Trend Vision One for three years.

Trend Vision One is stable enough. We don't see many performance impacts on our endpoints, except for when our weekly scheduled scans happen. Our developers express that it limits how freely they can develop, but I personally appreciate the insight it gives us and the actions that allow us to take on our devices.

I would rate their support a six out of ten. We encountered an issue with one of our tools—specifically, Visual Studio. One of our developers faced difficulties debugging code because Trend Vision One was blocking the debugging application or causing it to crash. This problem stemmed from a Windows update, and it took us a month and a half to identify the root cause. After we opened a ticket either at the end of March or early April, we waited several more weeks for a solution. Although the Windows update occurred back in February, we didn’t receive the fix until the end of May. The interaction between Windows and the application played a significant role in the issue, as the debugging application starts the code and injects itself into the running application, which Trend Micro flagged as problematic after the latest Windows update. Fortunately, this issue has now been resolved, but it was indeed a painful experience. Our developers were understandably frustrated that they couldn’t debug code for a month and a half, which impacted our project timelines.

Neutral

The company previously had SentinelOne before my time, and I can say that SentinelOne was not effective. 

We currently use Rapid7 as our Managed Detection and Response (MDR) service. In my experience, both Rapid7 and Trend Vision One serve similar purposes, but they have distinct differences. There are times when Rapid7 provides us with more detailed information, while at other times, Trend Vision One offers greater insights. This is partly because Trend Vision One collects more data from the devices, allowing it to better identify the root causes of alerts compared to Rapid7. 

Additionally, I find that the MDR team at Trend is generally more responsive than that of Rapid7. However, there are some disadvantages as well. For instance, we haven't yet set up cloud monitoring capabilities with Trend Vision One. Rapid7 currently handles our cloud infrastructure monitoring and manages services like Office and Okta. While Rapid7 is equipped to monitor these services, Trend Vision One is not yet at that level. We are exploring ways to enhance its capabilities, and if it can provide the same level of service as Rapid7, we might consider discontinuing our use of Rapid7 altogether.

We use the SaaS solution. I was not involved in the initial setup and deployment process, which occurred prior to my time here, but I have readjusted some policies.

Previously, it was difficult to understand some alerts. However, as time goes by, we differentiate better between them, and the AI feature is an extremely good tool that explains things that are gibberish to the regular user. The learning curve is quite steep.

It has helped us understand some of the alerts that we did not comprehend.

It is an all-around solution that includes various modules for comprehensive security monitoring and alerting. This solution is particularly effective when integrated with other hardware or on-premises solutions, such as Deep Discovery Inspector, which monitors your network.

The interface is adequate, but it is constantly changing. New features are being added, and items are being rearranged almost daily. We might have missed some announcements regarding these frequent updates. As it is an evolving solution, such changes are to be expected. However, there are still features that are buried within menus, which previously required extensive searching to locate. For instance, until last year, isolating endpoints was only possible through the search function. Now, they have added a feature within the endpoint inventory that allows you to select devices and isolate them immediately, rather than having to jump through multiple hoops to access that option.

The application has also become slightly more responsive. Regarding its functionality, the insights it provides are quite useful. The application displays various actions, and you can drill down into alerts to view the execution path associated with them. For example, if an application triggers an alert, you can right-click on that alert and select "Check Execution Profile." This feature shows you where the process started, what actions it took, and where it ended. This improvement is beneficial for understanding how tasks are executed.

I would rate Trend Vision One an eight out of ten.

My use case for TrendAI Vision One is more focused on the XDR.

In my opinion, the best features of TrendAI Vision One are the UI itself, which is very user-friendly. I consider that to be the most intricate part about TrendAI Vision One compared to other XDR platforms.

I use the sensors in TrendAI Vision One, and they are critical for our network coverage. They help us considerably because we are using TrendAI Vision One in the corporate environment, where people come and go. The sensors are very helpful because when you want to release the sensor on a laptop that is not used, you can simply release it.

My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers are very interesting because other solutions do not actually provide a centralized platform to view everything. Trend Micro introduced TrendAI Vision One, which allows all that to be in one central console, enabling you to have all features enabled or disabled based on credits.

TrendAI Vision One helps consolidate my use of security vendors and reduces silos. Currently, we are mainly using the XDR function, but we are also looking at the sandboxing feature. It is a good platform because in our environment, the engineering team uses the XDR function while the Digital Forensic & Incident Response team uses the sandboxing analysis functions, allowing two cross-entities to use one platform for their own tools.

In TrendAI Vision One, an area that has room for improvement is the DLP policy governance, particularly around data leakage protection. I believe the main focus is currently on thumb drives and external drives, but in older environments, we also use CDs and DVDs for read and write functions.

I have been using TrendAI Vision One for approximately eight months in totality.

I would rate the stability of TrendAI Vision One as very stable, giving it a nine out of ten.

In terms of scalability, I would say TrendAI Vision One is a ten out of ten because it is based on credits.

From one to ten, I would rate the technical support that TrendAI Vision One provides as a nine because we are subscribed to premium support.

Positive

I found the deployment of TrendAI Vision One to be very easy; I was very surprised because we had a seamless migration from Apex One.

It took less than a day to implement TrendAI Vision One; in fact, it was completed in just one day.

In my organization, we have a team of five engineers and close to three hundred endpoints using TrendAI Vision One.

I estimate that I have seen approximately fifteen to twenty percent return on investment from using TrendAI Vision One.

Regarding the pricing of TrendAI Vision One, I think it is on the costlier side compared to other solutions due to the functions they offer, but in totality, it is cost-efficient.

I have tested other vendors for endpoint solutions, including Kaspersky and Symantec.

The top security challenges in my industry include finding people who can operate TrendAI Vision One as an operator, and actually, TrendAI Vision One's user interface is so user-friendly that it takes maybe an experienced cybersecurity engineer about two to three weeks to get used to it.

The solution does not require any maintenance in terms of patching because we are on SaaS; we have a proxy, so there is no maintenance for it.

TrendAI Vision One has reduced my time to detect and respond to threats by approximately forty to fifty percent.

It has reduced noise from false positives by approximately twenty percent, which has saved me a significant amount of time.

By switching to TrendAI Vision One, I have reduced my risk by approximately eighty percent.

I would recommend TrendAI Vision One to other users because it is user-friendly and offers good support. I would rate this review a nine out of ten.