Trend Vision One Reviews

I did a POC with Trend Micro on our servers. We were testing for detection capabilities. We wanted to use it for security protection.

Once we deployed the solution into our organization, we were able to view logs. From there, we could handle detection. 

The detection was very good. It helps with threat hunting. 

Its interface is good. We were able to find logs easily.

It's been working well on our organization's network. I'm satisfied with the level of coverage. The policies have been very useful and detailed. 

We use the solution's executive dashboard. We actually have two or three dashboards. It helps us spot vulnerabilities. 

It's helped us reduce workloads. By getting logs, we could reduce detection time. The threat hunting became easier. We're still working through a POC, so I can't speak to if it will enable us to work on other tasks. We're still testing. 

The solution has helped us to decrease our time to detect and respond to threats. We can respond to threats in half an hour to an hour.

When an incident occurs, it will detect the incident within half an hour to an hour. I'd like to see alert time reduction so that they show up on the dashboard faster. 

I've been using the solution since 2021. 

The solution is stable. 

I've never tried to scale the solution. For my purposes, it's fine. I can't speak to how scaling would go. Likely, it can scale. 

I've been satisfied with the technical support. They are very good. 

Positive

To deploy the POC takes less than one week. Implementing the cloud is fast. It's not complex to set up. 

The pricing is expensive. Most organizations cannot afford XDR. 

I don't deal with the licensing directly. 

I've looked into other solutions, like Cortex. Trend Micro offers good visibility. I prefer Trend Micro. It's good. I like the useability. 

I'm an end-user.

We have yet to use the attack surface risk management capabilities. I only downloaded the sensors and installed them on the current phones and servers. We've only done this in the last week. 

I'd rate the solution nine out of ten.

Our primary use case is protecting our environment from malicious threats with antivirus protection. Additionally, we utilize Trend Vision One for its integrated solution, providing comprehensive visibility across the entire environment.

The organization implemented Trend Vision One to support best practices.

Trend Vision One is essential to our organization because it provides comprehensive security coverage across our entire environment, including email, network, and endpoints.

Trend Vision One offers centralized visibility and management across all protection layers, which is crucial for comprehensive environmental protection. This holistic approach empowers the SOC team to perform their duties effectively.

The executive dashboard is handy.

The risk index feature helps us identify issues and where to improve our environment.

The solution has improved our quality by enhancing the visibility into our estate and our ability to manage risk.

The consolidated security features of Trend Vision One improved the efficiency of our SecOps team by simplifying their workflows.

Improved asset visibility and enhanced risk management capabilities have raised our overall quality.

Trend Vision One offers centralized visibility and management across all protection layers, providing a holistic view of our environment and enhancing visibility across the entire infrastructure.

Trend Vision One would be enhanced by incorporating an SIEM solution as a built-in feature. This integration would streamline functionality and eliminate the need for us to acquire and manage separate SIEM solutions.

I have used Trend Vision One for over ten years.

Trend Vision One's stability is rated a six out of ten due to compatibility issues with other solutions and endpoint security interference.

The solution is scalable and there have been no issues with scalability.

I would rate Trend Micro's customer service an eight out of ten. While I experienced some minor issues, these are common with any technical solution.

Positive

We have not really seen a return on investment from this solution.

While the pricing and licensing for Trend Vision One are generally acceptable, the need to purchase additional features separately adds complexity. A single, comprehensive price for the entire solution is not available.

I would rate Trend Vision One seven out of ten.

Trend Vision One is deployed across multiple departments in our organization.

Trend Vision One requires maintenance.

It offers very good ransomware protection. You have more visibility on the network.

It helps with compliance. We are also well-protected from ransomware and network attacks.

It's improved our organization in two ways: we can have more visibility and have more confidence in security. We also have better reporting for regulatory compliance. 

The endpoint protection is the most useful. It's powerful. I've faced issues with other products regarding ransomware; however, with Trend Micro, I have no fear of network attacks. I have experience with consistent protection. 

Customers have NDR and XDR protection, and it's very good for protection. There are also regulations within our country that require us to use XDR. 

The centralized visibility is good. It's great for the IT team as they have to export reports to management for compliance. It helps with reporting. It's essential. 

The centralized visibility and management across protection layers helped our efficiency. We have a limited number of security engineers. With Trend Micro and its centralized dashboard, it will show everything we've learned and reflect reporting on the dashboard and this helps when you have a limited amount of users. It simply reduces the number of people that need to be involved in the security effort. 

We use the executive dashboards on both sides. We can drill down on them right into XDR detection. It's essential when we have an incident. If we need to know more about the threat, we need to know where and how they are attacking. We can drill down and get forensic data. 

The solution's risk index feature is very good. It comes out of the box. Our customers can use it. 

The product has helped us decrease our time to detect and respond to threats. 

It took some time to realize the benefits, as we had some issues with support. It took us three to four months to realize its benefits. 

The support should be improved. 

We'd like to see deception features in the next release. It would help us to reduce false positive alerts. 

I've been using the solution for seven years now.

The stability is good overall. 

The solution is scalable. You simply need the resources on the VM, and you can easily change your license. 

We've had issues with support. Their services could be improved. 

Neutral

I have used Fidelis and found you can control the endpoints better. They also have a deception module, which is very powerful. You can manage your endpoints perfectly. It also offers very good network visibility. I use both products. It depends on the customer's needs and approach.

I observed the deployment process. 

We had issues. It should be straightforward; however, with a customer, we faced a problem with technical support. It took us almost eight months to deploy. They had issues with the installation on the endpoints and on the network side. We had a problem with a few things, including use cases. 

The plan was to deploy in two weeks, and yet it took almost eight months.

From the customer side, there were three engineers, and from Trend Micro, there were one or two engineers working on the solution.

Almost every two weeks, there are maintenance calls. The customer has three people handling maintenance duties. 

The solution was deployed by support. 

The pricing is average. The costs are acceptable. It's good for small or medium-sized businesses. 

I'm a partner. 

We're using the latest version of the solution. 

I'd rate the solution eight out of ten. 

For enterprise customers, I wouldn't recommend the solution. However, it's a good solution for small or medium customers. New users need to ensure they have the correct sizing and licensing. 

You need to talk to the right support engineers in order to have a smooth experience. 

I work with it as a third party in other companies. I installed XDR in other companies. And then, I help them understand the tool, help them with developing the necessary use cases, and understand, for example, how to do a threat intel, how to do a threat investigation, and stuff like that. Sometimes, I work with it as well by implementing it and actively using it in the customer's environment.

The workbench feature is excellent. It helps a lot with understanding how the environment is working and how the threats are working in their own environment. It helps a lot to understand where the threat is coming from, where it is going, how is it being dealt with, et cetera. 

We do not use XDR to protect a multi-cloud or hybrid cloud environment. I have other solutions on the cloud, like Apex One, the endpoint protection feature in the cloud. I have Cloud One Workload Security, which is protection for workloads and servers where the main console is in the cloud. I'm mainly using this to protect an on-premises environment. 

I've been using it for emails, for networks, endpoints, workload servers, et cetera. It has the ability to cover all of those. The coverage is really important. The integration between all those different tools and those different assets makes a big difference in understanding the analytics.

It provides centralized visibility and management across our protection layers. That helps in a lot of ways. For example, the fact that it has some centralized visibility means we can do searches between email addresses and an endpoint. We can take a workspace, for example, and do IPS detection in a workspace and understand from which endpoint something is coming. 

We use the executive dashboards that they have almost every day. Once we see an anomaly or something that feels weird in the environment, we can go straight to work, straight to the detections, and we can take a look at it to see what's going on. 

We use the Risk Index mainly to help us understand a customer's environment. We use it to get a brief overview of how the environment is, how high their risk is, and then, given the score that we've received, to understand what is causing this risk and then give them suggestions on how to take the score down.

We use the Managed XDR feature. It just basically collects the telemetry and sends it to the console so we can use it in other parts. It has helped a lot with the team's workload. The detection has been really, really useful. It helps a lot to rank where we should put our efforts. Sometimes we'll have to take a deep investigation into some of the stuff we see. Sometimes other issues emerge as we dig. It's helped in detection.

We use the risk management attack surface capability to understand the vulnerabilities and how high a risk something is in the environment. It can help with detection. It's helped us effectively identify blind spots. 

The product has helped us decrease time to detect. We've had some issues with a couple of our customers in which the XDR helped us easily detect an issue, and it was fast enough for us to be able to react and respond quickly in order to mitigate damages.

The web viewer could be improved. I've had some issues with it in the past. 

The zero trust is a bit complicated compared to other parts of the solution. 

Mostly, I don't have any issues with XDR.

I've used the solution for about three years.

I haven't had any issues with stability. There has been no crashing to lagging. We occasionally get informed about maintenance that may cause downtime. 

We've had no issues with scalability. 

I've contacted support in the past. They are pretty good. They have a high understanding of the platform and the solutions. If they need to escalate, it's easy to do so. 

Positive

We did not use a different solution previously.

I was involved in the installation. We have an agent installed in the endpoints or a sensor connected to the mail sensors. 

The initial setup is straightforward. You just click through with a simple connection. 

It doesn't require any maintenance on my end. 

We had about four people handling the implementation. We just had to have some credential access, and once the connections were made, we had to distribute the sensors throughout the environment. 

You need the whole platform to use XDR. However, there are some activities you don't need XDR to use. 

I'm not familiar with their pricing and licensing. 

We are an official Trend Micro partner.

We do not yet use the automation capabilities found in XDR.

I'd rate the solution nine out of ten. 

After implementing XDR, have a good understanding of how the workbenches work to create a decent playbook. Use the service gateway to your benefit. Connect your active directories, make connections, and use integrations with your firewalls. These third-party integrations are really good, and they help you a lot with your environment. 

I use Trend Micro XDR to centrally visualize threats and have a single-pane-of-glass view of my security posture. In a single console, I can have visibility of all the security threats that occur in each of my Trend Micro Security consoles.

The most valuable feature is the Workbench engine.

The integration with third-party tools and with on-premises Active Directory needs improvement. 

I've been using it for about three or four years.

I would rate Trend Micro XDR's stability at nine out of ten.

For scalability, I would give a rating of ten out of ten.

I would rate technical support at eight out of ten.

Positive

Trend Micro XDR's initial setup is straightforward. We have seven people who manage the solution.

It's relatively well-priced.

If you are considering Trend Micro XDR, my advice would be to take into account your endpoints, servers, scanners, workloads, and mobile devices. Include every device you would like to monitor and protect.

Overall, I would rate Trend Micro XDR at nine out of ten.

We primarily use the solution as security against ransomware as ransomware now has become the biggest threat for our customers.

Our central customer had a breach on the ransomware side. Even production is stopped by ransomware - which is why it's so important to protect against it.

The solution has similar features to Sophos. Every parameter security of Trend Micro sends the telemetry to the cloud. Then they try to analyze on the cloud. There's something like Deep Discovery for the sandboxing. Every parameter security will send the telemetry as well to the cloud.

The IPS prevention is great.

It's easy to set up the product.

The solution is stable.

You can scale the product.

It's affordable. 

Trend Micro doesn't have the next-generation firewall. They have the IPS TippingPoint, however, interms of the next generation firewall, Trend Micro doesn't have this as a part of their solution. 

We've been using the solution for three or four years. 

The solution is on the cloud and that makes it pretty stable. The accessibility of the cloud is better. They maintain the uptime so we don't have to worry about it. It's reliable. There are no bugs or glitches. 

The scalability is very good. Once again, being based on the cloud makes it very scalable. Right now, many, many people are using the product.

Most clients will start very simply with the basic functionality, like endpoint security. Then, they will move on to Deep Discovery for the sandboxing. Then they will move to another solution, like the IPS prevention system for the TippingPointing solution. Typically, they keep scaling and expanding to get more options and services. 

Technical support has been helpful and responsive in the past.

Positive

I Have also used Sophos, which does have a next-generation firewall. They are very similar solutions, however.

The implementation process is straightforward. It takes effect in eight days. For the Endpoint solution, it just depends on the number of endpoints that we deploy to customers. If it is small in size, like 50 to 100 endpoints, then it will take between ten and 20 days. If the endpoint number is around 1,000 endpoints, it will take more days to complete the deployment.

Typically, we have five to seven people that manage the implementation process. 

I'd rate the ROI at a four out of five. It offers good ransomware protection.

The pricing is okay. I'd rate it three or four out of five in terms of affordability. They are competitively priced. 

We are partners. We're also partners with Sophos. 

We are using the latest version of the solution. While we still use an on-premises version, most of the solution is now on the cloud. 

I'd advise potential new users to start using the basic check and move up from there. 

I'd rate the solution eight out of ten. 

I was team lead with incident responses and incident management. We used the solution for that.

We were already using Trend Micro endpoint, NGAV by Trend Micro, and we got that upgraded to the XDR version. There was not much of a change after that. The only good thing about upgrading to XDR from NGAV was, having those real-time logs and network activities in front of us.

My reviews with Trend Micro are somewhere average. I won't rate it as an excellent tool or utter nonsense. I won't rate the two extremes, however, I would say it's in between them. It was mostly fine.

XDR provided a much more deep view into what is actually happening.

The rest of the features were pretty simple. There's nothing glamorous about them, however, it works. Nothing much really stood out amongst what the others were giving and what Trend Micro was giving. They are all pretty typical.

The dashboard was pretty easy to navigate. It was pretty convenient and user-friendly.

Results were delayed. We had all the logs in our hands. We were pretty quick in giving out the results and coming up with a conclusion. Trend Micro was pretty delayed on that front, however.

Their turnaround time or the response to their MDR services was slow. While doing POC, we did MDR as well. They could improve the response time on that. That was my view back then, as it used to take a lot of time to get that case generated, get that case analyzed. In the end, we were more interested in the responses from the actual human analysts. Instead of having a machine-generated thing, we were banking on understanding how an incident is treated and how a response is being given. For us, for example, we were able to do our analysis and come to the same conclusion maybe four or five hours before we received Trend Micro's report. Almost all the results were identical.

There was one feature called Sandbox that I wanted to try on, however, at that time, they had not released it yet. 

Since last August, I have been working with another organization, so I am not sure how Trend Micro has developed within the last ten months.

I was never able to test the live response feature, wherein I could take access, remote access of the infected system, and send some commands to kill the processes, or maybe to grab the artifacts, to triage the artifact. By the time it came online, I was moving to another organization.

We'd like a bit of freedom or flexibility on the portal. If I'm the end-user, and I see something bad which might not be bad from Trend Micro's perspective, however, for my organization, was an abnormal activity.

Executing things via PsExec might be something that is normal for some organizations, however, for my organization, it is a highly suspicious thing. If I want to investigate that, having the flexibility for me to investigate it in a deeper sense would be ideal.

That was something that was not possible at that time. I don't know if they have given more freedom to Trend Micro admins. 

We'd love more flexibility in terms of implementing some of the configurations, estate-wise. That is something that I would have loved to see in Trend Micro.

I used the solution for a month and a half, maybe. Or six weeks.

The response time, the analysis, or the human part was something which was requiring improvement. From the tool perspective, there were a lot of things that were to be released at the time I was using it.

We used to see those on the dashboard. For example, the sandbox. They had a sandbox, just like what CrowdStrike does where you can have a license for the sandbox. You can run those EXEs or whatever files, or malicious artifacts through those sandboxes and get a result.

That was something that was under development, though it was being displayed on the dashboard as "coming soon". There were a lot of features that were to be implemented. It was notified to the end-user as "Okay, that these features are coming in, and we are not sure how long it will take." 

The trend lines were pretty extensive - like a year or maybe seven months, eight months. Those were the timelines for the actual deployment of those features into the dashboard. Therefore, it's hard to speak to the stability of the product.

The scalability is good. It was just a matter of installing the agent, which was pretty easy to deploy via a group update. Scalability was not an issue. The more licenses we purchased, the more systems we could get coverage upon.

There were endpoints plus servers covered. 

We were heavily dependent on them. The reason was, that we had Trend Micro NGAV and we upgraded to Trend Micro XDR. 

Their technical support isn't that great. 

I used to speak with their CSMs quite frequently. They used to take a lot of feedback from us, asking about how things were, as their detection improvement was something which, also we were part of, not directly, however, we had one more team who used to do VAPT.

We used to post those results and say, "Okay, this is what we did. We did not get any alerts from you. We did not get any communications from you. What if this was an active hands-on keyboard activity and we were under attack?" They used to take that feedback. They used to get it implemented. Detection was then pushed in. They were in that development phase. I am not sure how well they are doing right now.

Negative

I've worked with CrowdStrike and Sophos and they provide a much better way to handle things than Trend Micro.

We never had any other tools or other antiviruses, other EDR solutions, that were playing any roles in the infrastructure. We only had ESET, and we were phasing those ESET servers out to Trend Micro. The only tool that we worked on, or XDR that we worked on, was Trend Micro.

The initial setup was pretty straightforward. They had given us one file which we could push through group policy updates. It was implemented throughout the organization. Implementing was pretty easy and it was pretty lightweight.

I was happy about that as it was not a resource-hungry agent which was running in the background, and we could not kill it, we could not limit it. Typically, XDR agents can be a bit resource-hungry, however, this one from Trend Micro was very light. 

I'm not sure how long the deployment itself took.

Our IT team was pretty huge. It was around 30 odd people who used to work on it, however, I'm not sure how many of them were dedicated to working on Trend Micro for maintenance.

We had our internal IT team who we used to do the installation.

The company I worked for did not lose its money as Trend Micro was a low-cost tool. The features which we were getting were justified by the cost. It was not too costly to have those features.

I'm not sure of the exact price, although it is moderate. I'd rate it 3.5 out of five in terms of affordability.

You could get new features with an added cost per license, or it used to be bulk. Having that modularity helped in choosing and protecting our systems, and keeping the cost down. That modularity helped us in the beginning.

We also evaluated CrowdStrike with Trend Micro. CrowdStrike was phenomenal. I have all the good answers for them. If I have to rate them, I will rate each feature four out of five and above since they were that good.

CrowdStrike was too costly for our organization to have, as we had started building the Infosec inside, having Infosec in-house. Previously, it was outsourced.  I was the first person who was enrolled for Infosec.

I was an end-user.

I'm not sure which version we were using it. 

The solution was on the cloud. We were discussing having it on-prem, however, the cloud made much more sense for such a small organization rather than utilizing the resources on-site.

I'd rate the solution six out of ten.

One of the features I like in Trend Micro XDR is that you can drill down on the root-cause analysis for anything you find on the solution. I also like that it works for detection purposes. Behavior analytics is also what I like most about Trend Micro XDR. I love that it has features such as behavior detection, program detection, and memory scanning. By default, the solution protects against spyware, apart from the normal virus scan. Smart Scan and DLP are also available in Trend Micro XDR which I like as well.

A room for improvement in Trend Micro XDR is more visibility into the alerts. We do get alerts from the solution, but when we are away, we need to have more visibility.

An additional feature we'd like to see in the next release of Trend Micro XDR is reporting, particularly RCA reports because those will help us a lot. Right now, we need to log into the portal to drill down the RCA. For example, when an alert comes in, it will be blocked immediately by Trend Micro XDR. We get the message "This has been blocked", but when we want to drill down in terms of where it started, we need to log into the server, do the RCA, and drill down on it. While doing the RCA and drilling down on it, it would be good if we could get a report directly from Trend Micro XDR because that report could help us.

We've been working with Trend Micro XDR for more than one year, and we're still using the solution.

During the first time we used Trend Micro XDR, we had some issues in terms of stability, but later on, everything became stable.

Trend Micro XDR is a scalable solution.

My impression of the technical support for Trend Micro XDR is good.

We compared Trend Micro XDR against CrowdStrike and Palo Alto, but in terms of the features and pricing, we went with Trend Micro XDR. The solution had a really good price and we are getting almost all the features.

The setup for Trend Micro XDR was easy and didn't have much challenges, especially because we have centralized management so it was easy to manage.

The first time we implemented Trend Micro XDR, we had an integrator because we were on Trend Micro Apex One, then we wanted to migrate that existing solution to Trend Micro XDR, so during that time, we needed an integrator for the implementation of the solution.

Trend Micro XDR has a good price, and on a scale of one to five, I would rate it a four out of five in terms of price.

My company evaluated CrowdStrike and Palo Alto.

My company is working with Trend Micro XDR, an advanced version of the EDR solution.

There are around six hundred users of this solution, but only one person required for its maintenance. Normally, my company deploys this agent. There's another tool from where my company pushes this agent to the end user, pulls to the end user system, then scans from this console, then my company gets all the reports.

I would rate Trend Micro XDR seven out of ten.