TrendAI Vision One Reviews

We're in the retail business, we sell bicycles in physical stores, and our branches are our biggest attack surface. These locations are covered by our overall solution, including sensors and other protection.

We have 49 branches, a headquarters, and a central warehouse. That's about 1,200 users and 1,000 computers. Trend Vision One is used primarily by our IT team. We also integrate with Office 365, Azure, and our on-prem data center.

We use Trend Vision One for consolidated security in hybrid environments. We have both on-premise and cloud data centers, particularly in Azure. The platform consolidates all of that into one view.

Since we started using Trend Vision One, we've been able to enhance our security posture significantly.

Trend Vision One has improved significantly over time in providing centralized visibility and control. It started as a set of individual products, but now it feels like one integrated solution. This reduces the need for interfaces or multiple analysis tools. That's why we pursued the one-platform strategy.

Trend Vision One has definitely helped consolidate our use of security vendors. We previously used standalone products for endpoint and email protection that weren't integrated. Now, we get the benefits of an integrated solution. I'd estimate we're 50–70% better in security now than we were two years ago.

The Cyber Risk Exposure Management (CREM)feature is absolutely essential. Even though we're not critical infrastructure, the NIS2 directive gives us security guidelines. CREM helps us meet these requirements.

It is very important to our organization that Trend Vision One integrates AI into the platform. Pattern recognition in forensic data is no longer manageable by humans due to the volume of events. Machine learning is essential to process these and filter what needs human attention.

Trend Vision One has improved our organization significantly. Security tasks used to be manual. Now, technology prevents issues or supports staff in detecting them. This shift from manual to technical solutions greatly increased our security.

Trend Vision One has reduced the time we spend detecting and responding to threats. I'd say we're 80% faster than before. The platform gives us consolidated data upfront, so we don't have to search for event clues manually.

Trend Vision One has helped reduce false alarms. I'd estimate a 50–60% time saving. We have more alerts now than years ago, but also better systems to handle them, making the whole process more efficient. Trend Vision One has helped reduce our cyber risk overall. We now know where gaps are before they become problems, whereas in the past we had to guess. That's a massive improvement.

When it comes to operations, the CREM solution helps us identify vulnerabilities in systems. If we patch them, they disappear from the reports—this gives us actionable insights, which is incredibly helpful.

It took about half a year to realize the benefits of Trend Vision One after implementation.

The features of Trend Vision One are fine—it's the integration that needs work. Especially at the endpoint level, we still feel like we're using an older product that just got plugged into Trend Vision One. A fully integrated endpoint client is the next step.

My impression of the solution's stability is an eight out of ten.

I'd rate the scalability of Trend Vision One a nine.

The platform scales well. Our growth over the past three years has never caused performance or expansion issues.

The service support for Trend Vision One works well. The service desk and escalations function smoothly.

We used Kaspersky before Trend Vision One and switched due to BSI recommendations.

It took about half a year to realize the benefits of Trend Vision One after implementation. Migration processes took some time, but we quickly started seeing positive results.

A return on investment wasn't our goal with Trend Vision One. The goal was to achieve a high level of security at acceptable costs, not ROI calculation.

The pricing and licensing model for Trend Vision One is fair overall, especially with the good discounts we got. Currently, no extra costs—though we pay a monthly fee that gets converted into credits. I find the credit model non-transparent—you can't always tell how many licenses apply to which product. Trend Micro is working on improving this. We'll renegotiate pricing in 2026.

I joined the company in 2022 and brought knowledge of Trend Vision One with me. Our partner also recommended it, and the pricing and offers were so good that we didn't seriously consider alternatives.

We cover all areas of security with Trend Vision One, except for edge security—we use other firewalls there.

We deploy Trend Vision One sensors at the endpoint and for email, including Office 365, and we're expanding this further. We believe that having all data in one central system gives us better insight than using isolated solutions. That's why we initially looked for a one-platform solution.

In 2025, we can finally recognize risks effectively, especially in Azure, where we previously had to rely solely on Microsoft. With Trend Vision One's support, we can now detect and mitigate risks, especially with our core ERP system running in Azure starting this November.

My advice to others evaluating Trend Vision One is to understand the full value across all modules. Just using endpoint protection doesn't show the platform's real strength. The full benefits come when multiple modules are used together.

My overall rating for Trend Vision One is 8 out of 10.

My main use case for TrendAI Vision One is for endpoint security and XDR, as we need to handle incidents effectively.

TrendAI Vision One provides all the details for incident handling in our bank security operations, such as identifying where a threat is coming from, its impact, and a workbench to manage responses, making it easy to mitigate issues. In my daily work, TrendAI Vision One helps us first on the endpoint by preventing threats, allowing us not to worry about the types of daily updates, which we schedule based on preferences. Additionally, with XDR, we receive all threat events and their impacts, which helps us mitigate cyber risks and create playbooks.

The best features of TrendAI Vision One are its integration capabilities with third-party intelligence such as STIX and MISP, along with collaboration and integration with tools such as Splunk, IBM QRadar, and DSPM and SASE products. The integrations with third-party tools such as Splunk and QRadar help our team significantly; we utilize syslog to gather all endpoint logs and QRadar logs. We simply generate an API and API key to facilitate integration with Splunk or QRadar.

TrendAI Vision One has in-depth analysis and recognition features that provide a diagram of a workbench if a preventive attack is happening or has occurred, allowing me to access all logs and additional information regarding the threat's origin, impact, and mitigation strategies.

TrendAI Vision One has positively impacted our organization by giving us fewer false positive alerts, and with its support, we are securing our environment against upcoming vulnerabilities such as zero-day attacks. Reducing false positives and handling zero-day attacks has streamlined our team's daily workflow and improved our overall security posture. For example, we integrated with Netskope and IBM QRadar, which reduced our workload by decreasing alerts, as QRadar detects genuine files that may have been previously flagged.

I do not have any specific suggestions for improving TrendAI Vision One.

I have been using TrendAI Vision One for three years.

In my experience, TrendAI Vision One is stable.

The scalability of TrendAI Vision One is notably low maintenance, and their support for the agent is long-term. We update the agent quarterly, and their Basecamp services share a data lake, making information gathering effortless.

The customer support for TrendAI Vision One is very good. We create a case, and Trend support connects remotely, typically within twenty-four hours.

Previously, we used Sophos, which was very bulky and caused slowness issues, prompting us to switch to TrendAI Vision One.

The setup cost is reasonable, and the licensing is relatively low.

We have directly purchased TrendAI Vision One from Trend Micro and did not acquire it through the AWS marketplace.

We have seen a return on investment because it is easy to use. One agent installed on the endpoint saves both money and time, as we only need L1 engineers to support the endpoints, reducing the number of employees needed to manage them.

In my opinion, the pricing for TrendAI Vision One is somewhat high.

Before choosing TrendAI Vision One, we evaluated other options such as SentinelOne and CrowdStrike.

I rate TrendAI Vision One a ten out of ten. Most importantly, I chose ten out of ten because it is easy to control and install the product, and the support from Trend engineers is exceptional along with the help we receive from salespersons. I advise those looking into using TrendAI Vision One to consider it seriously, as it offers XDR features, endpoint security features, and ZTNA features, eliminating the need for multiple agents or plugins. TrendAI Vision One is a very good solution that is easy to use. Their knowledge-based articles are extremely helpful, allowing us as techies to troubleshoot issues independently without always relying on senior staff or support.

We use TrendAI Vision One as a web proxy to block and allow users to access web pages. We are a customer and an end user.

The best feature about TrendAI Vision One is the GUI; the platform is very user-friendly. The GUI of TrendAI Vision One is amazing and very useful, simple to understand, and simple to configure and learn. It saves my time and money, reducing approximately 20% of my time. AI in TrendAI Vision One was very important. If we integrate AI in TrendAI Vision One, it will provide more detail; all the data can be fetched from the internet to provide detailed network scalability and threats details, vulnerability scans, and port scans. It would be very good if the OEM integrates AI in TrendAI Vision One.

Stability can also be improved. Sometimes when we perform user management or when we go to log in to create the user, there will be some lagging on the network or it will automatically log out, and then we have to log in again on the web page.

When I tried to explore the web gateway and the email gateway, they are present under some options. If they can be provided in a simple interface, it will be very beneficial for the users and end users to understand and configure TrendAI Vision One.

I have used TrendAI Vision One for approximately five to six months, and I have used it in the past 12 months.

I will rate the stability at six to seven.

I will rate scalability at eight or nine, around eight.

Technical support for TrendAI Vision One was perfect; I will rate it at nine.

Positive

The ROI is around 10 to 15%.

The pricing of TrendAI Vision One is moderate.

In comparison to other vendors, the GUI is perfect; it is cost-effective and easy to understand and easy to operate. Overall, the comparison is good for TrendAI Vision One.

TrendAI Vision One provides overall network performance, such as CPU utilization, how many ports are open in the network, and how we can configure the attack in the network. Blind spots in the network can be identified through the platform.

The centralized visibility was also good; we can manage all things in a simple GUI management. It can be consolidated within a hybrid environment.

I would recommend everyone to use TrendAI Vision One because it is the simplest GUI management; a network engineer with one year of experience can also manage TrendAI Vision One, and it can be deployed in any environment such as AWS, Azure, GCP, and also in a hybrid model.

TrendAI Vision One provides detailed network performance, CPU utilization of devices, and malware functions in the devices; it is all the details in one simple GUI where we can manage it, and we can see which end user and which end system is at risk, which is not, and which has updated the antivirus or not. I rate TrendAI Vision One at eight overall. My review rating for this product is seven.

My use case is to monitor my entire infrastructure, investigate the latest vulnerabilities, identify loopholes, and monitor live threat detections to mitigate these threats.

TrendAI Vision One's best features are the ESRM and its email gateways, along with its playbooks, which are useful for testing any threat or vulnerability.

It helps in identifying blind spots by providing comprehensive knowledge about risk assessment and a method to compare our organization with others, allowing us to understand our current stage in cybersecurity.

TrendAI Vision One needs to work on its logging system as the logging systems are very complex, and they need to reform their logs in a more informative way.

I have been using TrendAI Vision One for the last three years.

I would rate the stability an eight.

I would rate the scalability a nine.

Their response rate is approximately 80 to 90%, and they mitigate the issue.

I would rate the technical support a nine.

Positive

I compare TrendAI Vision One with Trellix and Kaspersky, and compared to both of these, TrendAI Vision One is very useful with one-window operation and is a market-gaining product.

The deployment is easy and very moderate, taking approximately one month.

It was a partner purchase.

The ROI is positive, and I see a reduction of 100%.

TrendAI Vision One is not so expensive; it is very moderate.

TrendAI Vision One is very effective and very market competitive, which is why we are using it.

I will definitely recommend this product because of its deep knowledge and deep features, such as ESRM, playbooks, and other email gateways.

We have approximately 50 users.

I do use TrendAI Vision One sensors, and they totally cover our network as we are using network sensors and service gateways to scan the whole network and gather information about our loopholes, mitigations, and vulnerabilities with respect to the latest CVEs.

I give this product a rating of 9.

My main use case for TrendAI Vision One is XDR security in our AWS environment for our EC2 instances, and I'm hoping to accomplish effective security measures with it.

The best features TrendAI Vision One offers are the dashboard, reporting, and the customer service experience, specifically the customer service experience.

What makes the customer service experience stand out is that the onboarding process was exceptionally smooth. John, our account manager, was able to coordinate us with a technical resource to help with a white-glove onboarding process to ensure that our migration from Trend Micro Cloud One to Vision One was smooth and successful.

TrendAI Vision One has impacted my organization positively, and it's our XDR solution, so it works as intended.

Having TrendAI Vision One as my XDR solution has helped my team significantly. The Sentinel integration is a huge help for allowing us to detect and respond to events in our AWS environment.

I cannot think of anything that TrendAI Vision One can be improved.

I have been using TrendAI Vision One for about a week.

TrendAI Vision One is stable. I have experienced minimal issues with reliability or downtime.

TrendAI Vision One's scalability is excellent. It can handle my organization's growth and changing needs.

The customer support is exceptional. Working with their technical resource, Victor, was fantastic, and I am very happy with the customer service that we experienced from both Victor and John.

I would rate the customer support exceptionally high on a scale of one to ten.

Positive

I did not previously use a different solution before TrendAI Vision One.

I have seen a return on investment. I have been a Trend Micro customer for years and I continue to see value in their platform and have used it at several jobs.

My experience with pricing, setup cost, and licensing was very easy. Our enterprise account manager, John, made all of that very easy, as he was able to send me the private offer, walk us through accepting it inside of the AWS Marketplace, and helped us cancel our existing subscription.

Before choosing TrendAI Vision One, I evaluated other options. I considered Microsoft Sentinel and Microsoft Defender.

The advice I would give to others looking into using TrendAI Vision One is to try it.

I rate TrendAI Vision One an 8 out of 10.

We use TrendAI Vision One for our endpoint protection in our data center, mostly focused around our server assets, and we do anti-malware, intrusion prevention, as well as firewall, host-based firewall capabilities.

The ease of configuration, customization, and organization are what I appreciate the most about TrendAI Vision One. 

It is a bit slow to implement kernel support on the Linux side. When doing patching and upgrades on our Linux servers, we often find that the Trend agent doesn't support the kernel version. It's usually not far behind, but we often are in a position where we may not be properly protected for a period.

We started using Trend Deep Security, which was the product prior to TrendAI Vision One, seven or eight years ago, and then we transitioned to TrendAI Vision One two years ago. While we have been using TrendAI Vision One proper for two years, we had essentially the same product in an on-prem version for seven or eight years.

We've had performance issues with the agents of TrendAI Vision One at odd times, but I wouldn't say it's been a widespread issue or a common issue. Once in a while, there have been things that we've attributed to Trend.

The scalability of TrendAI Vision One seems infinite. We're not a huge organization, so we haven't really run into any limitations, but it appears it can scale to accommodate and serve any of our purposes.

The quality of support for TrendAI Vision One is generally very good. If we have any issues with support, we can leverage our sales engineer for support or escalation. I really haven't had any concerns. I have contacted the technical support or customer support via phone number or ticket.

Positive

We have used Microsoft Defender, Sophos, as well as McAfee as alternatives to TrendAI Vision One. I prefer TrendAI Vision One more compared to those alternatives.

We transitioned from our on-premises Deep Security deployment to Vision One, and the process was relatively smooth. However, we encountered a few challenges related to legacy configurations and ensuring proper connectivity to our server assets. With an on-premises software application, we didn’t have to worry about internet accessibility for some of our server nodes. Consequently, we faced issues getting non-internet-connected server endpoints to communicate with the cloud. Luckily, there is a solution for that, but it took some time to get everything functioning properly.

TrendAI Vision One is a large product suite. There are many features that we don't have fully deployed, but the amount of time it took for us to go from on-prem to the cloud for similar services without onboarding anything new that TrendAI Vision One offered was two months for 400 assets, server nodes.

It has reduced our time to detect and respond to threats, but I don’t have a way to quantify that.

I know the pricing for TrendAI Vision One. It's been a while, but it doesn't seem bad. They made some changes to their pricing in the past. It used to be a per-server node pricing structure, but now they do it by credits. I would say it's improved because we can, for the same investment, shift and adjust which capabilities we're leveraging within the platform. It's not super expensive. It's definitely an increased cost over leveraging Microsoft Defender, which we already have the licensing and capability for. We chose to spend money on this as opposed to leveraging a product that we already had, but the cost is fair.

The sensors we're using include the anti-malware products, and we have the EDR sensors deployed on our server endpoints. They have network sensors and other features, but we're not leveraging any of those.

We started onboarding some of our services in the last three or four months to TrendAI Vision One to gain more visibility, so it's early in that adoption. We haven't taken any action based on alerts or notifications from TrendAI Vision One, as we're still in the early stages of getting our third-party services set up and monitored.

TrendAI Vision One hasn't helped us consolidate use of security vendors. This product is solely used for one purpose. We're not leveraging TrendAI Vision One for other areas within IT or at our company, so we haven't reduced silos. We had an opportunity to go with Defender, which would have reduced the number of products we use, but instead we decided to keep using Trend because we did appreciate it. I'm not sure if TrendAI Vision One has helped me to reduce the noise from false positives.

I would rate TrendAI Vision One a nine out of ten.

Our use cases for Trend Vision One are monitoring and alerts.

The biggest challenges we wanted to address with Trend Vision One were securing endpoints and enabling us to quickly respond to incidents or threats. This is the main goal for using this solution.

Trend Vision One has improved the way our organization functions by acting as both a monitoring tool and an antivirus, giving us insight on potential threats and enhancing our response time to security incidents. It is hard to measure the time savings but we save a significant amount of time in responding to potential threats. For example, we don't expect employees to respond to emails, chat, or calls outside of working hours. Trend Vision One has a feature where we can block all access to the laptop or endpoints. It allows us to take immediate action without waiting for the user to respond.

In terms of reducing noise from false positives, unfortunately, some behaviors can be mistaken for bad behaviors, but that isn't the fault of the software itself. It largely depends on how the developers of other applications implement their software and how it is run. We encountered an issue with another software called Rapid7, which periodically runs a command on MacBooks or Apple operating systems. This command, which is quite lengthy, searches for any unsecured credentials or API keys related to GitHub on the laptop. The way the application triggers is significant: it runs under root privileges, executing that command in the terminal for the user. Trend Vision One picks this up as a suspicious command, interpreting it as an attempt to find unsecured credentials. Despite having whitelisted the entire command in Rapid7, Trend Vision One still flagged it. We went back and forth on this issue, but ultimately we decided that it wasn't worth further troubleshooting to silence this alert due to the potential for actual malicious use of such commands. While we could whitelist it, we did not want to risk it being exploited maliciously. In the end, we chose to ignore the alert. They helped us reduce some other noise, but there was some noise that we weren't able to reduce.

Vision One AI has been very useful. All IT people stay up to date with security risks, exposures, alerts, or attacks. Vision One AI helps us explain or understand the alerts and what actions are recommended.

The workbench alerts are something we find very useful, as they help us stay informed about various activities. Not all alerts are positive, but they provide valuable insights into the detection methods and help us understand how certain issues arise. For example, if someone attempts to run a piece of software that encrypts a file, one of our tools, which is used for evidence gathering in surveillance systems, may encrypt the file too quickly. As a result, Trend Vision One may trigger an alert. Although this is a false positive, it still gives us insight into the behavior involved. This allows us to investigate the alert further and provide feedback to the user or development team, letting them know that similar triggers are likely to occur with other security systems or software.

Other useful features include intrusion and mailbox alerts, suspicious unauthorized access, tracing logs, website clicks, and email filtering for bad attachments.

The improvement I have been asking for is an easier way to create MDR requests. Not all alerts that come through Trend Vision One receive an investigation, and we would like the ability to easily request an investigation on lower-scored alerts without logging into the support portal to create a ticket.

I would like to see Trend Vision One and OfficeScan consolidated into one platform. Currently, it is the same space but two different layers. It would be nice to have both combined instead of having two clients.

There is room for improvement when it comes to support.

I've been working with Trend Vision One for three years.

Trend Vision One is stable enough. We don't see many performance impacts on our endpoints, except for when our weekly scheduled scans happen. Our developers express that it limits how freely they can develop, but I personally appreciate the insight it gives us and the actions that allow us to take on our devices.

I would rate their support a six out of ten. We encountered an issue with one of our tools—specifically, Visual Studio. One of our developers faced difficulties debugging code because Trend Vision One was blocking the debugging application or causing it to crash. This problem stemmed from a Windows update, and it took us a month and a half to identify the root cause. After we opened a ticket either at the end of March or early April, we waited several more weeks for a solution. Although the Windows update occurred back in February, we didn’t receive the fix until the end of May. The interaction between Windows and the application played a significant role in the issue, as the debugging application starts the code and injects itself into the running application, which Trend Micro flagged as problematic after the latest Windows update. Fortunately, this issue has now been resolved, but it was indeed a painful experience. Our developers were understandably frustrated that they couldn’t debug code for a month and a half, which impacted our project timelines.

Neutral

The company previously had SentinelOne before my time, and I can say that SentinelOne was not effective. 

We currently use Rapid7 as our Managed Detection and Response (MDR) service. In my experience, both Rapid7 and Trend Vision One serve similar purposes, but they have distinct differences. There are times when Rapid7 provides us with more detailed information, while at other times, Trend Vision One offers greater insights. This is partly because Trend Vision One collects more data from the devices, allowing it to better identify the root causes of alerts compared to Rapid7. 

Additionally, I find that the MDR team at Trend is generally more responsive than that of Rapid7. However, there are some disadvantages as well. For instance, we haven't yet set up cloud monitoring capabilities with Trend Vision One. Rapid7 currently handles our cloud infrastructure monitoring and manages services like Office and Okta. While Rapid7 is equipped to monitor these services, Trend Vision One is not yet at that level. We are exploring ways to enhance its capabilities, and if it can provide the same level of service as Rapid7, we might consider discontinuing our use of Rapid7 altogether.

We use the SaaS solution. I was not involved in the initial setup and deployment process, which occurred prior to my time here, but I have readjusted some policies.

Previously, it was difficult to understand some alerts. However, as time goes by, we differentiate better between them, and the AI feature is an extremely good tool that explains things that are gibberish to the regular user. The learning curve is quite steep.

It has helped us understand some of the alerts that we did not comprehend.

It is an all-around solution that includes various modules for comprehensive security monitoring and alerting. This solution is particularly effective when integrated with other hardware or on-premises solutions, such as Deep Discovery Inspector, which monitors your network.

The interface is adequate, but it is constantly changing. New features are being added, and items are being rearranged almost daily. We might have missed some announcements regarding these frequent updates. As it is an evolving solution, such changes are to be expected. However, there are still features that are buried within menus, which previously required extensive searching to locate. For instance, until last year, isolating endpoints was only possible through the search function. Now, they have added a feature within the endpoint inventory that allows you to select devices and isolate them immediately, rather than having to jump through multiple hoops to access that option.

The application has also become slightly more responsive. Regarding its functionality, the insights it provides are quite useful. The application displays various actions, and you can drill down into alerts to view the execution path associated with them. For example, if an application triggers an alert, you can right-click on that alert and select "Check Execution Profile." This feature shows you where the process started, what actions it took, and where it ended. This improvement is beneficial for understanding how tasks are executed.

I would rate Trend Vision One an eight out of ten.

We are currently working with Trend Micro as a partner, managing multiple OEMs like Trend Micro and Trellix. TrendAI Vision One is a managed single centralized management console. We are using multiple Trend Micro products and managing them through TrendAI Vision One.

When customers use multiple security solutions in their environment such as email security, EPP, endpoint security, NDR, and data security posture management (DSPM), we manage everything through TrendAI Vision One console for Trend Micro products, while integrating with third-party security tools such as firewalls and Microsoft to capture telemetry and metadata from both sides. TrendAI Vision One then correlates this data and shows us the observed attack techniques, along with options for sandboxing ransomware file samples through TrendAI Vision One.

TrendAI Vision One gathers risk management information such as risk scores at the OS level, account level, and domain level through the endpoint agent that monitors all machines for vulnerabilities. The CREM shows us vulnerabilities at the OS level, application level, and cloud application level while highlighting how we will remediate and mitigate loopholes in our environment or customer environment.

TrendAI Vision One also helps us with consolidated management, but there is a need for improvement if the customer has multiple branches and their IT admin is location-wise. We require location-wise console segregation in TrendAI Vision One, but there are gaps in policy management that hinder that, as all branch IT admins see all policies in the console despite needing to segregate them by location.

There are support challenges when we are using TrendAI Vision One console. If a customer needs a remote session with support, they generate multiple queries and logs, which we escalate to Trend Micro management for remote support, and aligning with remote support becomes a significant challenge.

When dealing with 10,000 users of EPP with the XDR solution, there are complication issues due to the agent size being between 500 and 700 MB, which hampers our ability for mass deployment through Active Directory. We do use hybrid solutions and cloud solutions in TrendAI Vision One, and face challenges only with mass deployment regarding sizing.

We have been using TrendAI Vision One for over four years.

There are no glitches, and TrendAI Vision One is scalable and stable.

We are not currently facing any risks as TrendAI Vision One platform manages multiple Trend Micro products within a single management console.

Support is low. When we raise a ticket for P0 or P1, the response tends to be quite late.

We are working with Trend Micro, CrowdStrike, and Trellix.

After sharing Trend Micro pricing with the customer and understanding their budget, we chase the Trend Micro OEM sales person to reduce the price given the budget that the customer has, and hopefully Trend Micro sales representatives manage and close these deals.

In terms of price and technical solution, the security solutions provided by TrendAI Vision One stand out as the best offering. Time to action for delete and quarantine is crucial, and it is approximately ten percent.

We are not experiencing any noise on their side, and thus TrendAI Vision One solution is working smoothly in multiple organizations, which helps us reduce attack risks. The overall review rating for this solution is eight out of ten.