TrendAI Vision One Reviews

My company is Kyndryl, and we work for a UK-based financial institution. That client, the financial institution, has TrendAI Vision One. By using TrendAI Vision One, we are monitoring and doing day-to-day tasks.

In this project, it is related to XDR, but there are many modules. Currently, they are using only HIDS and HIPS. There are many other modules available, but all the modules are based on the license, so they are using only a few of them.

Compared to my previous experience where I worked on some other EDR tools, TrendAI Vision One has many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.

Basically, each endpoint device has an agent called the TrendAI agent, similar to a CrowdStrike agent. The agent is monitoring two things: system events and security events. Based on the events, they are pulling the data at the console for the security team. We monitor if any unusual things happen, and then we have to react. The agent installed on endpoint devices is helping us monitor and do the work.

In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features, but I do not remember. However, it has a very good feature, as I mentioned, Cyber Risk Exposure.

Actually, in Cyber Risk, if I want to see the device level and how many devices have some vulnerability, if I click the device, it will show the count. For example, it is showing that two, three, or four devices are detected with this kind of vulnerability. If the devices have Apache Log4j vulnerability or OGNL, then based on the operating system, if the device has Linux, I have to reach the platform team and say "Okay, this system has this kind of vulnerability, and you have to patch the thing" or update the software. From here, I cannot update anything or upgrade the agents. There is some dependency, you could say.

For deployment, I think it is easy and does not require much effort. I have not done the deployment myself, but for some point in time, for a few of the servers, we have done it, and it is easy and does not require much.

For this, it depends on two or three factors. First, we have to confirm why this alert got triggered and what is the IOC. For example, if it is some private IP, then I have to reach out to the different teams. In my case, I have to reach the vulnerability management team because they have Nessus and Qualys tools, which are vulnerability scanner tools. What they mostly do is they try to scan the particular server and devices, targeting the server. When the IP, let us say the Nessus IP, leads to a server, TrendAI Vision One tries to understand "Okay, I think someone is trying to recon this particular server. This is not a usual thing," so they generate the alert. I have to go through each and every alert, and based on whether the IP is private, I have to reach out to the VM team and other teams and try to confirm whether the IP is genuine or from somewhere else. After that, I have to fine-tune inside TrendAI Vision One, and then they will automatically reduce the false positives.

In my case, I can say that earlier we received many alerts related to recon alerts. If I closed and whitelisted two, three, or five IP addresses, the total has been reduced by approximately 40 percent. Earlier, we received more than 400 or 500 false positive alerts, but nowadays we receive hardly 10 or 15 alerts.

My client is not a small bank. I think it is one of the big banks in the UK, but I do not want to tell you the name. It is very big.

In TrendAI Vision One, there are many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.

They have another feature called Workbench inside the XDR. What Workbench does is that if you receive 100 alerts one day, the Workbench correlates all the alerts and tries to find similar ones. Then it generates one ID. Inside one ID, if 10 alerts are similar, it will consolidate all 10 alerts as one Workbench ID. Inside the Workbench ID, if I investigate and close the Workbench ID, on behalf of that Workbench ID, all 10 alerts will be closed automatically. There is no need to go through each and every alert one by one. This is also a very good feature inside TrendAI Vision One.

In terms of centralized visibility, I can say that it saves much more time. If for one thing I have to go through different tools, obviously I have to invest much more time for a single alert. But here, if one alert triggers, I can correlate with the help of different modules, which is nothing but easy for me.

There is also an inbuilt AI tool inside TrendAI Vision One. Sometimes if I get stuck somewhere during the investigation, I use this AI chatbot, which is known as a companion inside TrendAI Vision One. If I put a use case or ask "Okay, I am here, what do I have to do?" That companion, which is nothing but a chatbot, will go through whatever I put inside the chat, analyze it, and mention some steps. It will say "Okay, from here you can go" and "You can do these things." It is also a very good feature and it makes it easy for me.

As I mentioned, because of that one feature, Workbench ID inside the XDR module, it reduced much more time compared to other tools. But I cannot say a specific number. It is very difficult for me. However, it saves a lot of time. As I mentioned, if 10 alerts are received, in another tool, I have to go through each and every alert one by one. But here, they correlate the alerts based on whatever the IOCs are and why this alert got triggered. Based on the alert, they consolidate the alert. If all 10 alerts have a similar property, they consolidate and generate one ID, a Workbench ID, and they consider it as one. So if I investigate one and close it, all 10 will be closed automatically.

It is very nice and very helpful. It reduces the overall response time. It is very helpful. It is known as a companion, and that one chatbot is known as a companion inside TrendAI Vision One.

In TrendAI Vision One, a few days ago, there was one issue related to resource utilization at some servers. It was not clear whether the reason was the Trend agent or some other security agents such as Sentinel or something else. In this kind of situation, we get stuck. Then we have to reinstall and do all those things.

In Tanium, we have an advantage where even the security team from their end can update the patch. But in TrendAI Vision One, there are no features such as this. We have to depend on the platform team.

They could improve the support case experience because whenever we reach out to the support team, in response, they first put what I think are some ready-made templates, and they just put it as a reply. If I raise a case, they have some ready-made templates. This is my opinion and thought from following some different cases. They can improve here because they just simply reply with whatever they have. Then again, we have to mention more things, and after that, they reply with some genuine points. But initially, they just put some ready-made templates, I think. They can improve here.

I have been using this product for more than a year. In this project, it has been more than a year.

It is stable. I think it rates 9 or 10.

Regarding scalability, if we are talking about it, and if we currently have a thousand servers and increase the count, then we can test the scalability. As of now, I have not gone through it, so it is very hard for me to say much about the scalability.

I do not have that much level of access to other parts due to policy, and they are not using all other modules due to licensing limitations. I cannot say much more about other things because TrendAI Vision One has many modules.

In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features.

For deployment, I think it is easy and does not require much effort.

You could say 5+. I started my career as a SOC analyst.

I have not used other products, but there is another product called Tanium, which I learned about. In Tanium, we have an advantage.

I need to note that the overall rating I would give this product is 7. It is not bad, but initially, they put some ready-made templates, which I do not like.

I do not know about other projects because here they segregate the team based on the project. I am working for the UK-based project, and some other people are working for the AU-based project. Different people worked in different countries. I do not have any other idea about other projects or whether they are using TrendAI Vision One or not. I cannot say anything.

Definitely, it requires maintenance. If agents are not compatible with particular devices, we have to reach the support team and take help from there, and then we have to upgrade and update based on the risk and compliance policy.

There are many other modules available, but all the modules are based on the license, and they are using only a few of them.

TrendAI Vision One provides a platform where everything is consolidated. I started with the proxy and then moved on to the XDR, which TrendAI Vision One provided. We collaborated with them, had POCs for the customer, and they liked it, going ahead with it. The main scenario was to integrate with the cloud security platform since the customer had a hybrid platform and needed one-point access to view the whole infrastructure in one place rather than having different solutions for each cloud and device.

The best feature of TrendAI Vision One that I like the most is the investigation graph, which was the main point demonstrated during the POC. If an attack happens and data is exfiltrated or an attacker finds a backdoor into the system, I need a graph of it rather than going to third-party sources. TrendAI Vision One XDR provides this graph, which helps visualize and make RCA and incident understanding easier, especially when presenting the findings to management.

TrendAI Vision One has greatly reduced my time to detect and respond to threats. After the implementation, I see how it integrates with the SOC team, and the XDR is so consolidated, making it easier for the SOC team to analyze tickets since it does not export logs from different components. The logs from TrendAI Vision One are easy to understand, which has helped me reduce false positives and determine whether they are true or not without checking each system individually, which made my job much easier.

The ability of TrendAI Vision One to provide centralized visibility and management across various protection layers is the best part for me. Many may not appreciate everything under one roof because it creates confusion, but once you get familiar with the dashboard, it becomes easy to navigate. However, it can create confusion because everything is under one roof, showcasing both pros and cons.

Aside from the investigation graph, I find that sometimes when we collect data, the UI seems a bit laggish and is not that interactive during that process. When we extract logs, it can be a bit slow, but everything else is acceptable.

The UI does lag a bit.

The implementation of TrendAI Vision One was not easy; it is not a one-click process. I prefer it for larger organizations that can allocate team resources because the implementation can be complex. Resource utilization is quite high, and there is a scarcity of resources focused on TrendAI Vision One. The availability of troubleshooting guides is not as high as with some other vendors, creating some difficulties, but it is manageable because their support is good. When I open a ticket, they respond quickly.

I have been using TrendAI Vision One for two years in my previous organization, and right now, I am implementing it as a system integrator at our customer location.

Stability-wise, I feel there are times when it is not a stable solution, but I also had another client where it worked smoothly, and I did not have to revisit it often. However, in hybrid setups, I do face multiple issues, but the on-premises platform works quite well.

TrendAI Vision One is scalable. We have deployed it for the maximum users, around two hundred to two hundred fifty, and it handles that well.

For TrendAI Vision One's technical support, I would rate it around seven point five to eight, so let us give it an eight.

Positive

I have worked with SentinelOne and multiple other solutions, and from a user experience perspective, I find SentinelOne to be more convenient compared to TrendAI Vision One. However, for consolidation, the fact that I can find everything under one roof is a plus for TrendAI Vision One, despite my preference for ease of user experience in other products such as SentinelOne.

The implementation of TrendAI Vision One was not easy; it is not a one-click process. I prefer it for larger organizations that can allocate team resources because the implementation can be complex.

In my organization, there are only four TrendAI Vision One specialists, including me.

I would estimate that overall, I have seen approximately a twenty percent return on investment.

I would not say TrendAI Vision One is cheap; I always recommend it for mid-size to large-sized enterprises, not for SMBs, as I have other solutions suited for them. I have never pitched TrendAI Vision One to SMBs because I believe it fits mid-sized to large-sized businesses better.

I have worked with SentinelOne and multiple other solutions, and from a user experience perspective, I find SentinelOne to be more convenient compared to TrendAI Vision One.

I actually believe that it has reduced false positives by more than fifteen to twenty percent.

The switch to TrendAI Vision One did reduce risks significantly. Deploying XDR created a spiderweb effect, monitoring every endpoint and node, which mitigated many attacks and helped prevent some.

The built-in AI is important, and I am currently working on certifications from TrendAI Vision One to better pitch it to AI development companies to demonstrate its benefits. I need hands-on experience with it before I pitch to those companies.

Overall, from implementation to operations, I would rate it a seven.

I do recommend this product; it depends on the case-to-case scenario. If a customer wants everything in a single platform, I recommend TrendAI Vision One without hesitation. Its good support and lack of major issues influence my decision to pitch it to customers looking for a consolidated platform. My overall review rating for TrendAI Vision One is seven.

TrendAI Vision One is a unified platform and single dashboard where all endpoints, email servers, clouds, and networks are in one place. It provides AI detection and AI-based threat detection. Any abnormality or abnormal behavior of any server or endpoint is caught, and it predicts security in a proactive mode. It correlates across all endpoints, email, network, and cloud to give the full attack story: how the attack happened, what is the location of the attack, and how we can prevent that attack.

I am using TrendAI Vision One on all our servers with three main components: servers, endpoints, and email security. The unified visibility where one dashboard provides access is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.

TrendAI Vision One sensors are basically the data collectors that capture different parts of the IT environment. If there are no sensors, there will be no visibility. Sensors are the eyes and ears of TrendAI Vision One. They are used to collect logs, abnormal behavior, email activity, and network activity. The system correlates everything, detects the attack, and sends alerts to the SOC so we can work effectively. We have endpoint sensors that are installed on laptops and servers.

One of the biggest challenges nowadays is ransomware attacks, which are the most common and damaging threat. Attackers encrypt data and steal it. With the help of TrendAI Vision One, it reduces the data leak risk from our environment. The second main challenge is phishing and social engineering attacks. Technology is growing fast, so phishing and social engineering attacks are more common. The third main challenge is identity and access compromise, where attacks target our active directory, which is the backbone of the industry. If any of the identities are compromised, an attacker can get full access. TrendAI Vision One is helping us prevent that attack. These are the three top challenges that every organization has to face, and TrendAI Vision One is resolving these kinds of issues on a daily basis.

The cyber risk management capability is used in our organization to identify and prioritize cybersecurity risks in a structured way. There are multiple capabilities under that. First, we need to identify the risk and understand what are all the possible risks we have, what are the vulnerabilities, misconfigurations, threats, and asset exposures. The second main thing is asset visibility, which is very important because we should know what type of asset visibility we have. The third main point is risk assessment, which evaluates the impact and likelihood. For example, if something is down and it is of high importance, it will be marked as a high impact. The fourth stage is risk prioritization, which prioritizes the risk and identifies what are the critical assets and what are the high-end critical vulnerabilities. Every risk has its own weightage. Some are critical, some are high, some are low. This helps us to prioritize risk. And then, of course, comes risk mitigation. Once we find the risk, for example, if something is high-end and critical, the last step is to mitigate it. This includes patching vulnerabilities, fixing misconfiguration things, strengthening our hardening controls, and applying security tools to that. And then, we go back to the first step, continuous monitoring. The next day we will start to find new zero-day attacks, new threats, and new external risks.

TrendAI Vision One, which we are using on all our servers, is the most valuable feature. We are using three things: servers, endpoints, and TrendAI Vision One's email security. The unified visibility where one dashboard is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.

My overall experience with TrendAI Vision One is very good. We discuss it every week in our leadership discussions. Overall, this platform is very mature. It is a unified XDR platform that improves the threat visibility part and the correlation part across the enterprise. The best part is it has strong XDR correlation. It has centralized visibility with one dashboard that contains all the information: all our risk posture, all our assets, and all our threats. The AI-driven technology, the AI-driven detection, and the scoring part are very good, as is the broad coverage they provide.

Alert noise and false positives are areas that should be improved. The initial deployment generates too many alerts, so we need better AI filtering and more accurate prioritization. Also, the integration complexity can be an issue. Sometimes, integrating TrendAI Vision One with our SIEM tool or other cloud platforms can be time-consuming. Some improvements should be made there. They need to make easier, plug-and-play integrations and provide better documentation.

One feature is SOAR (Security Orchestration, Automation and Response), which is an automated response engine. Currently, they have partial automation. If there is an auto-containment feature for endpoints, users, and the network, or if there are many pre-built playbooks for ransomware, phishing, and insider threats, it would be beneficial. For example, we just need to one-click and auto-remediation is done. That is the feature I am looking for. This would be used to help us detect, investigate, and respond automatically.

We have been using TrendAI Vision One for the last two years, and we recently renewed it as well.

We purchased TrendAI Vision One for all our servers. The basics are simple. We signed up, logged in, and provided access to our cloud console. Then, the step-by-step onboarding process started where we had an endpoint agent deployment for each machine. We downloaded the agent and installed it on each machine. Then the migration from the existing solution started. For the deployment part, we use one tool named ManageEngine's ITSM tool, from where we can write a script for that agent and have a mass deployment.

Regarding cost and licensing transparency, we are using a credit-based model. We have a certain number of credits that we are using. The pricing is mild. They could make simpler pricing for better usage visibility, but I am okay with the pricing because we are getting good quality. I would not say it is a high price because we are getting a good product.

TrendAI Vision One is a powerful XDR platform. However, it requires proper tuning and proper integration. If we have done proper tuning and proper integration with all our servers, endpoints, and cloud platforms, it will give very good, accurate results.

From false positive to true positive, the percentage is almost 60% to 70%, approximately 65%. However, it needs proper tuning every week. We have to tune the policies every week so that we can get better visibility and accuracy.

Regarding mean time to detect, TrendAI Vision One definitely helps. It reduces the mean time to detect compared to traditional tools. It basically detects threats in real time. Real-time detection means it uses AI analytics, global threat intelligence, and correlation signals across all endpoints. Threats are detected almost immediately once any suspicious or malicious activity is observed. It reduces the time to detect by almost 60%.

TrendAI Vision One is a powerful and mature XDR tool. Of course, every tool has room to improve. But for us right now, it is a good tool. There are a number of tools, and every tool has its own capability and its own visibility. This tool is a very good, powerful tool. My overall rating for this solution is nine out of ten.

I am from a partner firm and I deploy TrendAI Vision One at multiple customers. I implement the solution to multiple customers.

The main use cases which I have heard from customers are that, from the email point of view, email security is the first priority. They are searching for a solution which provides email security, which is able to block the files with an integrated DLP.

One of the best parts of TrendAI Vision One is its email security and the endpoint. Email security it provides at the API level, so it offers both MX Gateway and API, but usually we deploy it using API.

TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves, or the agent handles it. In this case, the agent will give you the logs.

TrendAI Vision One also has an XDR. This XDR helps you collect logs from multiple sources. It will correlate the logs of your databases, your endpoint, your servers, your mail, and using all these data silos, it will give you a report if any anomaly or any malicious file is detected or any virus pattern is detected.

Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.

It uses AI to check the logs, to find the malware or to find any phishing attack. It uses an AI and ML engine for that. There is also another AI agent inside the console. For example, if I want to find a policy or check a user, the AI agent can assist me.

They have recently launched a Zero Trust Secure Access, which is a version of SASE. Using their single agent, which is for endpoint, the same agent you can use for Zero Trust Secure Access. So you do not have to install multiple agents. One single agent can work for multiple things for SASE and for endpoint.

Its deployment is easy and fast. TrendAI Vision One console has all the features, like one single console provides email, email security, endpoint security, server and workload protection, XDR, cyber risk management, all the things in one console. It provides a good overview from a CISO and manager level. Whenever I have a meeting with the management, I show them that. Your cyber risk score is this much, from a comparison point of view.

It has another feature which can detect the unknown processes or malicious processes using its AI technology, which may be forming or in the initial stage of a ransomware attack. It is quite good in capturing that also.

From the functionalities perspective, the agent is quite heavy as it can scan different types of files.

None of my customers have faced any attack. We have detected many attacks using ransomware protection and phishing detection.

Although there is a point of improvement in the endpoint protection.

Email security sometimes may lead to some true positive attachments.

One thing I would say is not a good point is they do not have a specific licensing structure. If I bought licensing for 500 users, they convert the licenses to a credit system.

If I am a mid-level enterprise, it provides everything like an integrated DLP. I do not have to spend more money buying other solutions. One solution is enough to cover my DLP needs, endpoints, XDRs, and email security.

In endpoint also, if I have 500 customers, and if I want to change a policy, I have to make a new policy for them and add them to it and then change the policy. This is a complex process.

Management is a bit complex and it could have been easier.

The positive point is centralized management. If you are a mid-level enterprise looking for a solution for most of your cybersecurity products, TrendAI Vision One is a good centralized platform. You should go for it.

I have been working with TrendAI Vision One for almost one year.

Since TrendAI Vision One is a SaaS-based platform, I have never faced the issue of the platform going down or any issues on the console. It is hosted on the cloud, so it is good. I have never faced that issue.

TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves. But in this case, the agent will give you the logs. They have an investigation team that will give you an EXE to collect the log and EXE to clean your system, a diagnostic tool.

Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.

Positive

I have used other tools such as Check Point. In email security, the number of false positives is less in TrendAI Vision One in comparison to Check Point.

Within a day, you can deploy the whole solution in your whole company, maybe 500 users, 1000, or 2000. Within a day, you can deploy the solution of email security.

The first benefit is the ease of deployment using API. You simply have to link the Outlook or the Google Workspace API and within two minutes it is synced.

For endpoints, you have a script. You can simply run that script in your AD server and you can install multiple agents in a few minutes on most of your machines in the network.

My use case for the solution is primarily for EDR purposes, but we are also starting to use the CREM.  This technology allows us to see our endpoints within seconds to ensure they are NIST 800-83 compliant.  This technology is critical in today's world as there are many customers requiring this now.  

We have used advanced threat intelligence, and we continue to do so. There is a way to run a threat query to find where a certain item is located. For example, Quick Assist from Microsoft was used a while back to gain access to our environment, and we didn't know it at the time. Of course, we've since locked that down. Now, we can also use that query we created to monitor if someone tries to use it again. I recently saw an attempt to use it, but they couldn't succeed because we have it blocked. It's really good to know these things, and without the available technology, we wouldn’t be able to do this.

Trend Vision One's automation capabilities have helped, for example, with atypical travel. We have a playbook set up. When Trend Vision One finds someone signed on in the United States and then catches them signed on in Africa, it will immediately run a playbook. This will disable that profile and prohibit that person from logging in. That is huge when you consider the possibilities of what could happen if we didn’t have that feature.

Our response time is greatly enhanced because of all the features that Trend Vision One offers. It simplifies things and makes it clear what’s going on inside our environment. With just a click of a button, we can get the information we need. We can mitigate issues very quickly using Trend Vision One. We can isolate endpoints, effectively removing them from the network while still accessing them through the Trend Vision One console. Additionally, we can run malware scans instantly on computers, and there are so many features available that it can be hard to keep track of them sometimes. Overall, Trend Vision One has really helped a lot. When it comes to time savings, I would estimate that our response time has improved by at least 40%.

Using this solution has benefited our business greatly. It keeps me informed of everything happening in our environment. We have site admins at every location with specific admin authority to do certain things. Trend Vision One monitors that, allowing me to validate actions taken by admins. Trend Vision One caught various incidents, and it gives me a clear understanding of our environment and its activities, with quick searches and deeper capabilities.

With Trend Vision One, my favorite feature is the app they provide. You can turn on different features and notifications. The other night I was sitting at supper when the app went off, and I got an alert that was very strange. It turned out to be an event, and we got our cyber team together to mitigate the issue with Trend's IR Teams help, preventing any major problems. That app is a lifesaver.

The dashboard provides extensive information. It gives detailed information regarding endpoints and servers, tracking everything. You can search for things and run threat analysis. There are many features within there, and it's difficult to pinpoint one because all the features work very effectively together.

The centralized management feature contributes to faster decision-making within our security operations, greatly enhancing our response time. With all the features that Trend Vision One offers, it simplifies things. It clarifies what's going on inside your environment; with a click of a button, you can see what's happening and mitigate very fast.

In Trend Vision One, there is always room for improvement. The console is well done, but there might be a bit of improvement needed with the app's capabilities. I know they are constantly working on it, and they have regular Webinars "What's New In Trend Vision One" to share updates and enhancements that are taking place.  

Trend also allows its VIP customers to pretest new features or products and enables us to give feedback on those we test.  This is an incredible benefit to Trend's VIP program.  I do not know of any other product like Trend Micro.

I've been using this solution for quite a while. It was about eight years ago when our company had Trend implemented at every location. We have eleven locations overall. In my opinion, it wasn't managed properly; the situation was quite poor. There were many updates that were needed. I approached management and expressed my desire to take over the project. I said, "I want this. I will do it, fix it, and make it work." Management agreed and gave me the responsibility.

What I did next was take all the servers, fix and upgrade them, and prepare them for migration to one on-site server. After that, we decided to move to the cloud. I gathered everything together and worked with Trend to get all of our endpoints and servers transitioned to the cloud. It's been an ongoing process with Trend, as there is always something that needs to be done.

I rate the stability of Trend Vision One as a ten out of ten.

I would rate the scalability of Trend Vision One as nine out of ten.

It is really good. They even have a feedback system to report suggestions or problems, which are addressed promptly. We also benefit from 24/7 monitoring, and we have direct contacts for technical issues and ongoing weekly support calls.

I would rate them a nine out of ten. There's always room for improvement. Five years ago, I would rate it as a five, but support has significantly improved in availability, responsiveness, and keeping me updated.

We purchased the software through CDW, which used to be called Sirius. That's how we acquired it. I have several contacts at Trend that I can reach out to directly, as I have been working with them for about eight years. They have helped me implement the software directly. I worked with Trend through the entire process. They have a learning platform with videos that break down each product. They show you step-by-step how to implement or use each solution. Trend Micro Service One, monitors our corporation, 24/7/365 support service. We can contact a representative, and they’ll get back to us if we encounter any problems or technical issues in our environment. They’ll even join us on a conference call to help. We also have a weekly call with them, where we can ask questions, and they guide us to the right resources and documentation. It’s really an incredible support package.

It wasn’t complicated to deploy. Now they offer a product called Server and Workload Protection, which is tailored specifically for servers. We're in the process of upgrading our servers to use this product. It’s more focused on server-specific security and functionality. When I used it about five years ago, the process was quite complex. I had problems and issues. Over the years, we moved away from the product — about four years ago — and we’re only now starting to return to it. The changes made in those four years are incredible. It’s like night and day. What used to take me days to deploy to one server now takes about half an hour. Trend is constantly updating, enhancing, and improving how things are done. It’s a continually evolving package. They’re even integrating AI capabilities now, which will greatly enhance what Trend products can do.

The capability of Trend Vision One to be deployed both on-premises and in the cloud has been extremely beneficial to my organization in terms of flexibility and scalability. Being in the cloud eliminates the need for on-prem servers. With several divisions, managing all of those on-prem servers was a nightmare. It was not an option, so I migrated to the cloud, which is a one-stop shop. We have our entire corporation in the cloud, making it easy to see everything without logging onto multiple servers; this saves a lot of time.

The solution itself does require some maintenance. The updates are automatic, so we don't need to manually check. However, some endpoints have to be maintained more carefully, ensuring they are fully updated because missing MS updates can prevent Trend Vision One from working correctly. It's good practice to keep everything up to date, which is crucial for managing over 1,000 endpoints and 200 servers. Trend Vision One allows us to see all software on a person's computer, even outdated web browsers, and it flags potential threats, which is an incredible feature.

In my organization, approximately three people work with Trend Vision One.

In terms of return on investment, I've seen a 100% return. It has paid for itself. Our company went through a ransomware event, and if Trend Vision One's IR Team had not stopped it, that could've closed the company's doors.

Trend Vision One is definitely cost-efficient compared to other solutions. I have seen others that are double or triple the price. I'm surprised Trend Vision One hasn't raised their prices, considering everything offered. Depending on the features selected, cost varies, but overall, endpoint and server security is very reasonable.

Comparing Trend Vision One to other solutions, I've seen other vendors with complicated software requiring extensive training to understand. If software is that hard to learn, I don't find it to be a viable solution. Learning takes weeks or months, potentially creating holes in security instead of securing it.

I would absolutely recommend Trend Vision One to other users because it's cost-efficient and it just works. It tells you what you need to do, alerts you of threats, and informs you about software needing updates. They have an IR team that is exceptional and works on the mitigation and remediation until all issues have been resolved!  Over time, it becomes easier to understand, especially moving from on-prem to cloud deployment; there's no comparison. 

I would rate the solution overall as a ten out of ten.

My use cases for Trend Vision One are typically reactive, letting it scan and monitor our environment, and we typically respond quickly to any workbenches that come up. 

We also try to adapt to the Cyber Risk Index or the security score, keeping that at the lowest amount possible on a weekly or bi-weekly basis as we push out updates and do maintenance.

My favorite features in Trend Vision One include the Cyber Risk Index, which breaks down various pieces of info into one easily digestible score. I appreciate the workbenches. They provide a visual of how they operate for the most part, and I value the in-depth details they offer since we can mostly operate off of that, giving us enough info to crunch and figure out what's happening.

While it's not an actual feature of the application, I appreciate the clinics and seminars that Trend provides, as I went to one last year that got me from zero to beginner, and I hope to advance to intermediate with another seminar series this year.

Trend Vision One helps reduce my mean time to detect and respond to threats as without it, we would be scrambling and confused with not much information to go off of for threat hunting. I'm not sure what we were using previously. As long as I've been here, it's been Trend Vision One, and we're very happy with it. We're hesitant to shop around for any other provider since we think it's a very good product, and we appreciate the speed and breadth of data we receive from it.

I sometimes see noise from false positives with Trend Vision One. One clear instance involved the AI deep fake feature, which would throw up false positives whenever someone had a Teams meeting with a blurred background, leading us to turn it off as it activated for every meeting. Additionally, there were minor false positives throughout the year related to Microsoft update files and certain DLLs, however, they don't clutter Trend Vision One much and have essentially gone away in recent months.

I am very happy with Trend Vision One's platform ability to provide centralized visibility and management across protection layers. The platform extends into various categories, offering oversight over email and even flagging suspicious activities that occur on a server, despite not having a Trend Vision One agent on it. For instance, an admin setting up remote access on that server was flagged as suspicious, and I appreciate the reach that Trend Vision One has across different scattered categories it monitors.

In terms of improving Trend Vision One, it might sound silly, yet it seems notoriously uncooperative with middle clicks and opening sections in new tabs. I'm a big tab browser, and it feels hitting a brick wall when I have to refresh in a new tab or make a copy of a tab to move forward. If we can enable middle clicks to open sections in new tabs, it would greatly benefit me personally.

I've been using Trend Vision One for a few months, approximately eight to ten months at this point.

Regarding stability, I don't think Trend Vision One has ever caused any lagging, crashing, or downtime. There was one situation where we may have misconfigured something, forgetting a checkbox, and Trend Vision One's scheduled scans might have used some CPU resources, however, that's on our end. Besides that, Trend Vision One works exactly as intended and has never hindered our operations, feeling more a collaborator than a roadblock.

I don't think I've encountered any issues with scalability; we're growing steadily, and I believe Trend Vision One can keep up with our demand. Our company has about 200 employees in Canada, and I can foresee that if we doubled in size, Trend Vision One would accommodate that very easily.

I have contacted the technical support before. We're very happy with the technical support from Trend Vision One, feeling we have our own dedicated technician who knows the entire suite of applications. They are very intelligent and responsive, and as we submit feature requests, they seem to make it into the actual list of features in Trend Vision One, so we maintain a good relationship with their technical support and development teams.

Positive

I'm not sure what we were using previously. As long as I've been here, it's been Trend Vision One, and we're very happy with it. We're hesitant to shop around for any other provider as we consider it a very good product.

The experience of first using Trend Vision One is really difficult due to the steep learning curve. Thankfully, I attended a Trend Vision One seminar that got me from zero to beginner, as without that, it involves a lot of guesswork with little grounding to go off of. I really recommend their seminars and tutorials.

I do not know much about the pricing of Trend Vision One. My understanding is it's expensive. We pay for it anyway, and there's always sticker shock. Still, we feel it's necessary as this product covers all our needs.

We're hesitant to shop around for any other provider. Trend Vision One is a very good product, and we appreciate the speed and breadth of data we receive from it.

I'm not sure if I use the cyber risk exposure management capabilities. Trend Vision One requires very little maintenance on my end, mostly just keeping up with refreshing the license, which is about all I hear related to Trend Vision One maintenance.

Some top security challenges in my industry include securing anything exposed to the internet, especially since we were previously hit with ransomware. The ability of Trend Vision One to detect and cut off threats early, clean up files before they execute, and address phishing emails helps us significantly. We also have their email and collaborative security, which is crucial along with having zero-day protections to receive early warnings of threats, allowing us to act immediately outside our maintenance windows.

I'm not completely sure where we use the Trend Vision One sensors, as I didn't set them up. However, we do have a DDI that we paid a lot for, which is one of our biggest data sources and populates much of the information in Trend Vision One. We also have a network sensor at our different location in the United States, which is a temporary holdover until we can upgrade to something more robust.

It's not critical for my company that Trend Vision One has AI built into its platform in terms of needing a language model to explain things, however, AI is actually critical for threat detection and behavioral analysis. That aspect of behavior monitoring and action based on behavior is very important.

Trend Vision One has helped my organization reduce its cyber risk. For instance, even prior to acquiring the DDI, the DDI's presence on our network found a threat actively in progress, and we were able to act on it, demonstrating its effectiveness from day zero.

On a scale from one to ten, I would rate Trend Vision One a nine overall.

As a reseller for the Trend Micro solution, I also consult for the product, as we are a reseller cum consultant. TrendAI Vision One is a platform that supports multiple solutions, including endpoint security solution, identity security solution, email security solution, and network security solution.

In the past few months, I have worked on around twelve to fifteen use cases for Trend Micro's solutions, including endpoint security with web security and zero-trust secure access. I have also provided a cloud security module as a separate use case for a customer, and I have predominantly worked on other use cases such as IPS, TippingPoint, and intrusion prevention systems within the TrendAI Vision One console.

The major advantages of TrendAI Vision One are its good visibility across our infrastructure, providing detailed visibility on emails within TrendAI Vision One Email Security, including how many emails are received by mail servers on a daily, weekly, and hourly basis.

The second advantage is that since TrendAI Vision One is a single platform, it offers surface attack surface monitoring, allowing me to monitor different types of end nodes, such as servers, mailboxes, and users, which enhances incident response and investigation activities.

Cyber Risk Exposure Management (CREM) in TrendAI Vision One is one of the best functionalities, as it helps identify blind spots by discovering resources in multiple environments, such as on-premises data centers and various cloud platforms including Google Cloud Platform and Azure.

Switching to TrendAI Vision One has improved the security posture and endpoint security deployments by around twenty percent compared to the previous vendor.

The ability of TrendAI Vision One to reduce time to detect and respond to threats can be improved. To identify and detect sophisticated attacks effectively, I need a better detection rate and minimal time to respond.

While the major area for improvement in TrendAI Vision One is the time to detect and respond, apart from that, it is actually good, with great visibility and functionalities.

I have not yet examined whether TrendAI Vision One helps to consolidate the use of security vendors and reduce silos, but I believe it may have a partial silos working model as there are certain isolations that happen.

At this stage, we are not utilizing the full potential of AI in TrendAI Vision One, as we have not gathered sufficient feedback on its performance.

I have been working with Trend Micro for the past six to seven years, and the whole company actually evolved from Trend Micro to TrendAI. TrendAI Vision One has evolved in recent months.

Stability and reliability in TrendAI Vision One can be improved, but I would rate it as good, around a seven out of ten. I have faced issues, especially regarding stability, and while improvements have been made, I cannot say it is perfectly stable.

In terms of scalability, TrendAI Vision One is scalable based on license purchases, but it does have some limitations, as it is credit-based licensing to an extent.

I find that customer support from TrendAI has improved, and I would rate it around seven out of ten. Technical support is improving, but there is still potential to be better, particularly in their level of expertise.

TrendAI Vision One differs from Trend Micro Vision One in that key components have been integrated, but more or less, all other functionalities remain very similar.

The installation procedure for TrendAI Vision One is easy, but understanding the console can be quite complex.

In terms of ROI, TrendAI Vision One provides a better return on investment compared to Trend Micro, as it offers multiple solutions that yield more security and a better security posture compared to third-party solutions. I would say the ROI is around fifty to sixty percent better compared to other products.

Regarding the price, setup cost, and licensing, it is quite affordable and the pricing model has improved, making it better than before and not as expensive compared to other brands.

Comparing TrendAI Vision One to competitive vendors including SentinelOne, the detection rate is not that bad, and while there are other vendors with better detection rates, the key selling point of Trend Micro is that it is a platform offering multiple solutions, including third-party integrations, which is unique compared to other vendors.

According to the MITRE framework, the detection rate of TrendAI Vision One is around eighty-four percent.

Regarding false positives, they are common with every other solution, but the generation of false positives heavily depends on the configuration. The purpose of the product is to alert the admin team whenever a suspicious process is triggered, and whether it is generating too much noise is based on how it is configured.

TrendAI Vision One sensors are indeed critical for coverage in our organization's network, but some customers have complained about bandwidth usage; however, I believe it does not consume excessive bandwidth when configured properly.

I would rate TrendAI Vision One around eight to eight point five, possibly even nine, in overall satisfaction.

We operate as an MSP. Most of my clients are financial institutions, such as one of the largest banks in Pakistan. We primarily serve enterprise-level financial institutions and banks. 

The best features in TrendAI Vision One are the workbench and the XDR feature for the playbooks. We continue to use these two features extensively. 

We also have our own product called SIRP, which is a SOAR platform, and we integrate it with TrendAI Vision One for automations, alert information, auto enrichment, and IOC enrichment. 

We appreciate that TrendAI Vision One provides a good API with actions for our SIRP operations. 

While we did not calculate specific MTTR and MTTD metrics, it has significantly reduced suspicious alerts and benign alerts compared to what we previously experienced.

TrendAI Vision One provides its own MDR services for detection capabilities, similar to CrowdStrike. Their team collaborates effectively with us on response and detection. The solution doesn't require frequent maintenance, and services are not regularly interrupted.

Areas that need improvement in TrendAI Vision One include the AI-based mechanism, AI-based detections, and AI-based autonomous detections, which are currently lacking. Additionally, they need to add more integrations to their playbooks. They should lower the cost for integrations as they charge for each individual integration. TrendAI Vision One does not initially disclose to customers that they need to purchase additional licenses and pay more for integrations. They need to modify their licensing mechanism and improve their AI-based detections.

We have been using TrendAI Vision One for approximately six to seven years. We provide services to different customers on various security controls and security products.

TrendAI Vision One demonstrates strong stability, warranting a rating of seven out of ten.

TrendAI Vision One is scalable. For DMG area operations, they have their own dedicated product available.

I cannot provide detailed feedback about TrendAI Vision One support as we haven't needed to utilize it extensively. The configuration process is straightforward enough that we rarely require support assistance.

Neutral

Most of the enterprise-level clients use CrowdStrike or Cylance. TrendAI Vision One or TrendAI Vision One Apex Central is used by most smaller banks, while bigger banks predominantly use CrowdStrike and Cylance.

In Pakistan and the MENA region, clients prefer on-premises deployment unless cloud services are available. When cloud hosting is located in the US or other countries, Saudi and UAE clients typically opt for on-premises deployment.

Vision One is very easy to deploy. We don't have to do much of anything on that. We just have to deploy the agent, and we have to configure the policy. It's not very complicated.

Regarding pricing, TrendAI Vision One offers very competitive rates compared to CrowdStrike and Cylance. Customers who cannot afford CrowdStrike's pricing can easily opt for TrendAI Vision One.

We are not a partner with Trend Micro; we only provide deployment services. TrendAI Vision One can generate false positives; however, this depends on the whitelisting configuration, particularly in the application control area and IOC whitelisting. The detection mechanism is good, though CrowdStrike performs better in detections and reducing false positives due to its behavioral-based analysis and AI-based features. In comparison with other vendors, CrowdStrike ranks first, followed by Cylance, then TrendAI Vision One. Cylance and TrendAI Vision One can work together effectively.

I would primarily recommend CrowdStrike, and then TrendAI Vision One for customers with budget constraints. CrowdStrike's recent launch of a new AI model and features such as the MDC module for comprehensive log collection provide superior visibility and control compared to TrendAI Vision One.

The overall rating for TrendAI Vision One is seven out of ten.