Trend Vision One Reviews

Our use cases for Trend Vision One are monitoring and alerts.

The biggest challenges we wanted to address with Trend Vision One were securing endpoints and enabling us to quickly respond to incidents or threats. This is the main goal for using this solution.

Trend Vision One has improved the way our organization functions by acting as both a monitoring tool and an antivirus, giving us insight on potential threats and enhancing our response time to security incidents. It is hard to measure the time savings but we save a significant amount of time in responding to potential threats. For example, we don't expect employees to respond to emails, chat, or calls outside of working hours. Trend Vision One has a feature where we can block all access to the laptop or endpoints. It allows us to take immediate action without waiting for the user to respond.

In terms of reducing noise from false positives, unfortunately, some behaviors can be mistaken for bad behaviors, but that isn't the fault of the software itself. It largely depends on how the developers of other applications implement their software and how it is run. We encountered an issue with another software called Rapid7, which periodically runs a command on MacBooks or Apple operating systems. This command, which is quite lengthy, searches for any unsecured credentials or API keys related to GitHub on the laptop. The way the application triggers is significant: it runs under root privileges, executing that command in the terminal for the user. Trend Vision One picks this up as a suspicious command, interpreting it as an attempt to find unsecured credentials. Despite having whitelisted the entire command in Rapid7, Trend Vision One still flagged it. We went back and forth on this issue, but ultimately we decided that it wasn't worth further troubleshooting to silence this alert due to the potential for actual malicious use of such commands. While we could whitelist it, we did not want to risk it being exploited maliciously. In the end, we chose to ignore the alert. They helped us reduce some other noise, but there was some noise that we weren't able to reduce.

Vision One AI has been very useful. All IT people stay up to date with security risks, exposures, alerts, or attacks. Vision One AI helps us explain or understand the alerts and what actions are recommended.

The workbench alerts are something we find very useful, as they help us stay informed about various activities. Not all alerts are positive, but they provide valuable insights into the detection methods and help us understand how certain issues arise. For example, if someone attempts to run a piece of software that encrypts a file, one of our tools, which is used for evidence gathering in surveillance systems, may encrypt the file too quickly. As a result, Trend Vision One may trigger an alert. Although this is a false positive, it still gives us insight into the behavior involved. This allows us to investigate the alert further and provide feedback to the user or development team, letting them know that similar triggers are likely to occur with other security systems or software.

Other useful features include intrusion and mailbox alerts, suspicious unauthorized access, tracing logs, website clicks, and email filtering for bad attachments.

The improvement I have been asking for is an easier way to create MDR requests. Not all alerts that come through Trend Vision One receive an investigation, and we would like the ability to easily request an investigation on lower-scored alerts without logging into the support portal to create a ticket.

I would like to see Trend Vision One and OfficeScan consolidated into one platform. Currently, it is the same space but two different layers. It would be nice to have both combined instead of having two clients.

There is room for improvement when it comes to support.

I've been working with Trend Vision One for three years.

Trend Vision One is stable enough. We don't see many performance impacts on our endpoints, except for when our weekly scheduled scans happen. Our developers express that it limits how freely they can develop, but I personally appreciate the insight it gives us and the actions that allow us to take on our devices.

I would rate their support a six out of ten. We encountered an issue with one of our tools—specifically, Visual Studio. One of our developers faced difficulties debugging code because Trend Vision One was blocking the debugging application or causing it to crash. This problem stemmed from a Windows update, and it took us a month and a half to identify the root cause. After we opened a ticket either at the end of March or early April, we waited several more weeks for a solution. Although the Windows update occurred back in February, we didn’t receive the fix until the end of May. The interaction between Windows and the application played a significant role in the issue, as the debugging application starts the code and injects itself into the running application, which Trend Micro flagged as problematic after the latest Windows update. Fortunately, this issue has now been resolved, but it was indeed a painful experience. Our developers were understandably frustrated that they couldn’t debug code for a month and a half, which impacted our project timelines.

Neutral

The company previously had SentinelOne before my time, and I can say that SentinelOne was not effective. 

We currently use Rapid7 as our Managed Detection and Response (MDR) service. In my experience, both Rapid7 and Trend Vision One serve similar purposes, but they have distinct differences. There are times when Rapid7 provides us with more detailed information, while at other times, Trend Vision One offers greater insights. This is partly because Trend Vision One collects more data from the devices, allowing it to better identify the root causes of alerts compared to Rapid7. 

Additionally, I find that the MDR team at Trend is generally more responsive than that of Rapid7. However, there are some disadvantages as well. For instance, we haven't yet set up cloud monitoring capabilities with Trend Vision One. Rapid7 currently handles our cloud infrastructure monitoring and manages services like Office and Okta. While Rapid7 is equipped to monitor these services, Trend Vision One is not yet at that level. We are exploring ways to enhance its capabilities, and if it can provide the same level of service as Rapid7, we might consider discontinuing our use of Rapid7 altogether.

We use the SaaS solution. I was not involved in the initial setup and deployment process, which occurred prior to my time here, but I have readjusted some policies.

Previously, it was difficult to understand some alerts. However, as time goes by, we differentiate better between them, and the AI feature is an extremely good tool that explains things that are gibberish to the regular user. The learning curve is quite steep.

It has helped us understand some of the alerts that we did not comprehend.

It is an all-around solution that includes various modules for comprehensive security monitoring and alerting. This solution is particularly effective when integrated with other hardware or on-premises solutions, such as Deep Discovery Inspector, which monitors your network.

The interface is adequate, but it is constantly changing. New features are being added, and items are being rearranged almost daily. We might have missed some announcements regarding these frequent updates. As it is an evolving solution, such changes are to be expected. However, there are still features that are buried within menus, which previously required extensive searching to locate. For instance, until last year, isolating endpoints was only possible through the search function. Now, they have added a feature within the endpoint inventory that allows you to select devices and isolate them immediately, rather than having to jump through multiple hoops to access that option.

The application has also become slightly more responsive. Regarding its functionality, the insights it provides are quite useful. The application displays various actions, and you can drill down into alerts to view the execution path associated with them. For example, if an application triggers an alert, you can right-click on that alert and select "Check Execution Profile." This feature shows you where the process started, what actions it took, and where it ended. This improvement is beneficial for understanding how tasks are executed.

I would rate Trend Vision One an eight out of ten.

Our infrastructure utilizes Trend Vision One for endpoint and cloud-based security. While all our endpoints are cloud-based, allowing us to deploy Trend Vision One in the cloud, we also maintain endpoint-specific protection. Currently, our network infrastructure is not fully integrated with Trend Vision One. The platform primarily monitors our backend infrastructure and provides initial response capabilities.

I implemented Trend Vision One to consolidate log inspection, integrity monitoring, intrusion prevention, and application control into a single platform, eliminating the need to switch between multiple applications.

Trend Vision One provides centralized visibility and management across protection layers, which is crucial for compliance. It allows us to show audits of what’s going on and keep all evidence in one place. This centralized visibility has improved our efficiency, as it means just one login is needed to complete all necessary tasks, maintaining focus and reducing distractions resulting from multiple sources.

The Vision One executive dashboards effectively communicate our company's overall security posture by providing a clear risk overview. Executives appreciate the simple visual cues, with green indicating low risk and yellow signaling high risk, allowing for quick and easy understanding of our current security status.

I immediately recognized the benefits of Trend Vision One because, unlike our other security applications, it provides comprehensive visibility.

I utilize Vision One's risk index feature to assess our organization's risk level and benchmark it against our peers. This comprehensive evaluation allows us to understand our current risk profile, identify areas for mitigation, and determine acceptable risk thresholds. The risk index feature is essential to our business operations.

Attack surface risk management helped us identify blind spots in our environment and provided detailed remediation strategies. This works as a second pair of eyes that helps look for vulnerabilities, which in turn improves our security posture.

Trend Vision One improves our detection and response times by identifying vulnerabilities and summarizing mitigation strategies.

Trend Vision One helps reduce the amount of time we spend investigating false positive alerts by 80 percent.

I love Trend Vision One for its robustness, allowing us to deep dive into a lot of information. The Trend hunting feature is beneficial, providing the opportunity to investigate and see what's happening, using frameworks such as MITRE ATT&CK to analyze logs. Its risk index feature allows us to see risk status quickly and provides valuable insights into our security posture.

The only issue I have with Trend Vision One is the credit structure, which is confusing. An easier way to understand the credit structure would be helpful.

I have been using Trend Vision One for over five years.

Trend Vision One is stable and does not crash. In my experience, it has not shown any instability issues.

Trend Vision One is scalable. We can increase or decrease according to needs, although pricing changes when scaling.

Trend Micro's support response time can be slow. The quality of assistance varies depending on the issue. However, reaching qualified technical engineers can be challenging due to lengthy escalation processes.

Neutral

I've used many alternatives before, like Avast, SonicWall, and Mimecast. These alternatives don't have all the integrated features of Trend Vision One, particularly the server and workload capabilities.

The initial setup required deep diving and using resources such as help centers. Despite not being straightforward, it was manageable.

The deployment took three days.

I implemented Trend Vision One in-house with the support of team members, using resources like software guides and videos.

Trend Vision One is an expensive product.

I would rate Trend Vision One eight out of ten.

The most significant security challenge we face is zero-day attacks, which exploit vulnerabilities unknown to us. While Trend Vision One provides some protection, it cannot catch all zero-day threats, leaving us potentially exposed. This inherent vulnerability in our security poses the greatest risk.

Trend Micro handles most maintenance, but we are responsible for installing agent patches on our servers.

New users should understand that Trend Vision One is different from other solutions they might have used. Reading and fact-finding are crucial. They must ask the right questions.

Public Cloud

Other

We use Trend Vision One as our primary security solution on all endpoints, servers, and clients in our environment. Through third-party integrations, we’ve also connected solutions from other vendors (including VMware and Fortinet).

Trend Vision One has increased our endpoint visibility and reduced attack vectors. We can now identify and respond to vulnerabilities and threats faster. This has reduced our response time by an estimated 25–30%. Vision One provides notifications about specific risks and helps us understand where the general risks lie, enabling proactive mitigation.

With other vendors, we’ve had to manually check for vulnerabilities in products and assess whether those vulnerabilities were relevant. Now, Vision One handles much of that process. It provides detailed information for each user and endpoint about existing risks and how to mitigate them.

I often compare patching vulnerabilities in Cyber Risk Exposure Management (CREM) to playing a game — the goal is to collect as few points as possible. The lower our score, the more secure our environment is. And like in real life, there are ups and downs because new risks arise daily. Vision One is an important tool for communicating risk assessments to management while also helping operational staff understand what risks mean and how to reduce them.

The feature I find most valuable in Vision One is CREM. CREM helps our company identify blind spots. It provides detailed information about the actions and improvements we should take to secure our environment, and gives concrete recommendations about how to resolve vulnerabilities.

As part of our Service One Complete service agreement, we have bi-weekly meetings with a Technical Account Manager (TAM) who advises us on improving security settings and informs us — even between meetings — about new attack scenarios and how to counter them.

It’s hard to pinpoint areas where Vision One could be improved or where additional features are needed. I’ve been working with the solution for three years, and Trend Micro is constantly developing. Sometimes, it’s hard to keep track of all the updates and added features.

I feel that Trend Micro is now better at identifying my needs than I am at recognizing them myself.

Vision One has been in use at the company for three years.

The stability is excellent. In my opinion, performance and availability are both very good.

The scalability of the solution is very good. We have not encountered any limitations as our environment has grown.

I would rate customer service extremely positively. Support responds quickly, and together we’ve been able to solve all challenges in our day-to-day operations. On a scale from 1 to 10, I would rate customer service and technical support a 9 — there should always be room for improvement.

Positive

Before Trend Vision One, we used a solution from Kaspersky. The switch was prompted by the German BSI’s security warning regarding Kaspersky's antivirus products.

I was heavily involved in the rollout and deployment of the solution. Implementation was relatively quick and smooth. We used a deployment script distributed to endpoints through our software distribution system.

Our rollout strategy started with a small number of endpoints being configured with antivirus and policies. After reviewing and refining the policies, Vision One was rolled out in phases to the remaining endpoints.

We needed only one staff member for the implementation of Trend Vision One, and that was me.

The investment in Trend Micro Vision One has paid off, although ROI is difficult to calculate. A security solution is like a good insurance policy — ideally, you never need to use it. We haven’t had any incidents so far, and hope it stays that way.

I’ve noticed that the continuous visibility of potential risks has made our environment more secure and has enabled colleagues to respond faster, saving valuable working time.

Before we decided on Vision One, we also evaluated solutions from other vendors, including Microsoft and Fortinet. The differences between the products were not significant — they were more in the details. But since we had already been a Trend partner for 15 years (12 of them inactive), we ultimately decided to return to Trend Micro.

Three years ago, we followed a different concept: two independent security solutions with separate management and reporting. Migrating to Vision One and consolidating everything into one interface gave us a 365° view of our IT infrastructure.

Central visibility of endpoints and vulnerabilities, as well asunified management, brought a new level of focus to IT security and boosted employee awareness.

If you're evaluating Trend Micro, don’t limit yourself to antivirus functionalities. Consider other features as well — especially the Managed Services, (strong technical support), and Cyber Risk Exposure Management capabilities, which I find highly valuable.

Create a centralized view of your IT infrastructure.

Define which features are important or necessary for you.

Get a comprehensive overview when evaluating different security vendors in terms of features and costs — so you’re not comparing apples to oranges.

Foreign Language: (German)

Ermöglicht Teams, Cyberrisiken schnell zu erkennen und zu managen – durch detaillierte Einblicke und kontinuierliche Unterstützung

Was ist unser primärer Anwendungsfall?

Trend Vision One kommt als primäre Sicherheitslösung auf allen Endpunkten (Server und Clients) in unserer Umgebung zum Einsatz. Darüber hinaus sind über die Third-Party Integration auch die von uns eingesetzten Lösungen weiterer Hersteller (u. a. VMware, Fortinet) eingebunden.

Wie hat es meiner Organisation geholfen?

Trend Vision One hat uns geholfen, die Sichtbarkeit der Endpunkte zu erhöhen und den Angriffsvektor zu verringern. Wir können schneller Schwachstellen/Bedrohungen identifizieren und darauf reagieren. Dadurch konnte unsere Reaktionszeit um schätzungsweise fünfundzwanzig bis dreißig Prozent gesenkt werden. Mit Vision One wird man über konkrete Risiken benachrichtigt und lernt, wo die Risiken im Allgemeinen liegen. So kann man aktiv daran arbeiten, diese zu beheben.

Früher mussten wir aus eigener Initiative heraus überprüfen, welche Schwachstellen bei bestimmten Herstellern bestehen und einschätzen, ob diese Schwachstellen für uns relevant sind. Das wird jetzt bereits zu einem großen Teil von Vision One erledigt. Herunter gebrochen bis auf jeden einzelnen Benutzer und Endpunkt wird dediziert angegeben, welche Risiken bestehen und wie diese verringert werden können.

Ich vergleiche die Behebung von Schwachstellen im Cyber Risk Exposure Management (CREM) mit einem umgekehrten Spiel. Es geht darum, so wenige Punkte wie möglich zu sammeln. Je niedriger unser Score ist, desto sicherer ist die Umgebung. Und wie im echten Leben gibt es Höhen und Tiefen, weil es täglich neue Risiken gibt.

Letztendlich ist Vision One ein wichtiges Tool, um einerseits eine allgemeine Risikobewertung für Führungskräfte/ Manager durchzuführen, und andererseits für operative Mitarbeiter, um zu wissen, was dieses Risiko tatsächlich beinhaltet und wie es sich reduzieren lässt.

Was ist am wertvollsten?

Die Funktion, die ich in Trend Vision One besonders wertvoll finde, ist Cyber Risk Exposure Management (CREM). CREM hilft unserem Unternehmen, blinde Flecken zu identifizieren. Diese wichtige Funktion zeigt sehr detailliert und umfassend auf, wo Handlungsbedarf oder Verbesserungspotenzial besteht. Gleichzeitig bietet es den Kollegen konkrete Handlungsempfehlungen, wie Schwachstellen geschlossen werden können.

Ein Bestandteil unseres Service One Complete Service-Vertrages sind zwei wöchentliche Meetings mit einem TAM (Technical Account Manager), der uns berät, wo Verbesserungspotenzial bei den Sicherheitseinstellungen besteht und uns regelmäßig – auch zwischen den Meetings – informiert, wenn es neue Angriffsszenarien gibt und wie diesen entgegengewirkt werden kann.

Was muss verbessert werden?

Bereiche, in denen Vision One verbessert werden könnte oder wo zusätzliche Funktionen erforderlich sind, sind schwer zu bestimmen. Ich arbeite jetzt seit drei Jahren mit der Lösung und Trend Micro arbeitet ständig an deren Weiterentwicklung. Stellenweise ist man gar nicht in der Lage, alle Änderungen zu erfassen oder welche zusätzlichen Funktionen eingebunden werden.

Ich glaube, Trend Micro ist derzeit schneller dabei, meine Bedürfnisse zu identifizieren, als ich sie überhaupt selbst erkenne.

Wie lange verwende ich die Lösung bereits?

Vision One ist seit drei Jahren im Unternehmen im Einsatz.

Was denke ich über die Stabilität der Lösung?

Die Stabilität der Lösung ist sehr gut. Meiner Meinung nach sind Leistung und Verfügbarkeit sehr gut.

Was denke ich über die Skalierbarkeit der Lösung?

Die Skalierbarkeit der Lösung ist sehr gut. Wir sind bisher auf keine Einschränkungen beim Wachstum unserer Umgebung gestoßen.

Wie sind Kundendienst und Support?

Ich würde die Erreichbarkeit und Kompetenz von Service und Support von Trend Micro als sehr hoch bewerten, ich bin sehr zufrieden. Antworten und Lösungen kommen prompt, das Personal ist professionell und auf einem sehr hohen Kommunikationsniveau.

Wie würden Sie Kundendienst und Support bewerten?

Äußerst positiv. Kundendienst und Support reagieren zeitnah. Gemeinsam konnten bisher alle Herausforderungen unseres Tagesgeschäftes gelöst werden.Auf einer Skala von eins bis zehn würde ich den Kundendienst und den technischen Support für Trend Vision One mit einer Neun bewerten. Es muss ja noch Luft nach oben bleiben.

Welche Lösung habe ich vorher verwendet und warum bin ich gewechselt?

Vor Trendmicro Vision One war die Lösung von Kaspersky im Einsatz. Der Auslöser für den Wechsel war die vom BSI ausgesprochene Sicherheitswarnung vor den Virenschutzprodukten des Herstellers.

Wie war die anfängliche Einrichtung?

An der Einführung und Bereitstellung der Lösung war ich maßgeblich beteiligt. Die Implementierung erfolgte relativ schnell und problemlos mit einem Deployment-Skript, welches über das Software-Verteilungssystem auf die Endpunkte gebracht wurde.

Unsere Implementierungsstrategie sah vor, dass zunächst eine kleine Anzahl von Endpunkten mit Virenschutz und Richtlinien versorgt wurde. Dann wurden die Richtlinien noch einmal überprüft und verfeinert. Abschließend wurde Vision One in mehreren Etappen auf die restlichen Endpunkte ausgerollt.

Wie war unser ROI?

Die Investition in Trend Micro Vision One hat sich rentiert, aber der ROI ist schwer zu berechnen. Eine Sicherheitslösung ist wie eine gute Versicherung, die man hoffentlich nicht braucht. Wir hatten bisher keine Vorfälle und hoffen natürlich, dass wir auch in Zukunft keine haben werden.

Ich stelle fest, dass unsere Umgebung durch die permanente Sichtbarkeit von potentiellen Risiken sicherer geworden ist und dass die Kollegen schneller auf diese reagieren können. Das spart vor allem Arbeitszeit.

Welche anderen Lösungen habe ich evaluiert?

Bevor wir uns für Vision One entschieden haben, haben wir auch die Lösungen anderer Hersteller evaluiert, unter anderem die von Microsoft und Fortinet. Die Unterschiede bei den jeweiligen Produkten waren nicht so gravierend, sie lagen mehr im Detail. Aber da wir auch schon seit fünfzehn Jahren Trend Micro Partner sind (zwölf Jahre davon ruhend), sind wir schließlich wieder zu Trend Micro zurückgekehrt.

Welche anderen Ratschläge habe ich?

Wir hatten vor drei Jahren ein Konzept, das einen anderen Ansatz verfolgte. Zwei voneinander unabhängige Sicherheitslösungen, mit jeweils eigenem Management und Reporting. Die Migration zu Vision One mit der Konsolidierung in eine Oberfläche hat zu einer 365°-Sicht auf die IT-Infrastruktur geführt.

Die zentrale Sichtbarkeit von Endpunkten und Schwachstellen und das Management über alle Ebenen hinweg hat noch einmal einen ganz anderen Fokus auf das Thema IT-Sicherheit gelegt und das Bewusstsein der Mitarbeiter für dieses Thema gestärkt.

Wenn Sie Trend Micro evaluieren, beschränken Sie sich bitte nicht nur auf den reinen Virenschutz, sondern beziehen Sie auch die anderen Funktionen in die Betrachtung ein. Insbesondere die Managed Services, der Technical Account Manager und die Cyber Risk Exposure Management Funktionen haben für mich einen hohen Mehrwert.

Schaffen Sie eine zentralisierte Sicht auf Ihre IT-Infrastruktur.

Definieren Sie im Vorfeld, welche Funktionen für Sie wichtig sind bzw. Sie benötigen.

Verschaffen Sie sich einen umfassenden Überblick bei der Evaluierung verschiedener Sicherheitsanbieter hinsichtlich Funktionen und Kosten, damit Sie nicht Äpfel mit Birnen vergleichen.

Welches Bereitstellungsmodell verwenden Sie für diese Lösung?

Private Cloud

Falls öffentliche Cloud, private Cloud oder Hybrid-Cloud, welchen Cloud-Anbieter verwenden Sie?

Verschiedene.

Private Cloud

Other

I work with Trellix, Trend Micro, Fortinet, and Netrix for DLP solutions. For Netrix DLP, I use Forcepoint, and for email security, I use Barracuda.

I have been working with Trend Micro for the past six years. I started with Apex One and Worry-Free, which evolved to Trend Vision One. Trend Vision One is a collaborative XDR platform designed to bring all security solutions such as mail security, cloud security, endpoint security, and identity security together and manage them from a single console. That is the main goal of Trend Vision One.

From my end, I have deployed email security, endpoint security, XDR, and web security from Trend Vision One. We are using Trend Vision One with both business essentials and pro bundle.

Trend Vision One has two kinds of solutions for endpoint security: standard endpoint protection for desktop machines and server and workload protection for existing Linux servers, Windows servers, or even containers and workloads in the cloud where you can install agents for those containers as well. These are the deployments which we have done for endpoint security.

The detection part works well for me. The response part, including automatic containment, requires creating playbooks. Even though I create them, I have faced many threat attack scenarios where detection pops up, but the appropriate response action is not being taken.

Attack discovery and attack surface discovery are valuable features. Every organization has endpoints, and no organization will be willing to do a full discovery or testing on all those endpoints or devices. Attack discovery helps us know which endpoints we have with Trend Micro, what vulnerabilities and loopholes are available in the endpoints, and provides insights into our attack surface.

I have used the cyber risk exposure management product completely except for security awareness. I have used data security posture, identity security posture, and network security functionalities. I have not ensured cloud security yet, but we are yet to have hands-on experience with that. I have showcased these functionalities to customers and conducted many POCs for new clients covering cyber risk exposure management, XDR, email security, endpoint security, and network security. I have explained how well Trend Vision One captures the correct data.

The response time after detection is approximately three hours.

Visibility is good, but Trend Vision One can improve the response part. Compared to other vendors like SentinelOne or CrowdStrike, all of them are providing detection and response methodology. However, Trend Vision One provides more visibility but has limitations on the response part.

If Trend Vision One can improve the response time and playbooks, particularly with more customizable playbooks, it would be greatly helpful. We have raised feature requests to Trend Micro. If they have more predefined playbooks and more options for response management, it would be beneficial because that is what end users are expecting.

As a reseller, we are dealing with the pain because customers are asking why response is not being taken even though Trend Vision One detects suspicious files. In some cases, I follow best practices by updating playbooks at regular intervals, but that is a manual process. An automated process to take appropriate action for suspicious and malicious files would be necessary. The response part might be improved to provide better value.

I have been working with Trend Micro for the past six years.

Trend Vision One is stable. Before Trend Vision One, Trend Micro had Apex One and Worry-Free products for endpoint security that were not stable. However, after Trend Vision One was introduced, I do not see any stability issues.

Scalability is good. Previously, it was good because they were using a credit system where they would give credits and based on the credits we could allocate our own licenses. Right now they have removed this feature, so we are yet to do some testing on that. The credit system was effective because we had flexible licensing and scalability, and we were able to use the resources when and if it was necessary.

Two factors are important: the time to give the first response and the technical ability of the engineers. I heard that they have laid off many old employees and senior employees.

The integration part is good. They also have an AI platform built into the console which provides more details in layman's terms. When explaining an attack to management, you can communicate it to a CIO in technical terms because they are from a technical background and will understand all the details. However, when taking this to a CEO or CFO who are not technical persons with backgrounds based on industry, you should explain it in simple terms. The AI integration with Trend Vision One gives the details in a much simpler way in layman's understanding. That feature is good.

Neutral

The installation is easy. Even for Linux and Mac machines, it is just two or three commands.

ROI is absolutely achievable, especially with Trend Vision One and server Trend Vision One platform. Previously, they had MSVA, which was a virtual appliance that on-premises clients needed for mail security. After they came up with the cloud email security solution, many customers are feeling relief, and the latency is much better when compared to an on-premise solution.

For ROI in email security, they provide BEC, which is the best ROI for every customer. If there is an outage that occurs in Microsoft or AWS or any other cloud platform, there is an email continuity platform for emails. That is good ROI.

From a deployment perspective, it shows around fifty to sixty percent. The impact given to the business in terms of real impact is up to ten to twenty percent.

This is quite affordable. It is not that expensive.

We buy from Trend Micro. Trend Vision One definitely falls in the leader quadrant in Gartner, and its capabilities are good. It can be in that leader quadrant. For an endpoint security solution, managing attacks is the key thing. It is not about daily activities like what policies and functionalities are provided. These matter, but at the end of the day, if an attack is going to happen, the end user will assess the support of Trend Vision One and the response part of Trend Vision One. These two parameters are going to be assessed, and based on these two parameters, any quadrant achievement from labs like Gartner or Forrester will be based on these two parameters only.

For standard endpoint protection, if it is a detection, it is a detection. When compared to CrowdStrike, Trend Vision One creates much less false positives. There is no big noise on this, but that is one way to consider it. False positives do come, and it is completely based on the configuration which we do. On the initial phase of the deployment, after a month or two, we keep it in detection mode, and after that, we pursue the prevention mode so that blocking is enabled.

If the containment functionality gets automated, it would be on a better note. The response part, if improved, will be very helpful. From a deployment perspective, it shows around fifty to sixty percent.

Trend Vision One is fully on the cloud with no on-premise option. They tie up with multiple cloud vendors, but they provide a SaaS platform built by Trend Micro. Trend Micro itself is hosted on some AWS servers, which is what I have heard, but I do not want to comment on that.

I would rate this review an eight.

Public Cloud

Amazon Web Services (AWS)

We use it for analytics. We check all the maps and communications when there is an incident or an issue. It is very helpful for analytics.

Trend Vision gives a lot of visibility. If you have a big environment, you can use it to see logs or events. It gives more visibility into what is going on in your infrastructure.

Last year, we experienced an attack attempt, and it gave us a lot of visibility. We were able to track the source and all the processes that were involved during the attack. For security, it is very good.

Trend Vision One has helped reduce our time to detect and respond to threats by 30% to 40%.

I find the maps particularly helpful. The object list, specifically the suspicious object list, is also quite valuable. You can simply add one object to that list to manage it from another solution.

It gives comprehensive visibility. It is very good. It gives a lot of visibility into all layers such as layer three or layer seven. It helps with monitoring the endpoints, including all the desktops and processes or communication between servers.

I believe that the interface could be more user-friendly. At times, it is challenging to locate certain features, and they need to reorganize the user interfaces.

I have been using the solution for one year.

I would rate their customer support a five out of ten. They sometimes do not give enough attention to the tickets. Even when I update a ticket or a case, they ask the same questions that I have already answered. I explain my problem, and they respond as if not paying enough attention.

Neutral

Previously, we used another solution. We observed that Trend is trying to move all the solutions to Vision One. That is why we decided to transition, and it is working very well. 

It gives more visibility. The other solution was focused only on the server or endpoint protection. It did not provide any tracks, just the basics. With Vision One, we can see all the information correlated in one place, which I find very helpful.

The initial setup is very easy. It is not very complicated. Sometimes, the documentation is not updated, but the processes are very intuitive, so it is not that hard.

In terms of the implementation strategy, we first focus on non-critical servers or appliances, and then we move on to critical ones.

It is being used in an enterprise environment at a data center.

The implementation may require two people, depending on the infrastructure and scale. You might need an engineer or an administrator.

For maintenance, there are two people. One person scans and reviews all the information and the other one is from the backup. It requires minimal maintenance.

Overall, the visibility and security that it provides are our returns on the investments.

I feel that Vision One is a bit expensive. As for the pricing or licensing, I would rate it a seven out of ten.

I would rate Vision One an eight out of ten.

Vision One is the primary endpoint security product we use to protect our Macs and PCs. We also use the server product version, so it runs on my servers as well. We exclusively purchase Trend Micro's endpoint products. They have network and firewall products. We were using their email product until last month, and I ended up selecting a different provider. We stayed with them for the endpoint, but I moved off of them for the email product.

Vision One was a big deal to us immediately because we did not have context-aware before. We saw everything we had no idea was happening. It was a big deal three years ago. 

It certainly reduces time to detect because a lot of the time, I didn't have it before. I didn't have that information until it gave it to me. The speed of response helps me know much more about what's happening quicker. They have some improvement to do in terms of automated remediation. It probably makes investigations 30 percent faster because of what it puts together. 

When we purchased Vision One, what set it apart was that it wasn't a traditional signature-based antivirus. It's a process-aware solution that provides real-time protection. That was a big differentiator three years ago, but now it's a given that every AV provider should be doing that. It combines signature-based telemetry with behavioral awareness and a detection-based solution, making it a good solution for us.

When we bought it three years ago, it was separate. Apex One handled cloud and web app security, and Vision One handled cloud and server workload protection. Now, they call it Vision One. The server stuff is still separate, but it is the same now. When we purchased it, they told us we'd have a single console, but that took about two and a half years. Finally, there is a single pane of glass. 

One of the things that made me the craziest was that we had too many tools or one tool that I had to log into five different ways. One of the frustrations is you have both legacy and newer detection methods. Not being able to fully investigate it in a single portal was a huge pain.

They need to stop changing Vision One once a week. They're in a hurry to change things so badly and so fast that I can't find where stuff is half the time, which is a challenge sometimes.

I've given one piece of feedback to their product guys. One thing that they're trying to make is a SIEM. It's a product where you input all the logs from your tools, and it creates additional insights into how things look. They've been kind of playing the "me too" game on that, even though that's not what I bought the product for.

They have a new gateway where I can take my firewall of email logs and send it over there. In theory, it's supposed to do a more comprehensive evaluation of all my stuff to improve that risk index score. I'm not impressed with it, and I've told them as much. I feel if you're good at something, you should keep working on that and not try to be all the things to all the people. 

I bought a different email solution even though it would have been 10 times easier to just stay with their email solution because they aren't great at it. They are great at other things, but they're playing the "me too" game with some of their products. Their competitors do this, so they should be doing this, too. They need to pick a product and keep being good at that. If they're going to roll new things out, they should do it but do it right. 

They have a button to isolate an endpoint because it looks bad, but it doesn't usually work. I've had no chance to argue with the product guys to show them examples of how their button doesn't work. You think it does, but it doesn't work in a real environment. That can be a challenge sometimes.

I can see in the data showing what is a false positive. But it doesn't save me time helping them figure out how to fix the problem in their engine. It can help me identify it as a false positive, but it doesn't apply that consistently. It will ignore the false positive for that device, but if they start detecting a false positive on Apple devices, I have eight thousand Apple devices and get 8,000 alerts. I can tell that specific false positive, but it doesn't learn from that particularly well.

We use the executive dashboards, but I don't find them particularly useful. One is the ability to customize. That has gotten a little better, and it'll be better in the future. Most of what they have on there are data points that are generic and not particularly actionable. That's why it's called an executive dashboard. Executives want to see if we are secure, but it's hard for me to find out why our attack surface risk went down by x percentage. I don't know. It says that on the dashboard, but it doesn't give me specific details about why.

I find it confuses my executives, and it's not useful for me because it doesn't give me things to work on. It will give me generic things on the executive dashboard like you have a thousand accounts with an old password. Those are big generic things, but I also can't tell it that our password policy is different from what your automatic detection model means, and I don't have a problem with that, so quit lowering my risk score. 

The risk score is useless. In theory, it's based on the random intelligence they're getting from their various customers. I'm in K-12 education, so they have a decent amount of K-12 customers, but it's a subset, and the baseline of what's common in K-12 education is not the same. There's not enough data to make that particularly clean or useful. Vision One is not custom, and that's part of my beef. That index score is based on whatever random report they're looking at from their data sources at any given moment in time. It's nice, but I'd rather have one that's based on your particular circumstances. Instead, it's saying that the number one attack threat surface for school districts is email phishing. It's too generic.

I have used Trend Vision One for three and a half years.

Vision One has been less impactful toward my endpoints when scanning than the previous solution. 

Vision One's resource usage is starting to creep up compared to three years ago. They used to focus on making their agent lightweight. I don't necessarily think all of this is their fault, but their agents are starting to suck more resources than they used to. Part of it is that the threat landscape has changed, and you need to look at it in additional ways, and it is a strain on the servers. They've gotten really bad about that on the servers.

I rate Trend Micro support three out of 10. Their technical support is challenging. The support's good once you get to the second layer, but they don't read what you write. They auto-respond by telling us to give them the logs. 

Every time, I need to send them a written statement with my product license ID and that I'm the contact authorized to do a support ticket. About 75 percent of the time when I open a support ticket, I immediately email my customer service satisfaction manager person with the ticket number so they can help move it along.

Negative

I was using Sophos three years ago. I've looked at many of the feature sets out there, and they might be 80 percent of what Vision One has, and some might be better, but Vision One is price-competitive.

Deploying Vision One was a pain because of the automated removal tool. In the antivirus world, they try to make it difficult to uninstall people's defenses because that's what an attacker would do. However, all the competitors are making tools to uninstall their competitors' tools when they win business. That's directly counterintuitive to the whole point of the antivirus. 

We went through a process of trying to do this in an automated fashion to replace the old product, and Trend didn't quite do it right. Trend had a real struggle toget their own tool to fix it. 

We use it as a SaaS, so we have a gateway integrator on the server on-site, but the product sits on all my endpoints. In that aspect, it's on-prem, but all the processing, reporting, and everything else happens in the cloud. We had it 75 percent deployed in 45 days. That last 25 percent took us another four months.

I work at an underfunded public school district. I need a whole team, but there is only me. I used to have a security analyst until that position moved around, and
my ability to use the product has been drastically reduced. I miss much of the value of what I'm paying for because I don't have enough staff to use it. I wouldn't need more than one if that was their whole job. 

It's not a totally elegant solution that always feeds and cares for itself. We have to check if it's doing its updates properly. It doesn't tell us, for example, that 2,000 devices haven't been updated or checked in. I have to go proactively looking at it.

Vision One's pricing is extremely competitive. They're probably the lowest-cost provider that has this feature set. 

I rate Vision One seven out of 10. Make sure you learn the 90 percent of stuff in there that you didn't know you bought and preestablish an escalation contact for support tickets. 

I use Trend Vision One for Total XDR and endpoint protection as an all-in-one security solution.

One of the best decisions we made was choosing Trend Vision One. It has transformed our entire security and cybersecurity landscape, providing a one-stop solution to manage everything efficiently and effectively.

One of the most valuable features is Cyber Risk Exposure Management.

There is room for improvement in leveraging AI technology to protect against emerging AI-based threats.

I have been using the solution for two years.

We previously used an outdated and inefficient Trend Micro system, which caused high security risks.

This is not a competitive price — the costs are on the higher side. However, I don’t regret it, as it can help save significantly in other areas. The only disappointing aspect is that every time new features are adopted, additional credits are required, which could push the budget over. This practice should really be reconsidered by Trend.

I also evaluated CrowdStrike as an alternate solution.

Trend Vision One is a five-star product.

My primary use case for Trend Vision One is for application device control, web reputation services, and malware scanning, as well as providing a remote malware scan option. I also use it for log inspection and endpoint identification.

Trend Vision One helps save us time.

I am satisfied with the security Trend Vision One provides for our cloud environment. It effectively identifies threats by regularly inspecting logs to establish a baseline of normal operations and reports any detected anomalies on the console.

Trend Vision One offers good visibility and control over our environment, providing valuable telemetry into network traffic.

Trend Vision One offers comprehensive insights into our infrastructure, allowing me to identify unmonitored endpoints, such as those without the software installed, which I can then verify through the console.

Trend Vision One allowed us to consolidate the Apex One and Deep Security consoles, which were previously used separately in our on-premises environment.

Trend Vision One offers superior integrations, enhanced tool capabilities, and expanded solutions for network security, firewalls, and remote malware scanning. Its ability to identify unmonitored endpoints and perform log inspection, which establishes operational baselines and detects anomalies, proves invaluable for threat identification. The platform's comprehensive reporting capabilities further enhance its value in maintaining a secure environment.

Trend Micro could improve its support for non-third-party products and product integrations. Technical support in our region needs improvement.

I have been using Trend Vision One for approximately one year.

Trend Vision One effectively scales to accommodate our workloads.

Trend Micro's support is suboptimal in my region, likely due to proximity to their resources, favouring areas closer to the company. Consequently, we utilize local support providers who offer better service.

Neutral

The deployment usually takes an hour, more or less. Trend Vision One was easier to deploy than other tools when integrating with the cloud environment.

We have a local vendor that provides support.

Trend Vision One is cost-effective because it offers detailed reporting and environment control features.

I would rate Trend Vision One eight out of ten because every tool needs improvement. Trend Micro has some low-cost services and minor areas for improvement.

Trend Vision One provides regular updates according to customer needs.

I would recommend Trend Vision One. There is flexibility, and their credit system is quite effective. 

Public Cloud

Other