Trend Vision One Reviews

The reason we invested in Trend Micro XDR was to consolidate security operations and monitoring. On top of that, we invested in their managed detection and response service, which they can provide on top of the ETA service, which makes our lives easier. You can say that with it, we need fewer hands.

We're able to gather a more simple view of what was going on in our infrastructure. Before this solution, we used a SIEM system. Trend Micro XDR made monitoring more simple, and we trusted them as a security partner.

It definitely has improved our visibility of all of our ongoing items in the infrastructure. We can get a good overview of what's going on across our network and what our security looks like.  

Having everything under one management console and having them monitored from one place is the most beneficial.

It saves time and we do not have to invest in a lot of products to meet all of our use case needs.

It's quite simple to monitor everything under one console. It makes life simpler for our operations team. 

We have the solution everywhere, including email, network, endpoints, and cloud. This is important to have this coverage. As a former incident response analyst, having visibility everywhere is really important. Having everything correlated into one place increases visibility.

We have centralized visibility and management across our production layers. They are also improving that from month to month. It's important for us. In security operations, the fewer places you need to go to have a look around, the easier it is. Back in the day, we had to open ten different consoles. Now we just open one. 

The most important thing for us as a customer is that we can spend more time in other places as it's simpler to have that overview. We have much more time for other tasks. 

We use the solution's executive dashboards. We like that we can drill down from the dashboards into XDR detections. It helps the C-suite understand. However, it also helps us drill down by allowing us to choose which views we want. 

We have a trial version of the Risk Index. We have a daily look at it and it gives a nice overview of our vulnerability management and what the attack surface looks like. It helps us prioritize our daily tasks. 

The Managed XDR service was great. It helped quite a lot. We had to get used to working with them and they with us, however, now it's quite an easy task and the advisory and alerts we get from them have been helpful. The availability to work on other tasks has helped us improve in other areas. It's positively affected our business. Having this product means that we are improving in a lot of different areas that we also need to focus on. They can do the monitoring better than we can do it ourselves. We don't have the manpower to do it on our own so it helps a lot to have them help with management.

We use the Attack Surface Risk Management capabilities, which are also in the trial period. It's absolutely helped us to identify blind spots in our environment. It made us realize that, for example, users were using their work email for private services such as Netflix or other services that, if they had a data breach, would be an issue. With this, we can reach out to those users and explain to them how to act on the Internet, not to use your work email for private services, et cetera.

It's helped decrease our time to detect and respond to threats. It's likely 80% faster now. It's also helped us reduce the time we spend investigating false positive alerts. They do a lot of the initial work for us and come back with the actions we need to do on our part (if any). It's helped us reduce false positive investigations by 50%.

We're using some of the automation capabilities of XDR. It's helped us save time. At the moment, it's likely helped us save 20% of the time we'd normally spend on manual processes. 

They should increase their potential for third-party integrations. We'd like to see integrations with other IT security vendors that are not currently there. 

I'd like to see central management of all products.

I've been using the solution since it came out, essentially. I've been working with it for eight or nine years.

The solution is quite stable. 

We don't have branch offices, however we have 2200 clients and 800 servers. 

It is easy to scale if you are a bigger organization. We do plan to scale further in the future. 

We have Service One, which includes three-year support. It is 24/7/365 support and they are quite good. 

Positive

Before Trend Micro, we used Splunk. The use case and monitoring were easier with Trend Micro. We found it easier to fulfill our needs using Trend Micro. 

I was involved in the deployment process. Some of it was quite complex. Unfortunately, we had an on-prem environment that wasn't well taken care of. The migration was hard, however, that was more our fault. It could be easier to migrate, however. 

It took us about nine months to fully deploy. 

We already had some products in the cloud, however, we needed to migrate all of our endpoints. The on-premise agent needed to be placed in the cloud and we had some problems as some clients did not have an opening to the internet, et cera. There was some preparation we needed to do. We needed to do some upgrading before migrating. 

There were two to four people performing the implementation. 

The solution requires maintenance and we have a person that manages that. 

We had help from Trend Micro professional services. 

We have noted an ROI. Having them monitor our IT solutions allowed us to have fewer people on the team. It's saved us in man hours. 

The solution is affordable. You do need to pay additional fees for some of the functionalities.

We also evaluated Microsoft's solutions. 

I'm a customer and end-user.

We realized the benefits of the solution pretty fast - within a couple of weeks. We knew the benefits beforehand which is why we chose Trend Micro. The possibility of having the solution monitored by the vendor itself was quite helpful. 

I'd rate the solution nine out of ten. 

I would advise others to prepare your needs beforehand. If you know those, you will know Trend Micros is the right fit for you. It's great. If there's a problem with central management or monitoring, Trend Micros is quite useful. 

We use Trend Micro XDR for endpoint detection, endpoint user protection, and virtual security.

We have deployed Trend Micro XDR across our entire environment, which is important for our organization's threat detection capabilities.

We use Trend Vision One to monitor our environment 24/7. Centralized visibility is very important to me and my management. In addition, management wants to see centralized dashboarding. This is very important.

The centralized visibility and management across our protection layers have improved our efficiency.

The executive dashboard is important to our organization. I use the dashboard each morning and evening.

Trend Micro XDR has helped our organization improve its defenses against external and internal threats.

The Managed XDR service has positively affected our team's workload by providing 24/7 monitoring. This has saved our team 20 percent of their time to focus on other tasks.

The time to detect is under one minute.

The proactive approach is the best feature. When Trend Micro XDR detects a virus in our system, it stops it and secures our branches.

The centralized dashboard has room for improvement.

I have been using Trend Micro XDR for almost two years.

Trend Micro XDR is stable.

Trend Micro XDR is scalable.

The technical support is good. We receive a response within ten minutes.

Positive

We switched to Trend Micro XDR from Kaspersky because it is a better product and we have not faced any issues.

The deployment took one week and required a few people to complete.

Trend Micro XDR is expensive.

I would rate Trend Micro XDR ten out of ten.

We have over 100 Trend Micro XDR users.

I primarily use the solution to prevent attacks. 

It's good for detecting malware and anomalies. We use it on our endpoints. 

The user interface is very good. Everything is all on one single platform.

With this product, we get centralized visibility and management across all of our protection layers. With a central platform, we don't have to look around across different websites or platforms. We can go right on the portal and manage things. It also helps us reduce the learning curve. We can manage and monitor products from the same place instead of learning different platforms. It's also helped us increase efficiency.

We have made use of the executive dashboard. It greatly increased visibility. We get a risk management view and metrics that help us narrow down and find issues. It helps us reduce risks. The risk index feature gives us a score to help us in our security goals. With it, we know what's the baseline or standard, so now we know what we need to do in order to meet the standards out there in the industry. We can see everything we need to in one glance. 

It's kept up to date and is consistently improving. This helps us protect our environment. 

The patch management has been very useful. They help recommend what needs to be installed.

We leverage the attack surface risk management capabilities. It shows the entire incident, including how it happened. We can use the information when we're doing forensics.

We've been able to reduce our mean time to detect and mean time to respond. What would previously take us two to three hours to fix, we can do in one hour or even half an hour. We've also been able to reduce the amount of time we spend investigating false positives. 

We'd like to see more use of AI around analytics and controls. 

I've been using the solution for five years. 

The stability is good; I'd rate it eight out of ten.

We're a small-to-medium-sized company. We have it deployed to less than 5,000 users. 

I'm not sure of the scalability. It works for us and our company size.

Support is okay. They could be more responsive and could provide more communication channels. 

Positive

We did not previously use a different solution. 

I'm more of an end-user. I do not handle the installation aspect. The deployment was done a long time ago. 

The tool does not require much maintenance. 

I'm not familiar with the exact pricing of the solution. My understanding is the licensing is reasonable. 

I'm an end-user and customer. 

I'd rate the solution eight out of ten. It has very good management and monitoring benefits. 

We use FireEye, Microsoft Defender, and Trend Micro for our endpoint solutions. Trend Micro.

We implemented Trend Vision One because we have many production servers and wanted to secure all endpoints.

We are planning to move our XDR to the cloud, but all of our production servers are currently on-premises. 

Trend Vision One's ability to cover all our servers is important because we can detect and quarantine any vulnerabilities as well as block and isolate third-party applications from being installed on our servers.

The centralized visibility empowers us to monitor and manage all our servers from a single console. This includes generating reports, deploying security updates, and identifying offline or outdated servers.

The centralized visibility and management across protection layers have helped increase our efficiency. We receive alerts and make changes all from one place.

Trend Vision One helps us protect our servers, specifically our older servers that are not supported by Microsoft.

It has reduced our time to detect by 50 percent.

Trend Micro XDR has reduced the time spent on false positive alerts by up to 40 percent.

The zero-day vulnerability is valuable. As end users, we may not be aware of exploitations and Trend Micro makes suggestions to update to protect our endpoints from attack.

The automation capabilities on-premises could be improved, as we currently have to manually activate servers and push policies.

I would like the uninstall process of agents to require two-step verification.

I have been using Trend Vision One for ten months.

Trend Vision One is stable.

Trend Vision One is scalable.

The technical support is good but we sometimes face delays because they will only respond to our partner who then relays the information to us.

Positive

The migration from on-premises to the cloud allows us to access the cloud and on-premise servers from the cloud. The migration is not complicated but some rule-based ports require a lot of approvals and assistance from our network team.

The migration can be done in a few hours if all the ports are available.

Two people are required for the migration.

We used a third-party service from JVS for the migration.

I would rate Trend Vision One a nine out of ten.

For the on-premises deployment, maintenance is required because we have to manually check the connectivity of the agents. One person is required for the maintenance.

I recommend Trend Vision One, especially for older servers that are not supported by some other endpoint solutions.

Each component that we have purchased from Trend Micro has its own unique value set. But as CISO, the most excitement in my day is when a Zero Day initiative lands. It's one of those things that, by nature, you're generally not prepared for, and the initial reaction of the security team was, "What are we going to do about this?"

When that happened, I suggested we look at our Trend Micro IPS and see if there are any vaccines related to the particular Zero Day, and there were. We enabled those vaccines and we could see, using the ExtraHop appliance, that the issues we were seeing before had been remediated. That particular experience was a predictor of what was to come. Since then, on almost every occasion, we have had a mitigating response in our arsenal to any type of Zero Day attack before the attack actually occurs.

And even when we got into a situation like Log4j and there wasn't anything in our arsenal to deal with it, we called Trend Micro, and they said, "Yeah, we're delivering it right now, but you'll have to install it manually." And I was thinking, "I'll install it while upside down if I have to, but the bottom line is just get it over here." We deployed it and—problem solved. I believe they own that VDI initiative and it's really good that they're so close to it. That is something that has really really made my life a lot easier. Running around with your hair on fire is not fun.

In essence, it has allowed us to get a handle on our security initiatives and planning, and construct security over the long term. We've been working with them for at least ten years.

Their toolset integrates well with our existing infrastructure. It integrates well with our AT&T AlienVault SIEM.

Another piece that makes Trend Micro kind of unique—and I could see where they might have had a problem kicking the whole thing off—is that they were one of the companies, early on, that spent a lot of time integrating their toolsets, and I was really impressed with that. That meant the endpoint management system could reach out to the Deep Discovery system on the network and pick up something that it perceived as a suspicious object. It could then sandbox it and monitor it. If that suspicious entity reached out for command and control or did something nefarious, the endpoints would be alerted and would start getting rid of the problem.

The issue this addresses—and it's one of the most important issues—is that you really have to consider automation and be conscious of it. Because when the stuff hits the fan, you're not necessarily fast enough, as a human being, to get everything done the way it needs to get done—and document the process.

You might not think about that last piece so much when you start doing security engineering. But when you get into a big healthcare company like ours, there are audits going on all the time. The auditors will want to pick out two or three events that you've dealt with and say, "We want to see the audit trail," et cetera. As a result, there are advantages to the integration of Trend Micro's disparate toolsets.

Trend Micro has worked very hard on making their toolsets, like IPS, Deep Discovery, Deep Security, et cetera, talk to each other and work together. And they're still doing it today.

They have made their IPS an application rather than an appliance. You install it on the endpoint, which is a server in your data center, and it will actually configure it to a minimal standard. That means the applications and the version of the operating system you're running, right down to the colonel version, get only the tools installed that are needed for that particular instance.

They minimize the installation because they don't want you looking for bugs and indicators of compromise that you're not in a position to experience because you're using an operating system that isn't vulnerable to them. That gets rid of a lot of overhead when it comes to server management. They keep in mind that these are servers that have a job to do. They're not just desktops, and if they're eating up a lot of the CPU, that's bad for us because we're out to do business and make money. We've never had a problem with them. It's really reliable, once you get it set up.

When you deploy these tools from Trend Micro, the integration and getting them to work together, are among the more difficult pieces of the puzzle. But when you get that set up and working, you're glad you did.

When you manage a security department for a number of healthcare organizations and deploy security into their environments, they want it done today. And they certainly don't want to be bothered with it over the course of a few weeks. We've been in our Cloud One migration for a couple of months now and it isn't our only project. We've got a lot of things going on here and at our subsidiaries, for which I'm also the CISO. It's very busy. We don't have time to sit down and work on projects just for the sake of having the resources to work on them.

When we invest the time to integrate disparate resources, appliances, and applications, we do so with the idea that we're going to get something out of it that is worth more than what we put into it. In each and every case, that's what has happened with Trend Micro.

Still, a lot of folks I know have adopted their technology but have not integrated it. The endpoint management tool sits on the endpoint and manages it, but it's not fully integrated with, for example, the sandbox. So it would be nice if they could simplify the integration process. And I would like to see better documentation.

Another point is that, with Vision One, there were issues that we experienced with the IPS and EDR technologies when we first got it. We had some difficulties figuring out how to make it dance. Once we figured it out, we were okay.

The remediation they put in place for that was to increase the number of presentations they did on the software, presentations where they answered questions. We attend one about every two to four weeks with Trend Micro to go over things, and it's not just us. There are 70 to 100 people in those meetings. They figured out that, while it's okay to build reasonably complex systems, at some point you have to pass the knowledge along to the end-users. That's not always easy to do. Most companies operate under the mindset that, "Well, we understand it, why don't you understand it?"

We started the integration of Trend Micro Vision One three or four years ago.

Trend's gear is very stable and reliable. In this business, it almost has to be because, if your system goes down frequently, you just don't have time to mess with it. In the years we've had their IPS deployed, and that's a complicated product, we may have had one or two failures. And as I recall, it was something in a power supply. If your primary failure is something to do with a power supply once every ten years, you're in good shape.

It's the same thing with all of their technology. The way they design it, just keeps running and that's not necessarily always the standard in the industry. For example, I finally had to abandon IBM's IAM solution because it was so bad. It would just break. We don't have those problems with Trend Micro. Their stuff just works. It's really good and well-designed.

It's reasonably scalable, but remember that, as you're scaling out, some of the components need to be scaled while other components just need to be reconfigured. You don't want to be paying for what you don't need, meaning you don't necessarily have to double everything. When you scale out, you have to give it some thought.

Their tech support people are better than most. In my career, I have seen it all. But Trend Micro support is really good. They're the best vendor I have for support.

Anytime we've had an issue with their gear, they have been prompt and have gotten on it and gotten it fixed. And if they can't fix it, they replace whatever they have to replace.

Another aspect with Trend Micro that is really good is that they listen to what you say. If you come up with a use case that they don't currently have, they'll add it to their repertoire and, a couple of updates down the road, there is that tool you needed. It's just a well-driven and well-run company when it comes to that side of things.

For example, in the beginning, using the dashboard was a little bit tricky. But the cool thing they did was to hold biweekly meetings on it. They would not only go through use cases, but at the end they would ask, "What else would you like to see? How would you enhance this?" Once the CISO community got a hold of that, they were coming with their guns loaded and saying "I'd like to see this and I'd like to see that." And Trend Micro started knocking out the ones that made sense. As of today, it's a completely different ballgame than it was back then. They're constantly upgrading their platforms.

And they don't absolutely have to do large releases to get things into the users' hands. They'll build something out and say, "Hey, we've included this. Try it out and let us know what you think." Most companies would say, "That feature will be in Release 5 and not until that release. Release 5 is slated for May, but it probably won't be out until October." Trend Micro is not like that and we appreciate that.

Positive

We go back quite a way with Trend Micro. When I first met with them, it was a sales guy at Torrey Pines resort who was meeting with individuals. A bunch of CIOs and CISOs were brought together there and put up for a few days to meet with various salespeople. It was a "getting-to-know-you" event and I did it every year. One of the sales guys was from Trend Micro and I didn't know anything about them but I was impressed with his presentation. I thought to myself at the time, "Keep this one in mind. Think about this a little bit."

About a year or so later, when, at the time, we were using the IBM endpoint suite, IBM decided to take it down. It had about five different toolsets, one of which was IBM BigFix, which is a patch management solution that we still have.

They said that if you want to replace them with what was called, at the time, Trend Micro OfficeScan, you can, and we did. When we migrated to OfficeScan to replace the endpoint piece, we realized that the other IBM pieces were all up in the air except for BigFix. We then just blocked out IBM tools for Trend Micro tools, component by component. That worked out really well for us because the Trend Micro toolset was a lot more comprehensive than the IBM tools. And it integrated well with our BigFix infrastructure. It all just worked together. It was a no-brainer. Trend Micro built much better security systems than IBM did.

Once we had OfficeScan in place, we started talking about purchasing an IPS. I generally do a proof of concept when I'm going to purchase something. Trend Micro's TippingPoint IPS system was included in the eval. What I found is that it's not only the best product, but it has the best product support and that really makes a difference.

We're using Trend Micro on just about every front that they work on. They've been a tremendous partner for us, really good.

When we first kicked off the security department here, one of the problems we had was that we were chasing malware up and down the wire. We had McAfee endpoint management software and antivirus at that time, but we couldn't run it because, if we did, it would eventually eat up all the CPU and tip over the desktop.

We were looking for a replacement for that. We took a look at Trend Micro's Vision One technology and we found that they were deeply interested in what they refer to as attack surface management. It integrates the Trend Micro EDR tool that we had and turned it into something that can trace backwards. It could not only detect that an event had occurred, which is what we used to get, but now gave us information about what led up to that event. What sequence of events happened in our platforms that led up to it? We could trace it backwards, and that's the XDR component. They replaced the EDR component and that's when we got into business with Vision One.

Since then, we have deployed the Deep Security and Deep Discovery components. in addition to their IPS TippingPoint and their endpoint. We also have their email security solution in place.

The Deep Security toolset sits in your data center on every server instance you want protected. The operating systems Trend Micro supports are Windows, Linux, Solaris, and AIX. And what do we deploy in our organization? Those four operating systems. I thought, "That is like a message from God himself." I was taken aback by that.

And right now, we are migrating into their Cloud One environment. That takes it to the next level and allows us to take advantage of the analytics that exist in the cloud without having to set up all of the infrastructure to support it. Everything we have remains as is, on-prem, but everything now reports up to the cloud, and that information is enhanced and further aggregated into more meaningful data, which then comes back down into our purview. That's what the Cloud One approach is all about.

They are a pretty cool company and they're really well organized and well managed.

The initial deployment is always the toughest because you've never done it before. You're going to run into issues that you aren't familiar with. As you go from OfficeScan to Apex One, to Vision One to Cloud One, it gets easier every time you do it because you know what's coming.

By then, you already have an established group of people who support you, and who have been supporting you for some time. You're familiar with working with them, you know what to expect and how things are going to roll forward. And you pretty much know what the time frame is going to be. That part is all good.

Vision One is on-prem. We started building data centers a long time ago and I had the honor and privilege of doing that. We built out redundancy at the data center level so there are two of everything. And then you think, "Well, what happens if something happens to the data center?" So we built another one. And then we realized we wanted it somewhere else because we get enough earthquakes in Southern California to know that nothing is safe here. As a result, we built one out in Arizona and we mimicked what we had here and then whammed it all together. So we can fail over here or to the Arizona facility. We essentially have two private clouds that we manage. That got us to where we were about a year ago.

And then, suddenly, there was the idea of moving up into the cloud. We did start working with Azure and AWS to move items into the cloud, but there were some issues with that too.

For example, if we build out a big piece of infrastructure in our data center, we purchase the hardware and then deploy it. All of that hardware is CapEx and you can write off the cost of most of it over a period of years. When you move into the cloud, you don't get that break, and if you're taking advantage of somebody else's infra, they're going to be charging you for that service. While I'm no expert on the cloud, we have put together some cloud-based applications, but, from a financial standpoint, it is really expensive. You don't get that CapEx back into your pocket like you do when you're putting together your own data centers.

Our management still wants to put more stuff up in the cloud, so we'll continue to do that, and Cloud One allows you to do that with the workload security features.

We did it all in-house. I found someone who had already worked in security, within our company, and brought him onto my team. If you can find somebody who has already done this job and understands it, then not only can you have them deploy it immediately, which takes that piece off the table, but they are in a position to start learning other things because they already know the infrastructure that you're deploying really well. At every opportunity that I had to grab somebody who already had experience, and was good with what they did, I did so. It helps to get experienced people.

I've always felt that automation and the integration of platforms were going to be the key to this. 

The reason I felt that way was that I didn't go into security when I got out of school. I was fortunate enough to get a job at the NCR Systems Engineering division. I built and designed microprocessors, and then I built operating system software for the microprocessors. I was exposed to a lot of what's going on in the bowels of the beast. Although the beast changes from company to company, you have an idea of what's actually going on.

I then started my own company and what I learned was that integration of elements is key to your success, as was automation. You need to automate solutions because you don't want a bunch of people trying to fix things if you can automate things and take care of problems.

When we look at the logs from the IPSs, for example, they're blocking hundreds of thousands, and sometimes millions, of packets a day. If we were allowing those packets in, I don't know what would happen, but I don't think it would be good.

Also, I don't have a big staff under me. The idea that, as a chief information security officer, you're going to get a couple of hundred people to go work on things is just not going to happen. So you really have to set things up and configure them for automation, and any kind of alerting has to point to the problem rather than tell you where to start looking.

They have a new pricing method and we haven't been pulled into that yet, which I'm grateful for. It's tough enough dealing with dollars, but with their new solution—and I'm not up on it because I haven't used it yet—you buy tokens or some kind of points and you purchase things with them. We haven't gone there. We stayed with what we had.

From a pricing standpoint, they're a really good negotiator and they'll work with you. At the first Trend Micro conference I attended, there was a presentation to their sales team and they were told, "Do not worry about making money. Just make our clients happy, and the money will come." They're good at that and a lot better than most companies. It's always good to have a good partner.

We looked at the new stuff that IBM was coming out with, which wasn't that new, so they didn't get very far in our evaluation. We also looked at McAfee and another company that was a startup at the time, although I don't remember its name.

I had three or four vendors in for PoCs, and I asked each one of them for someone to support the effort, and to give me about a month. By the time I was done, I not only got the best product, but the best vendor too. The support has to be there during that process or they're not going to win the day. Some of them were as bad as, "Here it is, let us know how it fares." And I was thinking, "Well, I may have a few questions between now and then. I hope somebody is on the phone to answer them," but you don't always get that luxury. But Trend Micro was really good and that's why I stuck with them.

We use the solution for event correlation.

We are deploying a server inside our network to use it as a data collector.

The solution provides all the information in only one dashboard. We have integrated with Lumen, NETSCOUT, and other MDM products such as Microsoft Intune and ManageEngine MDM. We have also integrated Chrome with VisionOne.

The login system could be improved. We must pass two different dashboards to log in to the solution. We have a second-factor authentication. We need to check the platform, which delays three or four minutes because of logging, checking email, and returning to the platform. If you multiply the entire team, we lose a lot of time daily.

I have been using Trend Vision One for two years.

I rate the solution’s stability an eight out of ten.

I rate the solution’s scalability a nine out of ten.

We have used Symantec before. We switched to Trend Vision because Symantec cut off support for Windows XP. We still have Windows XP in our environment.

The initial setup is easy because our assets are in interactive directory.

We’ve seen ROI because we controlled a malware attack in our network with Trend Micro two weeks ago.

We have tried other malware solutions. We chose Trend Vision because it supports Windows XP.

Overall, I rate the solution a nine out of ten.

Our primary use case is protecting our environment from malicious threats with antivirus protection. Additionally, we utilize Trend Vision One for its integrated solution, providing comprehensive visibility across the entire environment.

The organization implemented Trend Vision One to support best practices.

Trend Vision One is essential to our organization because it provides comprehensive security coverage across our entire environment, including email, network, and endpoints.

Trend Vision One offers centralized visibility and management across all protection layers, which is crucial for comprehensive environmental protection. This holistic approach empowers the SOC team to perform their duties effectively.

The executive dashboard is handy.

The risk index feature helps us identify issues and where to improve our environment.

The solution has improved our quality by enhancing the visibility into our estate and our ability to manage risk.

The consolidated security features of Trend Vision One improved the efficiency of our SecOps team by simplifying their workflows.

Improved asset visibility and enhanced risk management capabilities have raised our overall quality.

Trend Vision One offers centralized visibility and management across all protection layers, providing a holistic view of our environment and enhancing visibility across the entire infrastructure.

Trend Vision One would be enhanced by incorporating an SIEM solution as a built-in feature. This integration would streamline functionality and eliminate the need for us to acquire and manage separate SIEM solutions.

I have used Trend Vision One for over ten years.

Trend Vision One's stability is rated a six out of ten due to compatibility issues with other solutions and endpoint security interference.

The solution is scalable and there have been no issues with scalability.

I would rate Trend Micro's customer service an eight out of ten. While I experienced some minor issues, these are common with any technical solution.

Positive

We have not really seen a return on investment from this solution.

While the pricing and licensing for Trend Vision One are generally acceptable, the need to purchase additional features separately adds complexity. A single, comprehensive price for the entire solution is not available.

I would rate Trend Vision One seven out of ten.

Trend Vision One is deployed across multiple departments in our organization.

Trend Vision One requires maintenance.

We use Trend Vision One for real-time analysis and monitoring to identify the root cause of security incidents. This includes finding details like how the attack unfolded, user names involved, IP addresses associated with the attack, and the affected systems and devices. By analyzing this information, we can map out the entire attack flow chart.

The network coverage provided by Trend Vision One is important.

Trend Vision One is an XDR tool so it is important for us that it provides centralized visibility and management across protection layers.

Centralized visibility and management across protection layers enable real-time monitoring, which improves our efficiency.

While the Trend Micro Vision One executive dashboard provides a valuable overview, the ability to drill down from that level into the XDR detections is crucial. During a real-time attack, this drill-down functionality is essential for identifying the root cause, prioritizing the threat type, and ultimately finding an effective solution.

Trend Micro Vision One's greatest strength lies in its real-time monitoring and analysis capabilities. This allows for the seamless blocking of malicious URLs and attacks.

The managed XDR has saved us time allowing us to focus on other tasks.

The managed XDR helps us detect and respond to threats in under five minutes. It will display all the details in a single, unified view, including any alerts, trends, usernames, and everything else relevant. By simply looking at the tag data, we can get a complete analysis. This eliminates the need to switch between different screens and saves us significant time. For example, if we see a flag, we can immediately understand its meaning and the associated location without having to search for it elsewhere. Having all this information on a single page is a huge time saver.

Trend Vision One helps reduce the time we spend investigating false positives. The more we familiarize ourselves with the tool the easier it becomes identifying false positives. The time saved by identifying false positives depends on the type of alert. In some cases, we only deal with simple attacks, such as brute-force password attempts, followed by alerts for unusual login failures. These are common attack methods. We can then determine if the user was trying a different password, mistyped their password, or there's a mismatch. In such cases, identifying a false positive can be relatively quick, taking only one to two minutes. 

I appreciate the value of real-time activity monitoring. It provides accurate data, giving us a clear picture of what's happening, including who attempted an attack, their location, and any other details we need to mitigate the threat.

While blocking an IP address restricts access for 30 days, it eventually becomes accessible again. For true permanence, blocked IPs need to be transferred to a dedicated storage solution. However, this storage has limited capacity. To accommodate new blocked IPs, we must remove existing ones, creating a disadvantage that has room for improvement.

I have been using Trend Vision One for over 1 year.

Trend Vision One is stable.

Trend Vision One is scalable.

We previously used Palo Alto's Cortex XDR. However, we switched to Trend Micro Vision One because it's more user-friendly. Trend Micro's interface allows us to better understand the features and processes, enabling us to achieve the desired results more easily. Cortex XDR, on the other hand, was more complex to navigate.

The solution has delivered a return on investment through time savings.

I would rate Trend Vision One 9 out of 10.

Maintenance is required but it is easy to do.

I would recommend Trend Vision One to others. I suggest completing training before using the solution.