TrendAI Vision One Reviews

I use the solution primarily for EDR. The top challenges in our industry are the accuracy of the detections and the visibility of alerts and events.

We are accessing it via the cloud, and we are monitoring the endpoints and cloud servers. 

Vision One provides centralized visibility and management across protection layers, which is critical for tracking threats, viewing vulnerable assets, and understanding the overall security posture of the organization.

Vision One helps me a lot when it comes to reporting. The reports are very detailed and informative. There are recommendations and analyses of how to mitigate threats. We have comprehensive visibility.

The executive dashboards are very helpful for us in assessing our security posture. We can see what needs to be prioritized and mitigated first.

The risk index feature helps us make security improvements and implement security policies. It helps to have robust security.

Vision One helps to harden security controls and policy implementations.

Vision One improves our organization's security posture by allowing us to apply more robust security controls, implement security policies, and improve the security culture. The centralized visibility enables more efficient security operations.

Vision One makes it convenient to assess and mitigate or block threats across the organization. The XDR is collecting data from more than one client or company and correlating it. The XDR detects the loopholes or vulnerabilities of the system. It uses MITRE ATT&CK techniques to identify and respond to cyber threats or vulnerabilities.

Vision One improves our security posture because we can patch any vulnerable machines that are prone to risks and attacks.

Vision One has decreased our time to detect and respond to threats by 50%.

We use automation capabilities, especially when there is a breach or a risk activity with the user or the endpoint. It helps us by isolating devices automatically. This automation saves us about 20% of the time.

I love everything about the solution, especially the XDR features, the attack surface management, and the workbench alerts. It oversees vulnerabilities among the system and devices, prioritizing areas that need patching.

When I started working with it, I knew nothing about this solution. I found it very user-friendly and easy to understand.

There are limitations in terms of threat response actions. 

I have been using Vision One since December 2022. It has been about two years.

There are some errors with the solution. I would rate the stability a seven out of ten.

It is scalable. I would rate the scalability of the solution as eight out of ten.

We have clients of various sizes. Our clients are small, medium, and large organizations.

The customer service or technology is responsive, but they take a minimum of one day, and up to three days, which is too long.

Positive

I previously used Azure Sentinel. Vision One is an advanced solution compared to Azure Sentinel. I prefer Vision One because of the convenience and easy correlation.

The initial setup is complex due to the various cloud resources that we have. We have workstations, servers, etc. Its implementation can be simplified.

It did not take us very long. We migrated from Apex One to Vision One. It did not take long.

It provides returns on investment by saving about 50% of time, money, and resources.

I find it to be a cost-efficient platform.

I would recommend this solution. It helps a lot when it comes to security. It covers endpoint security, email security, web security, and data leak prevention. It has everything.

I would rate Vision One a nine out of ten.

Trend Vision One has advanced sensors that collect telemetry from various sources like endpoints, email, and network. Workbench then correlates data to provide visibility across the entire environment. If there is any virus in the environment, it correlates the information, shows where it started, who the user is, and how it traveled through the environment, thus providing complete visibility and infrastructure correlation.

Trend Vision One consolidates security and saves time.

Trend Vision One is a cybersecurity platform in which Trend Micro has integrated every kind of solution. You have an MDR solution. You have an email security solution. You have endpoint protection. You have server protection. You have EDR. You get everything in one console, whereas vendors like Kaspersky and CrowdStrike do not have only one console. With Trend Vision One, you get all the solutions in one web console or platform. 

It helps with faster response. You have telemetry from different sources, which makes it easy to do analysis and respond. Its automation capabilities help to isolate endpoints and respond. You can respond in multiple ways. You can revoke permissions or terminate any process. You can isolate an endpoint. You can run a script. You can automate in different ways and integrate scripts, playbooks, etc. It saves time.

Centralized visibility is valuable. We can view what kind of virus or threat exists, where it has traveled, and how it started. A security analyst can use just this one console to view all the information.

Another valuable feature is its automation capabilities, which help in responding to any kind of alert swiftly.

Currently, there is nothing specific that needs improvement. Their support is very cooperative, and they provide an educational portal for learning the solution. However, deployment could improve by considering customer environments that are not fully updated.

I have been working with Trend Vision One for the last six months.

When I contacted Trend Micro support, they were very cooperative and quick in resolving and remediating any issues. I would rate their support a nine out of ten.

Positive

I have worked with Kaspersky, which offered only a single solution and not a fully integrated console. Kaspersky had multiple options but did not provide the same level of centralized visibility as Trend Micro. Kaspersky has graphs for visibility whereas Trend Vision One has both graphs and Workbench. Workbench provides a wider overview, whereas, with Kaspersky, you can only see a sketch of where a virus started or where it ended. Trend Vision One tells you how and through which user a virus came into your environment and how it traveled through your infrastructure.

There is a big difference in the price. Trend Micro solutions are more expensive than others.

It can be a bit complex. Trend Micro has a requirement that endpoints should be fully updated. In customer environments that are not connected to the Internet, that can be an issue. Trend Vision One is a cloud platform. If the endpoints are not updated, you can have multiple errors when you deploy the agents. We find such issues in customer environments.

The initial deployment time depends on the infrastructure. It took us about a month to cover 1,000 endpoints and 200 servers.

Trend Micro solutions are very expensive compared to other solutions. Even though everything is in one console, each feature requires a separate license.

If you do not have any compliance regulations preventing you from using a single vendor, I recommend adopting Trend Micro's cybersecurity platform for full security coverage and reduced management time.

The Risk Index feature helps with the attack surface and risk management. It detects vulnerabilities in your environment and calculates the risk in your environment, but I have not yet used this feature.

When you deploy such a solution in your environment, there is always a huge amount of false positives. The false positive rate depends on how your security engineer has done the configuration. After some time, the false positive rate reduces. The reduction in the false positive rate depends on your infrastructure. If you have a huge infrastructure, it would take some time. It also depends on your security resources who work on this solution. If you have only one person, it can take about six months, but if you have a team of five security people, it would take about a month.

I would rate Trend Vision One a nine out of ten.

We use Vision One XDR for our endpoint security. Our company has nearly 4,000 users. We have endpoint cybersecurity agents for which we can use XDR. 
Trend Micro has multiple subscription licenses for individual Vision One components. There are also licenses for XDR for endpoints. We have adopted four packages from Trend Micro: endpoints, workload security, mobile security, and email security gateway.  

We didn't realize the benefits immediately after deploying the solution, but we saw results quickly. When you install Vision One, the policies are set to the default setting. It scans your machines, and you get alerts if someone is attacking, there's a vulnerability that must be patched, or there's a Trend vulnerability you're patching somewhere.

It has reduced our detection time. The detection is quite fast, but the response at the SOC level might take time. Vision One can be used to conduct analysis first. It reduces the investigation time because Trend Micro has an advantage in Pakistan. They have local technical resources deployed here. Organizations can get heavy false positives, but Trend Micro can help you define the policies accurately.

Our primary focus is DLP, and Vision One has solid DLP features. We also use URL filtering and device blocking, and there's telemetry for identifying exploitable vulnerabilities.

It offers us centralized visibility. That's the advantage of Vision One's unified platform with data lake capabilities. They pull telemetry data from the endpoints, network devices, and cross-layered architecture, and Vision One performs filtering and analysis.

Additionally, Trend Micro can integrate third-party tools, such as Fortinet, Cisco, or any other vendor's firewall, to get the logs and alerts from them. Vision One is much more capable in that way.

Having that centralized visibility has improved our efficiency. The organization has multiple tools segregated into separate windows that give you a particular type of visibility. Multiple SOC team members can view the same window. The beauty of Trend Micro is its ability to integrate all of the systems in one cloud platform, right, in terms of Vision One. From your workbench, you can easily monitor and centrally manage alerts. My SOC team is happy with it. 

The risk index feature is a rich view that rates any alert on a scale of 1 to 100 and classifies it as internal or external. Few OEMs can provide that sort of capability. The index ratings provide a window into device health and how alerts can be resolved. 

The attack surface management is a fantastic feature with a proactive approach. Normally, organizations do pen testing quarterly or once a year, but attack server management proactively checks user authentication or changes in your environment. 

Vision One's functional capabilities are excellent, but the platform can be upgraded and simplified in many ways. We use multiple playbooks to automate many things, but I'm not sure there are mature cybersecurity applications. There are several external alerts, and their behavior changes daily, so I'm not sure automation can help you that much. We're using the playbooks, but it might require some improvement.

We have used Vision One for two and a half years. 

I rate Trend Micro support eight out of 10. They stick to the SLA and respond on time. They are cooperative and supportive. I'm very satisfied.

Positive

We have evaluated multiple vendors, and Trend Micro is among the best. You cannot have a typical apples-to-apple comparison. There are a lot of things which we need to compare. Other tools may not be at the network level or have the third-party integration that Vision One has.

Deploying Vision One is easy. You can deploy it with a few clicks and configure the policies or use the default ones. It's flexible and user-friendly, and there are no headaches. The deployment time depends on your environment. If you have thousands of endpoints, it takes some time, but it's just a few minutes if you have a couple. 

Trend Micro is pricey, but it has more capabilities than a standard XDR, so the customers consider it reasonable. The market has accepted it. Trend Micro has a 64 percent share. 

I rate Trend Vision One nine out of 10. 

I primarily use the solution to prevent attacks. 

It's good for detecting malware and anomalies. We use it on our endpoints. 

The user interface is very good. Everything is all on one single platform.

With this product, we get centralized visibility and management across all of our protection layers. With a central platform, we don't have to look around across different websites or platforms. We can go right on the portal and manage things. It also helps us reduce the learning curve. We can manage and monitor products from the same place instead of learning different platforms. It's also helped us increase efficiency.

We have made use of the executive dashboard. It greatly increased visibility. We get a risk management view and metrics that help us narrow down and find issues. It helps us reduce risks. The risk index feature gives us a score to help us in our security goals. With it, we know what's the baseline or standard, so now we know what we need to do in order to meet the standards out there in the industry. We can see everything we need to in one glance. 

It's kept up to date and is consistently improving. This helps us protect our environment. 

The patch management has been very useful. They help recommend what needs to be installed.

We leverage the attack surface risk management capabilities. It shows the entire incident, including how it happened. We can use the information when we're doing forensics.

We've been able to reduce our mean time to detect and mean time to respond. What would previously take us two to three hours to fix, we can do in one hour or even half an hour. We've also been able to reduce the amount of time we spend investigating false positives. 

We'd like to see more use of AI around analytics and controls. 

I've been using the solution for five years. 

The stability is good; I'd rate it eight out of ten.

We're a small-to-medium-sized company. We have it deployed to less than 5,000 users. 

I'm not sure of the scalability. It works for us and our company size.

Support is okay. They could be more responsive and could provide more communication channels. 

Positive

We did not previously use a different solution. 

I'm more of an end-user. I do not handle the installation aspect. The deployment was done a long time ago. 

The tool does not require much maintenance. 

I'm not familiar with the exact pricing of the solution. My understanding is the licensing is reasonable. 

I'm an end-user and customer. 

I'd rate the solution eight out of ten. It has very good management and monitoring benefits. 

Our biggest security challenge was the number of alerts. It has helped with the reduction in alerts. We had too many alerts in the past that were false positives. The reduction in alerts was definitely a big benefit to us.

With Vision One, we have a platform view and all alerts go to one place. It gives us a much better understanding.

We definitely have better visibility. We can now detect things that we could never detect in the past using traditional AV platforms. That is definitely the biggest benefit. The second one is the risk score where we can see where the risk is in the business, and we can actively call and address it.

We use it on all of our endpoints. We use it on our cloud, on our email, M365, SharePoint, and OneDrive. We have been using it pretty much everywhere.

Vision One provides us with centralized visibility and management across protection layers. It is critical to us. Without it, our staff has to work harder because we are in multiple dashboards, and we do not have a giant picture between the systems and the security layers. Vision One connects it all together for you, and it can show us an attack from start to finish. It allows us to defend that much better.

Vision One has definitely increased our efficiency by reducing the number of alerts and correlating them. It is almost impossible to put a real number on it, but we definitely see things that we could not detect without it. There is probably 50% efficiency.

We use the Executive Dashboards. It is important to us that we can drill down from the Executive Dashboards into XDR detections.

We use the Risk Index feature. We look at the highest risks to the business, and we actively address those risks. There is a little bit of gamification with it. We have engineers looking to reduce the overall score of the business. They are targeting the biggest risks that Vision One has given us and that are most likely to be exploited. By addressing that, we reduced our risk score, and, as a side effect of that, we improved our business' security posture.

We use the Attack Surface Risk Management capabilities. We can see what is being actively exploited in the wild, and if we see some of that in our perimeter, we are going to do that straight away. We have full visibility of what is vulnerable, which allows us to prioritize.

Trend Micro XDR has helped to decrease our time to detect and respond to threats. With the combined visibility of Vision One, we get a lot of better-quality reports. In the past, with products like SIEM, we used to get a lot of noise. We would get thousands of alerts that were never risks to us, whereas XDR is all joined together. It gives you a much more confident data set, and from our data set, we can then start addressing the real risks to the business, which we have never been able to do in the past. It is the primary driver for business change. We get great visibility and high-quality alerts. We never measured the time to detect in the past, but I know that we are now detecting things within an hour or so, whereas in the past, it might be in hours if not days. We would have never detected some of the things in the past because we did not have a tool to do it.

Vision One has helped to reduce the amount of time we spend investigating false positive alerts. It has saved a lot of time. Traditional tools give you completely out-of-context alerts, which take time. We had thousands of alerts to look at, but 99% of them were just false positives. People sat on those alerts all day long that were never going to be an issue for us. When you get an XDR and Vision One in place, you start getting good-quality alerts. It just frees up countless amounts of time, but I cannot give a number.

We use its automation capabilities. Some of the playbooks have saved us days. They have taken action without the security being involved. 

It is definitely the center of our detection and response these days. We are seeing things that we have not seen before or never detected with other tools. It has made us far more aware of what is on our estate. It provides better visibility and allows the threat detection team to stop anything that might even be a suspect well in advance. It has definitely improved our response times.

I like the workbench. It is a view of all the alerts or problems in your estate. The visibility that it provides to engineers is very useful. It is one thing having lots of alerts. It is another thing to have something to correlate all your alerts into a workbench for you so that you can see what is going on. 

Integration is very good. There are lots of integrations. There are third-party products that we use, so the integrations are beneficial.

Within five minutes, even a new engineer can understand how to use it. It is very intuitive. You can easily learn how to use the platform and get the most from it. 

It is very good. It is very simplistic to learn. It is very intuitive to learn. We do not spend a lot of time training the staff on how to use it. They can just pick it up and use it themselves quite well.

On the reporting side, we use quite a lot of reports and dashboards. This visibility is very beneficial.

Playbooks are very good, but on the automation side, they could always improve. Having more variables within the playbook would be useful. It would allow us to have more refined playbooks for the business. It would allow us to take stronger action through a playbook. It will give us confidence to target a particular area of business where our risk tolerance might be higher or lower. We would like to have more granular playbooks.

Further integrations with other products are always beneficial.

I have been using it for four years.

It has never been down for us, so it is very stable. I would rate it a ten out of ten in terms of stability.

We have never had any scale issues. It has been absolutely fine. I would rate it a ten out of ten for scalability. 

Their support is great. Whenever I have called them, the support teams have always been fast to respond. They are always helpful and willing to talk by email, phone, or WebEx. The escalations are always good as well. If we need further support, they are always there to promote that.

I would rate their support a ten out of ten. I do not think it can be improved. It is excellent.

Positive

We had a SIEM from LogRhythm. We almost replaced that entirely. We went for Trend Micro for a lot of reasons. The product was definitely the number one reason. It went through some rigorous testing with us, and we proved it to be very good and helpful to the business. Trend Micro's support model from their sales and delivery and their pricing model just worked for us. They were a good fit with our business.

Deployment on the cloud is always easy. Deploying the agents to the endpoints can take time due to the size of your estate, but it is not a Trend Micro issue. It is purely down to the size of your environment. If you have 1,000 endpoints, it is not going to take as long if you have 100,000 endpoints. It is just a bit of a scale thing. You have got to deploy it out. It is not the worst deployment we have ever seen.

It is fairly straightforward. Cloud-to-cloud gets done in minutes. With all such tools, it is always about how long it is going to take the IT team to deploy the agents to all of their endpoints. It was not a massive issue for us.

We spent a few months getting it working.

We had about four people for implementation and maintenance. We had about 11,000 endpoints. We have offices around the world. We have the UK, India, Canada, Australia, and many others. We have a full global team there. 

In terms of maintenance, the cloud does not require maintenance. The rest of it is about looking at the agents in terms of how the agents work, how they are deployed, and whether they are doing what we are expecting.

We do not calculate return on investment as such, but we have detected things that we may never have detected in the past. Those things could have turned into an actual real attack. We have probably saved far more than the cost of the system by not having an attack. The cost of being attacked, being exploited, having downtime, and reputation damage would be huge. It easily pays for the product.

It is definitely not cheap. I do believe you get what you pay for to some degree. It is cost-effective. The money we spend on it is justifiable. It is not the most expensive product in the market. It is definitely not the cheapest product in the market. You have got to weigh that off as part of your business risk and understand what the risk to the business is if you do not spend and invest in modern tools like Vision One.

I would definitely recommend this product. We would not be without it. I would definitely recommend doing a proof of concept in your environment. Once you have done that, you will realize the value of it, and once you realize the value of the tool, there is no going back. You would have to purchase it.

I would rate Trend Vision One an eight out of ten. They have room for improvement, but that is not at all unusual. It is still very good, and we would not want to get rid of it any time soon.

We use Vision One for antivirus, endpoint protection, and identifying misconfigurations in our cloud platform. It secures our servers and endpoints and detects any sort of malicious software or inappropriate user behavior. It's a cloud solution with agents on the machines for endpoint protection. 

Vision One gives us more insight. When we implemented the solution, we didn't have a mature security platform, so we couldn't see what was happening on our servers or what our users were doing. It has decreased our time to detect and respond. Initially, we didn't have as much insight into any attacks that came through. It gives us more data points to work with and guidance about the remediation efforts. We aren't dealing with eight or nine different systems to identify one issue. It's all centrally located in one place.

Their Managed XDR service acts as our security operations center. It helps us sleep a little better at night. We know that they can call us on the phone when a significant alert comes in after hours. It makes things more efficient because we know there's someone on the other side who can look at alerts for us and at least do the preliminary analysis if anything comes in. Multiple teams are notified when an alert comes in. We can allocate security resources more efficiently and plug more data sources into the Vision One platform. We don't need to dedicate personnel to continuously monitor the dashboard because we know someone is looking at it with us.

The platform has allowed us to identify blind spots and see where there are holes in our network. It suggests remediation steps in many cases.  There is typically a link in the documentation. That has been a significant benefit because it tells you what to do. For example, it might suggest running a command in the terminal to identify the issues or take x output and put it into y input. 

The solution reduces the time spent investigating false positives by around 65 to 75 percent. For example, when we are pushing out custom code, the workbench tells us the risk level. If it's 70 or higher, we check it out. At 69 or lower, it could be a false positive, so it might require some poking around. It gives us enough data in the alerts that anyone who knows the system could say, "Oh, that was me. I was running patches," instead of checking nine different systems to identify what triggered the alert. It's all there in the alert, including the hashes, commands, impacted web files, etc. We can instantly dismiss it as a false positive and flag it as resolved.

Vision One's playbooks help us save time but I can't say how much because we're still maturing those. For instance, we know what those patching commands look like, so we're working on a playbook to automatically ignore or close those false positive alerts as they come in. We're still trying to fine-tune those playbooks. 

I like Vision One's observed attack techniques feature. It lets you see what an attacker is doing, how they have tried to exploit a machine, or how malicious code is operating. It helps us discover indicators of compromise so we can write better rules for detection.

Migrating to the Vision One platform helped us because we no longer need to look at eight different screens to find data. It's all just consolidated into one location. Having everything in one place is critical. I've been in the industry for almost a decade now, and it's a struggle to find that single pane of glass for all my alerts, logs, and anomalies like random users clicking on a link or downloading a file. It's nice to have it all in one location. Having centralized visibility saves the time we would spend checking various systems to look for things. I can also correlate data points more effectively and make data-driven decisions about the remediation and mitigation of any internal or external threats discovered.

The executive dashboard is nice. It's consolidating all of the tools into the Vision One platform, giving you a high-level overview. Executives love dashboards and pretty colors. The ability to drill down into XDR detection from the executive dashboard his handy. I don't have to go fishing. We get an alert that says a machine did X, and I can fire it up. It's on the dashboard, so I can click on that machine, and it lets me drill down into the logs. It cuts down on the time required to do any kind of forensic analysis on anomalous alerts or behavior. 

The Risk Index gives you an overview of the risk and how it compares with others in your industry. It's nice to be able to quantify the risk, and it enables you to justify the spending on these tools to your executives by showing that it pays off. Also, if we start plugging in more data points and the risk score goes up, we can conclude that there are some issues with the new data source that we just hooked up to our platform. The goal is to have a risk level of zero, but that will be hard to achieve. 

We've received some mild complaints that the documentation is sometimes not up to date. 

I used Vision One at my last job, and I brought them on board when I joined this company, so I have been using the platform for about two years. 

I haven't had any issues with stability. 

We run several different AWS accounts, and Vision One keeps up pretty well. I haven't noticed any downtime, lagging, or crashes.

They were using something else, but my team wasn't in charge of it. Vision One offers a more mature platform. I had used it at my previous job. My boss brought it in because we had both worked with Trend Micro in the past. We know the platform and the engineers. 

Deploying Vision One was relatively straightforward. We were on the legacy platform. They had written a script, so all you had to do was hit the play button. We recently moved to their all-in-one VisionOne platform, which was super simple. The deployment team included two on our side and two on the Trend Micro side. Their engineers hopped on a call and walked us through the process. The setup process primarily entails deploying the agents globally. 

Trend Micro's licensing is fair. 

I rate Trend Micro nine out of 10. This is a SaaS product, so you can do a trial period. If you like it, contact their sales people and try to develop a good relationship with the company. 

It's a perfect tool for monitoring infrastructure, including endpoints, servers, and potential attacks via networks. That's especially true for internet-visible hosts, which we can monitor directly from the tool.

We had problems with users not using legitimate tools, such as pendrives. We needed to protect hosts from external threats and third-party actors. That included monitoring behavior, scanning our infrastructure, and exploitation of vulnerabilities.

The solution has enabled us to completely reorganize our work. I was the first person using this tool in our company, and I completely changed user behavior to become more restricted. In Poland, but also in the United States, we are very strict about abnormal usage of our tools or attempts to download tools that shouldn't be on desktops, laptops, or servers. From my point of view, we are now a completely different organization than when I joined it. Trend Micro is one of the most important security tools we have implemented.

We don't need to use an external vulnerability scanner because Trend Micro XDR has a module for that, and we can save that money.

Trend Micro's Managed XDR is quite nice because I can manage more than 2,000 endpoints. I use the playbooks with particular scenarios for incident management. It's a very nice tool. It competes with anyone on the market. Sometimes, when we detect some kind of threat and we have no idea how we should investigate, troubleshoot, or mitigate the risk, we use the managed service team with Trend Micro engineers. I'm very happy with this team. They are very good professionals.

We respond much faster thanks to the intelligence used by Trend Micro. They have very good knowledge because they have many threat sources. That is why we are reacting much faster than we would if we had to dig deeper without that knowledge and this tool. It would be absolutely impossible to manage this infrastructure by a single admin or even two security admins. We are able to detect and respond about 80 percent faster. It's not only the monitoring and alerting for classic signature threats; there is also a tool for monitoring user behavior. It would be utterly impossible to find abnormal user behavior without this type of tool.

And we have mitigated most of the false positives—more than 90 percent. About one out of 10 alerts may be a false positive. In the beginning, we had to learn about Trend Micro, what was a legitimate action and what was a suspicious or malicious action. We had to learn what the right approach was.

This product is simple to use. Sometimes, especially when new features come out, I need to spend a little bit of time discovering how they work. But overall, it's simple. The interface is quite nice.

The integration is also nice because there are many external tools that we can connect to the platform, such as configuration management tools. Because the platform is integrated, I can manage almost the whole company across our global organization. I can almost manage the infrastructure alone. We have minimized the need to expand our team.

It also handles vulnerability management.

We use Trend Micro to cover endpoint protection and server protection. That's one of the key points for our company. And Trend Micro Vision One absolutely gives us centralized visibility and management. Especially when we integrate it with Active Directory, we get full visibility of our endpoint and server infrastructure. That is very important; a 10 on a scale of one to 10.

We also use the solution's Executive Dashboards. We present the findings in steering committees periodically. Sometimes, there is a repetitive alert or event. Directly from this dashboard, I can see the groups of this type of event. For me, it's quite a nice tool for presenting the results to the C level and the whole company for those who are not technically experienced.

And especially because of the new European regulation called NIST 2, we are using the solution's Risk Index feature. We calculate our risk score and we can see how it is changing in the timeline. Is it growing? Is there a new vulnerability detected? We can also compare our risk score with organizations of the same size or in the same industry and see if we are better or worse.

The area for improvement is mobile security. We have just finished a proof of concept for Zero Trust Secure Access. We withdrew from this PoC because it does not have that many points for proxy across Europe. Our organization is across Europe, and it will be nice when it is possible to have Trend Micro proxies across many more countries. At this time, they are only located in Germany and the UK. For us, it's not enough. We are waiting for them to increase the points of contact, and after that, we will return to this project. 

From my experience, it was quite a nice tool, and I could manage almost all of the actions that I could not manage in a traditional way. Traditionally, I could allow or block usage of an application. But using the Zero Trust Secure Access tool, I could manage the schema of the usage. I will wait for this tool to change in the next few months.

I have been using Trend Micro XDR for almost 20 months.

It's a stable product. We haven't detected any issues other than the false positives, but that's normal.

We use it in multiple locations because our company is spread across Europe and Asia, as well as the United States and Canada. We have more than 2,000 users, and the solution covers 400 or 500 assets.

If our company were to increase over two to three months to 10,000 users, it would not be a problem. We have the ability to extend as we scale our users. It's very simple and absolutely flexible.

Their technical support is nice. On a scale of one to 10, it's a 10. They respond fast using email, phone, and the customer service portal.

Positive

I used competitors' tools, Secureworks, as well as Carbon Black. These are nice tools, but they are very heavy to implement and heavy on daily operations. Trend Micro is much better, much more flexible, and I have much more visibility. It is a cost- and time-saving tool.

Our deployment is a hybrid. We have advanced our implementation a lot. The first implementation was only one of the features called OfficeScan. That was a few years ago, and the implementation was in the United States. After that, we moved forward with the implementation across servers and endpoints, including Mac and Microsoft endpoints.

The whole project took about three months, with the custom discovery and the fine tuning. We had two people involved, one in Europe and one in the US.

Sometimes, maintenance is required if there is a new feature. It needs to be restarted. But this function is done by Trend Micro engineers because we are using the XDR in the cloud. We don't touch it. There is maintenance on our side for Deep Discovery because that part is an on-prem solution. But it's simple to manage.

They are implementing new tools, like Trend Micro Apex One and DDI. They are ready for implementation on the console, and we are waiting to transition to these tools.

For the new features, I prefer doing a proof of concept, like we did for the Zero Trust Secue Access platform. That was a good move because we saved time when it came to resolving issues on the user side. We had a few users in every department, and we tried to discover what would happen if we implemented this tool. That is my approach to being safe with such products. We can do things without any technical training and can disconnect users around the world using one switch. For new features, I'm a big fan of using a proof of concept.

I use Trend Vision One for banking, retail, and government clients. We sell it with other technologies. It provides more sources for alerts and visibility into threats and vulnerabilities. We have all Trend Micro's modules, including full asset protection, EPS, IDS, endpoint protection, and email security.

Vision One has reduced our detection time by approximately 30 percent, enabling us to use our human resources more effectively. The solution has allowed us to consolidate 90 percent of security tools across hybrid environments, improving our operational efficiency. We've reduced our administration and management tasks by half.  Vision One has also decreased our risk.

The most critical feature of Vision One is that it gives us a single console for threat management. The organizational view simplifies management and improves visibility, helping us identify areas for action. The solution is intuitive and easy to manage. 

The solution's ransomware protection with runtime machine-learning capabilities gives us peace of mind. We also get total protection and fewer false positives than in other solutions we sell. Vision One integrates well with our other security products.

Vision One could improve its area networking and email security.

I have been using the solution for around three years.

Trend Vision One is stable.

Positive

We have not previously used a tool like Trend Vision One, but we have used individual tools for various functions, such as EDR and EPS. For example, we used Vicarius and Ivanti for virtual patching and other tools by Palo Alto, CrowdStrike, Sophos, and Kaspersky. Trend Micro consolidates all these features into one platform, so that's one advantage it offers. 

Setting up Vision One was straightforward. 

I rate Trend Vision One nine out of 10.