TrendAI Vision One Reviews

TrendAI Vision One provides a platform where everything is consolidated. I started with the proxy and then moved on to the XDR, which TrendAI Vision One provided. We collaborated with them, had POCs for the customer, and they liked it, going ahead with it. The main scenario was to integrate with the cloud security platform since the customer had a hybrid platform and needed one-point access to view the whole infrastructure in one place rather than having different solutions for each cloud and device.

The best feature of TrendAI Vision One that I like the most is the investigation graph, which was the main point demonstrated during the POC. If an attack happens and data is exfiltrated or an attacker finds a backdoor into the system, I need a graph of it rather than going to third-party sources. TrendAI Vision One XDR provides this graph, which helps visualize and make RCA and incident understanding easier, especially when presenting the findings to management.

TrendAI Vision One has greatly reduced my time to detect and respond to threats. After the implementation, I see how it integrates with the SOC team, and the XDR is so consolidated, making it easier for the SOC team to analyze tickets since it does not export logs from different components. The logs from TrendAI Vision One are easy to understand, which has helped me reduce false positives and determine whether they are true or not without checking each system individually, which made my job much easier.

The ability of TrendAI Vision One to provide centralized visibility and management across various protection layers is the best part for me. Many may not appreciate everything under one roof because it creates confusion, but once you get familiar with the dashboard, it becomes easy to navigate. However, it can create confusion because everything is under one roof, showcasing both pros and cons.

Aside from the investigation graph, I find that sometimes when we collect data, the UI seems a bit laggish and is not that interactive during that process. When we extract logs, it can be a bit slow, but everything else is acceptable.

The UI does lag a bit.

The implementation of TrendAI Vision One was not easy; it is not a one-click process. I prefer it for larger organizations that can allocate team resources because the implementation can be complex. Resource utilization is quite high, and there is a scarcity of resources focused on TrendAI Vision One. The availability of troubleshooting guides is not as high as with some other vendors, creating some difficulties, but it is manageable because their support is good. When I open a ticket, they respond quickly.

I have been using TrendAI Vision One for two years in my previous organization, and right now, I am implementing it as a system integrator at our customer location.

Stability-wise, I feel there are times when it is not a stable solution, but I also had another client where it worked smoothly, and I did not have to revisit it often. However, in hybrid setups, I do face multiple issues, but the on-premises platform works quite well.

TrendAI Vision One is scalable. We have deployed it for the maximum users, around two hundred to two hundred fifty, and it handles that well.

For TrendAI Vision One's technical support, I would rate it around seven point five to eight, so let us give it an eight.

I have worked with SentinelOne and multiple other solutions, and from a user experience perspective, I find SentinelOne to be more convenient compared to TrendAI Vision One. However, for consolidation, the fact that I can find everything under one roof is a plus for TrendAI Vision One, despite my preference for ease of user experience in other products such as SentinelOne.

The implementation of TrendAI Vision One was not easy; it is not a one-click process. I prefer it for larger organizations that can allocate team resources because the implementation can be complex.

In my organization, there are only four TrendAI Vision One specialists, including me.

I would estimate that overall, I have seen approximately a twenty percent return on investment.

I would not say TrendAI Vision One is cheap; I always recommend it for mid-size to large-sized enterprises, not for SMBs, as I have other solutions suited for them. I have never pitched TrendAI Vision One to SMBs because I believe it fits mid-sized to large-sized businesses better.

I have worked with SentinelOne and multiple other solutions, and from a user experience perspective, I find SentinelOne to be more convenient compared to TrendAI Vision One.

I actually believe that it has reduced false positives by more than fifteen to twenty percent.

The switch to TrendAI Vision One did reduce risks significantly. Deploying XDR created a spiderweb effect, monitoring every endpoint and node, which mitigated many attacks and helped prevent some.

The built-in AI is important, and I am currently working on certifications from TrendAI Vision One to better pitch it to AI development companies to demonstrate its benefits. I need hands-on experience with it before I pitch to those companies.

Overall, from implementation to operations, I would rate it a seven.

I do recommend this product; it depends on the case-to-case scenario. If a customer wants everything in a single platform, I recommend TrendAI Vision One without hesitation. Its good support and lack of major issues influence my decision to pitch it to customers looking for a consolidated platform. My overall review rating for TrendAI Vision One is seven.

TrendAI Vision One is a unified platform and single dashboard where all endpoints, email servers, clouds, and networks are in one place. It provides AI detection and AI-based threat detection. Any abnormality or abnormal behavior of any server or endpoint is caught, and it predicts security in a proactive mode. It correlates across all endpoints, email, network, and cloud to give the full attack story: how the attack happened, what is the location of the attack, and how we can prevent that attack.

I am using TrendAI Vision One on all our servers with three main components: servers, endpoints, and email security. The unified visibility where one dashboard provides access is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.

TrendAI Vision One sensors are basically the data collectors that capture different parts of the IT environment. If there are no sensors, there will be no visibility. Sensors are the eyes and ears of TrendAI Vision One. They are used to collect logs, abnormal behavior, email activity, and network activity. The system correlates everything, detects the attack, and sends alerts to the SOC so we can work effectively. We have endpoint sensors that are installed on laptops and servers.

One of the biggest challenges nowadays is ransomware attacks, which are the most common and damaging threat. Attackers encrypt data and steal it. With the help of TrendAI Vision One, it reduces the data leak risk from our environment. The second main challenge is phishing and social engineering attacks. Technology is growing fast, so phishing and social engineering attacks are more common. The third main challenge is identity and access compromise, where attacks target our active directory, which is the backbone of the industry. If any of the identities are compromised, an attacker can get full access. TrendAI Vision One is helping us prevent that attack. These are the three top challenges that every organization has to face, and TrendAI Vision One is resolving these kinds of issues on a daily basis.

The cyber risk management capability is used in our organization to identify and prioritize cybersecurity risks in a structured way. There are multiple capabilities under that. First, we need to identify the risk and understand what are all the possible risks we have, what are the vulnerabilities, misconfigurations, threats, and asset exposures. The second main thing is asset visibility, which is very important because we should know what type of asset visibility we have. The third main point is risk assessment, which evaluates the impact and likelihood. For example, if something is down and it is of high importance, it will be marked as a high impact. The fourth stage is risk prioritization, which prioritizes the risk and identifies what are the critical assets and what are the high-end critical vulnerabilities. Every risk has its own weightage. Some are critical, some are high, some are low. This helps us to prioritize risk. And then, of course, comes risk mitigation. Once we find the risk, for example, if something is high-end and critical, the last step is to mitigate it. This includes patching vulnerabilities, fixing misconfiguration things, strengthening our hardening controls, and applying security tools to that. And then, we go back to the first step, continuous monitoring. The next day we will start to find new zero-day attacks, new threats, and new external risks.

TrendAI Vision One, which we are using on all our servers, is the most valuable feature. We are using three things: servers, endpoints, and TrendAI Vision One's email security. The unified visibility where one dashboard is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.

My overall experience with TrendAI Vision One is very good. We discuss it every week in our leadership discussions. Overall, this platform is very mature. It is a unified XDR platform that improves the threat visibility part and the correlation part across the enterprise. The best part is it has strong XDR correlation. It has centralized visibility with one dashboard that contains all the information: all our risk posture, all our assets, and all our threats. The AI-driven technology, the AI-driven detection, and the scoring part are very good, as is the broad coverage they provide.

Alert noise and false positives are areas that should be improved. The initial deployment generates too many alerts, so we need better AI filtering and more accurate prioritization. Also, the integration complexity can be an issue. Sometimes, integrating TrendAI Vision One with our SIEM tool or other cloud platforms can be time-consuming. Some improvements should be made there. They need to make easier, plug-and-play integrations and provide better documentation.

One feature is SOAR (Security Orchestration, Automation and Response), which is an automated response engine. Currently, they have partial automation. If there is an auto-containment feature for endpoints, users, and the network, or if there are many pre-built playbooks for ransomware, phishing, and insider threats, it would be beneficial. For example, we just need to one-click and auto-remediation is done. That is the feature I am looking for. This would be used to help us detect, investigate, and respond automatically.

We have been using TrendAI Vision One for the last two years, and we recently renewed it as well.

We purchased TrendAI Vision One for all our servers. The basics are simple. We signed up, logged in, and provided access to our cloud console. Then, the step-by-step onboarding process started where we had an endpoint agent deployment for each machine. We downloaded the agent and installed it on each machine. Then the migration from the existing solution started. For the deployment part, we use one tool named ManageEngine's ITSM tool, from where we can write a script for that agent and have a mass deployment.

Regarding cost and licensing transparency, we are using a credit-based model. We have a certain number of credits that we are using. The pricing is mild. They could make simpler pricing for better usage visibility, but I am okay with the pricing because we are getting good quality. I would not say it is a high price because we are getting a good product.

TrendAI Vision One is a powerful XDR platform. However, it requires proper tuning and proper integration. If we have done proper tuning and proper integration with all our servers, endpoints, and cloud platforms, it will give very good, accurate results.

From false positive to true positive, the percentage is almost 60% to 70%, approximately 65%. However, it needs proper tuning every week. We have to tune the policies every week so that we can get better visibility and accuracy.

Regarding mean time to detect, TrendAI Vision One definitely helps. It reduces the mean time to detect compared to traditional tools. It basically detects threats in real time. Real-time detection means it uses AI analytics, global threat intelligence, and correlation signals across all endpoints. Threats are detected almost immediately once any suspicious or malicious activity is observed. It reduces the time to detect by almost 60%.

TrendAI Vision One is a powerful and mature XDR tool. Of course, every tool has room to improve. But for us right now, it is a good tool. There are a number of tools, and every tool has its own capability and its own visibility. This tool is a very good, powerful tool. My overall rating for this solution is nine out of ten.

I am from a partner firm and I deploy TrendAI Vision One at multiple customers. I implement the solution to multiple customers.

The main use cases which I have heard from customers are that, from the email point of view, email security is the first priority. They are searching for a solution which provides email security, which is able to block the files with an integrated DLP.

One of the best parts of TrendAI Vision One is its email security and the endpoint. Email security it provides at the API level, so it offers both MX Gateway and API, but usually we deploy it using API.

TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves, or the agent handles it. In this case, the agent will give you the logs.

TrendAI Vision One also has an XDR. This XDR helps you collect logs from multiple sources. It will correlate the logs of your databases, your endpoint, your servers, your mail, and using all these data silos, it will give you a report if any anomaly or any malicious file is detected or any virus pattern is detected.

Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.

It uses AI to check the logs, to find the malware or to find any phishing attack. It uses an AI and ML engine for that. There is also another AI agent inside the console. For example, if I want to find a policy or check a user, the AI agent can assist me.

They have recently launched a Zero Trust Secure Access, which is a version of SASE. Using their single agent, which is for endpoint, the same agent you can use for Zero Trust Secure Access. So you do not have to install multiple agents. One single agent can work for multiple things for SASE and for endpoint.

Its deployment is easy and fast. TrendAI Vision One console has all the features, like one single console provides email, email security, endpoint security, server and workload protection, XDR, cyber risk management, all the things in one console. It provides a good overview from a CISO and manager level. Whenever I have a meeting with the management, I show them that. Your cyber risk score is this much, from a comparison point of view.

It has another feature which can detect the unknown processes or malicious processes using its AI technology, which may be forming or in the initial stage of a ransomware attack. It is quite good in capturing that also.

From the functionalities perspective, the agent is quite heavy as it can scan different types of files.

None of my customers have faced any attack. We have detected many attacks using ransomware protection and phishing detection.

Although there is a point of improvement in the endpoint protection.

Email security sometimes may lead to some true positive attachments.

One thing I would say is not a good point is they do not have a specific licensing structure. If I bought licensing for 500 users, they convert the licenses to a credit system.

If I am a mid-level enterprise, it provides everything like an integrated DLP. I do not have to spend more money buying other solutions. One solution is enough to cover my DLP needs, endpoints, XDRs, and email security.

In endpoint also, if I have 500 customers, and if I want to change a policy, I have to make a new policy for them and add them to it and then change the policy. This is a complex process.

Management is a bit complex and it could have been easier.

The positive point is centralized management. If you are a mid-level enterprise looking for a solution for most of your cybersecurity products, TrendAI Vision One is a good centralized platform. You should go for it.

I have been working with TrendAI Vision One for almost one year.

Since TrendAI Vision One is a SaaS-based platform, I have never faced the issue of the platform going down or any issues on the console. It is hosted on the cloud, so it is good. I have never faced that issue.

TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves. But in this case, the agent will give you the logs. They have an investigation team that will give you an EXE to collect the log and EXE to clean your system, a diagnostic tool.

Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.

Positive

I have used other tools such as Check Point. In email security, the number of false positives is less in TrendAI Vision One in comparison to Check Point.

Within a day, you can deploy the whole solution in your whole company, maybe 500 users, 1000, or 2000. Within a day, you can deploy the solution of email security.

The first benefit is the ease of deployment using API. You simply have to link the Outlook or the Google Workspace API and within two minutes it is synced.

For endpoints, you have a script. You can simply run that script in your AD server and you can install multiple agents in a few minutes on most of your machines in the network.

I am currently dealing with Trend Micro and TrendAI Vision One. I started working on an on-premises option for Trend Micro called the Deep Security Manager in 2014. After changing companies, I continued working on the Deep Security Manager for approximately a year or one and a half years. Later, we moved to Cloud One, and after that transition, we had customers interested in the XDR solution, so we migrated those customers to TrendAI Vision One. Altogether, starting from 2014, I have extensive experience with Trend Micro.

We use TrendAI Vision One platform for consolidated security across hybrid environments. We have onboarded one AWS customer recently and have also onboarded multiple on-premises servers, though we have not onboarded Google Cloud. Our solutions include AWS and on-premises deployments.

I am the point of contact in my company, dealing with the customer and with the Trend Micro seller and partner.

The IPS module is the best module in Trend Micro and helps us address the top security challenges. We have many ways to modify it, including enabling detection only mode or using it after a month or two of monitoring to move to prevent mode. When we come across any CVEs and submit them to Trend Micro, they immediately create an IPS rule, and detection happens within the next moment. IPS is one of the greatest parts of Trend Micro, followed by Anti-Malware and then Web Reputation. These three modules are my favorites in Trend Micro, and they are seamless with very frequent detection. Mostly malicious or suspicious detections occur, and I have rarely seen negative detections with Web Reputation or Anti-Malware.

TrendAI Vision One provides centralized visibility and management across protection layers. TrendAI Vision One is quite simple when compared to CrowdStrike, and Microsoft is simpler, but when we compare it with CrowdStrike, it is much simpler. I do not feel any complexity in that. TrendAI Vision One was a bit new for us, but after working on it for a couple of years and exploring all the options, it seems to provide quite a seamless feature. The navigations are easy and help us understand exactly what we need to do. We have run around the playbook and workflow, which makes it better. When it comes to CrowdStrike, TrendAI Vision One is quite simpler in terms of complexity.

TrendAI Vision One has helped reduce our time to detect and respond to threats. The important aspect is that we can customize the playbook and workflow, which makes our SOC workload easier. TrendAI Vision One has helped consolidate our use of security vendors and reduce silos to an extent. There are some inputs that we have to gather and enforce based on our experience. No product has given us 100% satisfaction so far, but unless we experience it and put in our experience and talk to Trend Micro and make some changes, it will not help.

I do not find TrendAI Vision One difficult because I have been working with Trend Micro since 2014. When it comes to CrowdStrike, it is a bit complicated. They do have documentation, but if we miss a small single point, we might end up not connecting our resources to CrowdStrike. That is not the case with Trend Micro; it is quite simple. I feel more comfortable with Trend Micro rather than CrowdStrike.

TrendAI Vision One has AI built into its platform. It is not only Trend Micro; even when we talk about CrowdStrike, the SALET AI is also awesome. The AI narrows down the time. If I receive an incident, I can ask the AI to give a description or a client-facing email template, which is quite helpful. This has reduced our response time by more than 70%.

Approximately 30 to 40% of false positives have been reduced. This all depends on how long we have been working with TrendAI Vision One. As we gain more experience, we learn what exactly it is. I am actually an intermediate between the TrendAI Vision One console and the SOC team. The SOC team comes to us stating there is a lot of noise around certain alerts and asking what can be done about it. Then we go ahead and do some workflow automation and exclusions. Exclusions are quite simpler when it comes to TrendAI Vision One, and even the workflow automation and playbooks are quite easier. I have deep knowledge of the playbook when it comes to Microsoft, so I know how to build those playbooks within TrendAI Vision One. I would say there is a 30% to 40% reduction of false positives, and we are still working to reduce it further.

When we talk about improvements in TrendAI Vision One, the first thing I consider is to bring the pricing down, considering there are many competitors in the market. The second thing is that once CrowdStrike came into the market, it became the biggest competitor for Trend Micro. The way CrowdStrike exposes themselves or makes themselves public, Trend Micro is not doing. That is one concern where they lag in the market as of now.

Previously, there were some issues navigating between Cloud One and TrendAI Vision One, but now they have migrated completely to TrendAI Vision One and we can use it for everything. We are not even logging into Cloud One anymore. If they remove Cloud One completely and bring all its options into TrendAI Vision One, that would be a great option. They are working on it and I believe the migration should be completed by this year, so we will no longer see Cloud One.

The updates are quite frequent when it comes to Trend Micro. As of now, I know there are six cycles of security updates happening. If they could break down this process, that would be beneficial because we have recently seen that there were some security updates missed. Based on our feedback, we found there are actually six security updates available per day. We have gone ahead and configured the security update scanning. That could also be a point we can discuss with Trend Micro, and the discussion is in place.

An additional feature I would like to see in the future is for the dashboard they present to be made more interactive, more visual, or more attractive. That would be a gaining point for me.

I joined the security field in 2020. I was an endpoint solution engineer since 2014, but I came to the SOC team in 2020, so I have been in this field for six years.

I have no problem with the technical support of TrendAI Vision One. I would rate them an eight, ten being the highest.

We have a customer now who is interested in the Cyber Risk Exposure Management capabilities, and we are exploring around it. We have been using exposure for Microsoft and CrowdStrike, but we have not used it for TrendAI Vision One so far. We have a customer now who is interested and we are preparing a draft for them.

We are both a partner and a reseller of Trend Micro, purchasing and selling licenses. We have also been a partner with CrowdStrike. We are a partner and reseller for both CrowdStrike and Trend Micro.

The pricing of Trend Micro is a bit high, but when we compare it with Microsoft products, the pricing is a bit high. When we compare it with CrowdStrike, it is competitive, both providing a similar kind of solution. When it comes to pricing, both are a bit higher. Considering the security that they provide, it is acceptable to go ahead with that price.

There are two options for purchasing TrendAI products. Some old customers still rely on AWS Marketplace, whereas for new customers, we directly engage with Trend Micro to buy and resell licenses. There are legacy customers who have the license through AWS Marketplace, but any new customer that comes in, we directly have a word with Trend Micro and we purchase and sell the license or we do an MSSP for them.

My overall rating for this review is eight out of ten.

My use case for the solution is primarily for EDR purposes, but we are also starting to use the CREM.  This technology allows us to see our endpoints within seconds to ensure they are NIST 800-83 compliant.  This technology is critical in today's world as there are many customers requiring this now.  

We have used advanced threat intelligence, and we continue to do so. There is a way to run a threat query to find where a certain item is located. For example, Quick Assist from Microsoft was used a while back to gain access to our environment, and we didn't know it at the time. Of course, we've since locked that down. Now, we can also use that query we created to monitor if someone tries to use it again. I recently saw an attempt to use it, but they couldn't succeed because we have it blocked. It's really good to know these things, and without the available technology, we wouldn’t be able to do this.

Trend Vision One's automation capabilities have helped, for example, with atypical travel. We have a playbook set up. When Trend Vision One finds someone signed on in the United States and then catches them signed on in Africa, it will immediately run a playbook. This will disable that profile and prohibit that person from logging in. That is huge when you consider the possibilities of what could happen if we didn’t have that feature.

Our response time is greatly enhanced because of all the features that Trend Vision One offers. It simplifies things and makes it clear what’s going on inside our environment. With just a click of a button, we can get the information we need. We can mitigate issues very quickly using Trend Vision One. We can isolate endpoints, effectively removing them from the network while still accessing them through the Trend Vision One console. Additionally, we can run malware scans instantly on computers, and there are so many features available that it can be hard to keep track of them sometimes. Overall, Trend Vision One has really helped a lot. When it comes to time savings, I would estimate that our response time has improved by at least 40%.

Using this solution has benefited our business greatly. It keeps me informed of everything happening in our environment. We have site admins at every location with specific admin authority to do certain things. Trend Vision One monitors that, allowing me to validate actions taken by admins. Trend Vision One caught various incidents, and it gives me a clear understanding of our environment and its activities, with quick searches and deeper capabilities.

With Trend Vision One, my favorite feature is the app they provide. You can turn on different features and notifications. The other night I was sitting at supper when the app went off, and I got an alert that was very strange. It turned out to be an event, and we got our cyber team together to mitigate the issue with Trend's IR Teams help, preventing any major problems. That app is a lifesaver.

The dashboard provides extensive information. It gives detailed information regarding endpoints and servers, tracking everything. You can search for things and run threat analysis. There are many features within there, and it's difficult to pinpoint one because all the features work very effectively together.

The centralized management feature contributes to faster decision-making within our security operations, greatly enhancing our response time. With all the features that Trend Vision One offers, it simplifies things. It clarifies what's going on inside your environment; with a click of a button, you can see what's happening and mitigate very fast.

In Trend Vision One, there is always room for improvement. The console is well done, but there might be a bit of improvement needed with the app's capabilities. I know they are constantly working on it, and they have regular Webinars "What's New In Trend Vision One" to share updates and enhancements that are taking place.  

Trend also allows its VIP customers to pretest new features or products and enables us to give feedback on those we test.  This is an incredible benefit to Trend's VIP program.  I do not know of any other product like Trend Micro.

I've been using this solution for quite a while. It was about eight years ago when our company had Trend implemented at every location. We have eleven locations overall. In my opinion, it wasn't managed properly; the situation was quite poor. There were many updates that were needed. I approached management and expressed my desire to take over the project. I said, "I want this. I will do it, fix it, and make it work." Management agreed and gave me the responsibility.

What I did next was take all the servers, fix and upgrade them, and prepare them for migration to one on-site server. After that, we decided to move to the cloud. I gathered everything together and worked with Trend to get all of our endpoints and servers transitioned to the cloud. It's been an ongoing process with Trend, as there is always something that needs to be done.

I rate the stability of Trend Vision One as a ten out of ten.

I would rate the scalability of Trend Vision One as nine out of ten.

It is really good. They even have a feedback system to report suggestions or problems, which are addressed promptly. We also benefit from 24/7 monitoring, and we have direct contacts for technical issues and ongoing weekly support calls.

I would rate them a nine out of ten. There's always room for improvement. Five years ago, I would rate it as a five, but support has significantly improved in availability, responsiveness, and keeping me updated.

We purchased the software through CDW, which used to be called Sirius. That's how we acquired it. I have several contacts at Trend that I can reach out to directly, as I have been working with them for about eight years. They have helped me implement the software directly. I worked with Trend through the entire process. They have a learning platform with videos that break down each product. They show you step-by-step how to implement or use each solution. Trend Micro Service One, monitors our corporation, 24/7/365 support service. We can contact a representative, and they’ll get back to us if we encounter any problems or technical issues in our environment. They’ll even join us on a conference call to help. We also have a weekly call with them, where we can ask questions, and they guide us to the right resources and documentation. It’s really an incredible support package.

It wasn’t complicated to deploy. Now they offer a product called Server and Workload Protection, which is tailored specifically for servers. We're in the process of upgrading our servers to use this product. It’s more focused on server-specific security and functionality. When I used it about five years ago, the process was quite complex. I had problems and issues. Over the years, we moved away from the product — about four years ago — and we’re only now starting to return to it. The changes made in those four years are incredible. It’s like night and day. What used to take me days to deploy to one server now takes about half an hour. Trend is constantly updating, enhancing, and improving how things are done. It’s a continually evolving package. They’re even integrating AI capabilities now, which will greatly enhance what Trend products can do.

The capability of Trend Vision One to be deployed both on-premises and in the cloud has been extremely beneficial to my organization in terms of flexibility and scalability. Being in the cloud eliminates the need for on-prem servers. With several divisions, managing all of those on-prem servers was a nightmare. It was not an option, so I migrated to the cloud, which is a one-stop shop. We have our entire corporation in the cloud, making it easy to see everything without logging onto multiple servers; this saves a lot of time.

The solution itself does require some maintenance. The updates are automatic, so we don't need to manually check. However, some endpoints have to be maintained more carefully, ensuring they are fully updated because missing MS updates can prevent Trend Vision One from working correctly. It's good practice to keep everything up to date, which is crucial for managing over 1,000 endpoints and 200 servers. Trend Vision One allows us to see all software on a person's computer, even outdated web browsers, and it flags potential threats, which is an incredible feature.

In my organization, approximately three people work with Trend Vision One.

In terms of return on investment, I've seen a 100% return. It has paid for itself. Our company went through a ransomware event, and if Trend Vision One's IR Team had not stopped it, that could've closed the company's doors.

Trend Vision One is definitely cost-efficient compared to other solutions. I have seen others that are double or triple the price. I'm surprised Trend Vision One hasn't raised their prices, considering everything offered. Depending on the features selected, cost varies, but overall, endpoint and server security is very reasonable.

Comparing Trend Vision One to other solutions, I've seen other vendors with complicated software requiring extensive training to understand. If software is that hard to learn, I don't find it to be a viable solution. Learning takes weeks or months, potentially creating holes in security instead of securing it.

I would absolutely recommend Trend Vision One to other users because it's cost-efficient and it just works. It tells you what you need to do, alerts you of threats, and informs you about software needing updates. They have an IR team that is exceptional and works on the mitigation and remediation until all issues have been resolved!  Over time, it becomes easier to understand, especially moving from on-prem to cloud deployment; there's no comparison. 

I would rate the solution overall as a ten out of ten.

As a reseller for the Trend Micro solution, I also consult for the product, as we are a reseller cum consultant. TrendAI Vision One is a platform that supports multiple solutions, including endpoint security solution, identity security solution, email security solution, and network security solution.

In the past few months, I have worked on around twelve to fifteen use cases for Trend Micro's solutions, including endpoint security with web security and zero-trust secure access. I have also provided a cloud security module as a separate use case for a customer, and I have predominantly worked on other use cases such as IPS, TippingPoint, and intrusion prevention systems within the TrendAI Vision One console.

The major advantages of TrendAI Vision One are its good visibility across our infrastructure, providing detailed visibility on emails within TrendAI Vision One Email Security, including how many emails are received by mail servers on a daily, weekly, and hourly basis.

The second advantage is that since TrendAI Vision One is a single platform, it offers surface attack surface monitoring, allowing me to monitor different types of end nodes, such as servers, mailboxes, and users, which enhances incident response and investigation activities.

Cyber Risk Exposure Management (CREM) in TrendAI Vision One is one of the best functionalities, as it helps identify blind spots by discovering resources in multiple environments, such as on-premises data centers and various cloud platforms including Google Cloud Platform and Azure.

Switching to TrendAI Vision One has improved the security posture and endpoint security deployments by around twenty percent compared to the previous vendor.

The ability of TrendAI Vision One to reduce time to detect and respond to threats can be improved. To identify and detect sophisticated attacks effectively, I need a better detection rate and minimal time to respond.

While the major area for improvement in TrendAI Vision One is the time to detect and respond, apart from that, it is actually good, with great visibility and functionalities.

I have not yet examined whether TrendAI Vision One helps to consolidate the use of security vendors and reduce silos, but I believe it may have a partial silos working model as there are certain isolations that happen.

At this stage, we are not utilizing the full potential of AI in TrendAI Vision One, as we have not gathered sufficient feedback on its performance.

I have been working with Trend Micro for the past six to seven years, and the whole company actually evolved from Trend Micro to TrendAI. TrendAI Vision One has evolved in recent months.

Stability and reliability in TrendAI Vision One can be improved, but I would rate it as good, around a seven out of ten. I have faced issues, especially regarding stability, and while improvements have been made, I cannot say it is perfectly stable.

In terms of scalability, TrendAI Vision One is scalable based on license purchases, but it does have some limitations, as it is credit-based licensing to an extent.

I find that customer support from TrendAI has improved, and I would rate it around seven out of ten. Technical support is improving, but there is still potential to be better, particularly in their level of expertise.

TrendAI Vision One differs from Trend Micro Vision One in that key components have been integrated, but more or less, all other functionalities remain very similar.

The installation procedure for TrendAI Vision One is easy, but understanding the console can be quite complex.

In terms of ROI, TrendAI Vision One provides a better return on investment compared to Trend Micro, as it offers multiple solutions that yield more security and a better security posture compared to third-party solutions. I would say the ROI is around fifty to sixty percent better compared to other products.

Regarding the price, setup cost, and licensing, it is quite affordable and the pricing model has improved, making it better than before and not as expensive compared to other brands.

Comparing TrendAI Vision One to competitive vendors including SentinelOne, the detection rate is not that bad, and while there are other vendors with better detection rates, the key selling point of Trend Micro is that it is a platform offering multiple solutions, including third-party integrations, which is unique compared to other vendors.

According to the MITRE framework, the detection rate of TrendAI Vision One is around eighty-four percent.

Regarding false positives, they are common with every other solution, but the generation of false positives heavily depends on the configuration. The purpose of the product is to alert the admin team whenever a suspicious process is triggered, and whether it is generating too much noise is based on how it is configured.

TrendAI Vision One sensors are indeed critical for coverage in our organization's network, but some customers have complained about bandwidth usage; however, I believe it does not consume excessive bandwidth when configured properly.

I would rate TrendAI Vision One around eight to eight point five, possibly even nine, in overall satisfaction.

We operate as an MSP. Most of my clients are financial institutions, such as one of the largest banks in Pakistan. We primarily serve enterprise-level financial institutions and banks. 

The best features in TrendAI Vision One are the workbench and the XDR feature for the playbooks. We continue to use these two features extensively. 

We also have our own product called SIRP, which is a SOAR platform, and we integrate it with TrendAI Vision One for automations, alert information, auto enrichment, and IOC enrichment. 

We appreciate that TrendAI Vision One provides a good API with actions for our SIRP operations. 

While we did not calculate specific MTTR and MTTD metrics, it has significantly reduced suspicious alerts and benign alerts compared to what we previously experienced.

TrendAI Vision One provides its own MDR services for detection capabilities, similar to CrowdStrike. Their team collaborates effectively with us on response and detection. The solution doesn't require frequent maintenance, and services are not regularly interrupted.

Areas that need improvement in TrendAI Vision One include the AI-based mechanism, AI-based detections, and AI-based autonomous detections, which are currently lacking. Additionally, they need to add more integrations to their playbooks. They should lower the cost for integrations as they charge for each individual integration. TrendAI Vision One does not initially disclose to customers that they need to purchase additional licenses and pay more for integrations. They need to modify their licensing mechanism and improve their AI-based detections.

We have been using TrendAI Vision One for approximately six to seven years. We provide services to different customers on various security controls and security products.

TrendAI Vision One demonstrates strong stability, warranting a rating of seven out of ten.

TrendAI Vision One is scalable. For DMG area operations, they have their own dedicated product available.

I cannot provide detailed feedback about TrendAI Vision One support as we haven't needed to utilize it extensively. The configuration process is straightforward enough that we rarely require support assistance.

Neutral

Most of the enterprise-level clients use CrowdStrike or Cylance. TrendAI Vision One or TrendAI Vision One Apex Central is used by most smaller banks, while bigger banks predominantly use CrowdStrike and Cylance.

In Pakistan and the MENA region, clients prefer on-premises deployment unless cloud services are available. When cloud hosting is located in the US or other countries, Saudi and UAE clients typically opt for on-premises deployment.

Vision One is very easy to deploy. We don't have to do much of anything on that. We just have to deploy the agent, and we have to configure the policy. It's not very complicated.

Regarding pricing, TrendAI Vision One offers very competitive rates compared to CrowdStrike and Cylance. Customers who cannot afford CrowdStrike's pricing can easily opt for TrendAI Vision One.

We are not a partner with Trend Micro; we only provide deployment services. TrendAI Vision One can generate false positives; however, this depends on the whitelisting configuration, particularly in the application control area and IOC whitelisting. The detection mechanism is good, though CrowdStrike performs better in detections and reducing false positives due to its behavioral-based analysis and AI-based features. In comparison with other vendors, CrowdStrike ranks first, followed by Cylance, then TrendAI Vision One. Cylance and TrendAI Vision One can work together effectively.

I would primarily recommend CrowdStrike, and then TrendAI Vision One for customers with budget constraints. CrowdStrike's recent launch of a new AI model and features such as the MDC module for comprehensive log collection provide superior visibility and control compared to TrendAI Vision One.

The overall rating for TrendAI Vision One is seven out of ten.

TrendAI Vision One serves as my use case starting simply with its sensor agent as a basic Endpoint Detection and Response solution. After that, we started using its endpoint protection, and now we are integrated with its NDR solution, which is Network Detection and Response. We are moving forward towards its complete suite.

The best features of TrendAI Vision One that I prefer most are two main ones. One of them is its Attack Surface Discovery, which gives us the overall security posture of our network. The second is its Observed Attack Techniques section, which is mapped on MITRE ATT&CK and gives us an overall view of what is happening in our system and provides us with automatic detections based on the telemetry data.

One area that has room for improvement is the interface of TrendAI Vision One, which is very slow due to its data center being based in America. If the data center were in a nearby location, its response would be very quick. I think just the interface because everything else we can find in TrendAI Vision One such as endpoint protection, D-SIM security, DLP solution, and FIM, so there is nothing left behind.

I have been using TrendAI Vision One for almost two years.

I would rate the stability of TrendAI Vision One as nine because in the last two years, we have never had downtime except for one recent incident when Azure cloud was down, which was from Azure's side, not from Trend Micro. Overall, we have not received any downtime from Trend Micro's end.

TrendAI Vision One is very scalable. We can integrate different solutions with it and perform some type of automation with this solution, so it is very scalable. I would rate it nine.

I would rate the technical support that Trend Micro provides as seven point five. It depends on the functionality we are using. In most cases, the support quickly resolves the issue, and in some cases, they take some time.

Positive

The deployment of TrendAI Vision One is very handy. There are not any complex issues I faced during the deployment, and it is a very quick deployment. The different guides they provide during deployment and for other configurations help us a lot in the overall deployment of the solution. The deployment process took approximately one point five to two months overall. We are working on an enterprise solution, so for each step, we have to do some testing on the configuration and then we do a full deployment. We are still testing its new features and enhancing it, so it is an ongoing process for us.

We are using the sensors of TrendAI Vision One to cover almost seven thousand endpoints. It is covering our enterprise endpoints, and it is very critical to get overall telemetry data from all of the endpoints. It gives us better visibility into what is actually happening on these systems.

The top security challenges I faced in my industry before using TrendAI Vision One were about getting the whole telemetry data, meaning what is actually happening on the system. SIEM solutions only get limited logs, and secondly, we could not calculate our attack surface, which means what is our proper security posture and where we are standing according to our security level.

My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers is that it provides overall very good visibility in the network. It gets integrated with other security solutions, and we can centrally manage it. It can be integrated with our Active Directory, our firewalls, and security solutions for automatic IOCs blocking. In that respect, it is very much better.

Regarding the Cyber Risk Exposure Management, it helps my organization identify blind spots by calculating based on the vulnerabilities identified on our endpoints, the configuration settings on different endpoints, and on the Active Directory level, the number of alerts we are getting from different points. By calculating all of these, it gives us an overall percentage. Based on that, we assess how we are actually standing in terms of our security posture.

The solution has helped consolidate the use of security vendors because we are also using its MDR service for critical and high-level alerts, and it is cloud-based, so we do not usually need any type of vendor support to solve daily issues. If we get anyone, we can directly open a case with TrendAI Vision One, and the issue can be solved within one or two days.

Almost fifty people use the solution. They are all in Pakistan and working on-site.

The Service Gateway Management machine we use in our network requires maintenance on a monthly basis or every one to two months when we get a new update from them. To manage the different types of functionalities it provides, its license is credit-based, so we have to carefully use all of the functionalities provided by TrendAI Vision One. So it requires some type of maintenance as well.

Maintaining TrendAI Vision One is very easy and very handy.

I do not know the exact pricing of TrendAI Vision One, but the type of structure licenses they provide is very useful for us. We purchase overall credits and can use these credits according to our needs. So the structure of licensing is very much better than other vendors.

I chose TrendAI Vision One here in Pakistan because we have their principal support here in Pakistan, and we can directly connect with them and reach out to them. So the main purpose of purchasing TrendAI Vision One was its principal support.

TrendAI Vision One has reduced our time to detect and respond to threats almost sixty-five to seventy percent. We get alerts in real-time on the Observed Attack Techniques section, and for the higher critical alerts, our MDR service from Trend Micro sends us an email alert within approximately thirty minutes, and they also give us a call reminder to respond to that alert. Then it depends on us how we respond to that alert with different teams and come to the solution.

I cannot quantify by how much TrendAI Vision One has reduced our false positives, as we get false positive alerts on a daily basis. But in the high and critical section, we only get the most relevant alerts. In the medium and low sections, there are very false positive alerts and we are working with Trend Micro and our vendor to reduce these observed attack techniques.

I would recommend TrendAI Vision One because it provides many services in a single console, such as Attack Surface Discovery, awareness session, vulnerability, attack simulation, DLP, and many other EDR services, NDR services, and email security gateway. I would recommend this suite as one console can be used for many solutions.

It is very important for us that TrendAI Vision One has AI built into the platform as we are doing a proof of concept for its new technology, which is called ZTSA. The industry is evolving with respect to artificial intelligence, and we have to secure that area from both data leakage and data protection. So it is very important, and we are doing a proof of concept of ZTSA, which is its new feature of TrendAI Vision One.

I rate this review nine overall.

I have experience with TrendAI Vision One, specifically using endpoint security, email security, and all of the modules that are used most commonly.

We mostly install TrendAI Vision One endpoint security in all client organizations, configure everything covering endpoints, servers, emails, and then work on the alerts for them as the need arises.

We are using the sensors that are included in TrendAI Vision One.

TrendAI Vision One has helped me to consolidate my use of security vendors quite a lot. Many of my clients were using different brands of antivirus for the server security and endpoint security, and another product for email security. Because of TrendAI Vision One, they were able to combine all of them in the same console. This reduced a lot of siloed tools.

I am quite impressed by the speed with which the server policy gets deployed. While the endpoint policy takes about 15 minutes to get assigned to the system, server policy is quite quick in that regard.

The coverage of these sensors is quite vast. When compared to other antiviruses, we found that TrendAI Vision One does cover quite a lot of ground.

The endpoint security policy for standard endpoints with TrendAI Vision One takes a lot of time. It would be beneficial if there were DLP features in it, as many customers require that. While TrendAI Vision One's full suite is quite impressive, customers have to find another product for DLP and file monitoring. TrendAI Vision One does have a not fully-fledged DLP in the endpoint security part, and it sometimes hangs up the PC when we apply it.

The alerts could be better because when an alert comes for an email that has been compromised and found on the dark web, we cannot quite find where it got compromised from.

The network part is something that needs to be worked on because most of the time we have to look at the firewall to get the full scenario or coverage.

We have found a lot of performance issues with TrendAI Vision One agents. They are not lightweight. The first time I used TrendAI Vision One, the agent was 500 MB. Now that I am using them, the initial size is 800 MB. Sometimes the CPU utilization is so high that the computer crashes or lags behind. This is a really big concern for everyone using TrendAI Vision One.

TrendAI Vision One is quite a good tool because there are not any issues in scalability. We can easily add more licenses to it and increase our organization security. Scalability-wise, it is good.

I have contacted the technical support or customer support of TrendAI Vision One quite a lot.

The engineers are quite helpful when they respond, but I have found that sometimes the assigned engineer responds to the first query a bit too late. I can see in the portal that the engineer has been assigned to my case, but we have to prompt them to give us a reply because nobody is answering. We have to call TrendAI Vision One support sometimes. Once we start the case, the responses are quite helpful, though we have had to escalate some of the cases quite a lot when customers need it.

Negative

I have not basically used any alternatives to TrendAI Vision One. I have tried CrowdStrike and Symantec. Symantec is so far out of TrendAI Vision One's reach and CrowdStrike, I have not used it much, but it is a bit harder to configure than TrendAI Vision One. I find TrendAI Vision One's UI much easier.

The initial deployment of TrendAI Vision One is quite easy since it is basically a cloud-based app, and you just have to deploy the agent.

If integrating AD with TrendAI Vision One, I am sure only one person would be needed. If you have to deploy and install the agents directly into the systems, at least four to five people are needed if the size of the organization is for 1,000 to 2,000 employees.

It would take one or two months to deploy TrendAI Vision One for a client, but mostly because sometimes things get delayed on the client side.

No maintenance is required on our side for TrendAI Vision One.

I am not into sales, but we have lost a few customers because of the pricing of TrendAI Vision One. They seem to gravitate to Symantec and others because their pricing range is quite less than TrendAI Vision One, and we have lost them because of that.

My review rating for TrendAI Vision One is 9 out of 10.

TrendAI Vision One is used for XDR.

TrendAI Vision One is more limited, but the strong part is its minimalist design, allowing you to know the most important information about the incident. This is the strong point.

TrendAI Vision One helps consolidate security software across hybrid environments, and I think it is useful, especially when integrated with another tool for some clients. It is so useful to get a first analysis or to get some CUs with TrendAI Vision One, so it helps.

The solution saves time approximately by 80 to 90 percent; it is very simple.

To provide centralized visibility and management across various protection layers could be better. I would add different interfaces as I really appreciate how CrowdStrike manages the datasets. An interface where you can select the different events that happened in the incident would be beneficial because in TrendAI Vision One the information is very basic; you get all the information raw in a column, which I would improve by adding an advanced search feature similar to CrowdStrike where events can be filtered. This would make the analysis better for the client who is receiving the information.

TrendAI Vision One has room for improvement regarding different interfaces, specifically similar to the Event Simple part of CrowdStrike where you can identify what happened. It would be helpful to have an integrated identity module, because sometimes I want to see who executed an incident, such as a PowerShell command, to know if it was an admin or the local user of the machine. If I cannot see that, I do not know anything. Integrating the identity module would be beneficial.

I have been working with TrendAI Vision One for one year and a half.

I rate the stability of TrendAI Vision One as a ten because I did not have any problems with it.

The scalability of TrendAI Vision One would be around a six; it is appropriate for smaller companies, but for bigger ones such as Nike, I would say it would not fit as well.

Using TrendAI Vision One has reduced the time to detect and respond by approximately 20 percent up to 80 percent; the strong point is that it is simple, making it fast and easy to learn.

When an incident appears in TrendAI Vision One, I open it and on the first page, you get to see the timeline of where all the different assets appear, including the host and other information. It is helpful because you get directly all the information by taking a look at the host involved. For example, if it is a server and you see SSH commands, it may fit with your conclusion. After that, I open the XDR part where you see in raw form all the different information. Finally, I can use the XDR view where you can filter using their raw SQL language to filter all the different incidents, for example, by endpoint GUID, something I usually use.

The risk reduction from using TrendAI Vision One depends on various factors. If I only get to use TrendAI Vision One and not any other tools, I think it would be approximately 80 percent, because if you have normal incidents, it is helpful, making it easier for the team of the final client to read the information. However, for real incidents requiring forensics, if you have to activate forensics, I think you would have difficulties, so I would say around 80 percent.

The importance of AI built into TrendAI Vision One is relatively recent for me; it is helpful to have a direct verdict, but I prefer to make my manual verdict. I would say it is important at a level of five for me, but for some inexperienced analysts, it might be at a level of five or seven because they will rely on that.

TrendAI Vision One is more simple compared to other solutions, but it could be useful for controlled cases if you have a small enterprise where the same software is used, making it interesting for situations where you are familiar with specific CUs. In my opinion, it would be more interesting than Cortex for smaller incidents, while I would prefer Cortex for larger cases than false positives which will be better managed by TrendAI Vision One.

My clients may be less than average because TrendAI Vision One is not that widely used. I think it is getting used less, but perhaps with the AI update it will be used more. I would estimate around 5 to 10 clients, approximately half of my client base.

Learning TrendAI Vision One can take anywhere from two weeks to one month.

In my opinion, TrendAI Vision One gets the information easily, but it does not really help reduce false positives by itself; you have to do the final work. I would say it helps with false positives around 80 percent because in TrendAI Vision One, you can see the verdict, plus AI is assisting with it.

I would recommend TrendAI Vision One, telling potential users that it is very easy to use, but it would be useful to learn how to use SQL for deeper analysis of different modules, which is important. Knowing how to use the different modules that your client has integrated will make a significant difference.