TrendAI Vision One Reviews

Our use case for Trend Vision One is for our security platform. We use it for antivirus, XDR, and network telemetry purposes.

Trend Vision One helped us to consolidate our use of security vendors and reduce silos. We had three or four consoles from different products, and we consolidated them into one console with this product. 

Trend Vision One helped reduce the time to detect and respond to threats by 70% to 80%.

Trend Vision One has helped us reduce noise from false positives.

We have been using cyber risk exposure management for 2 months since upgrading in April. It helps us identify blind spots by providing more visibility and insights into our environment, making it a valuable feature. 

We use the network sensor, and its coverage is critical. With SIEM, we gain substantial insights into our environment, and having a complete 360 view is necessary in today's security world. It reduces the risk by 50%.

Having AI built into the Trend Vision One platform is important for our organization. It reduces many manual steps, resulting in more and quicker detections and advanced automation for remediation, improving efficiency by 60% to 70%. The solution aims to reduce risks and enhance detection.

I like how easy it is, and there is a single pane of glass. We have one console for everything. 

Trend Vision One provides centralized visibility and management across protection layers. It has the functionality of different products and management of a single pane of glass. We have one console for everything. As a security engineer, it's easier to check the alerts and find everything. It consolidates a lot of consoles into one, and that's what we like most about it.

Vulnerability scanning could be improved. They need to see more CVEs and scan products for known vulnerabilities, allowing for better display and review of potentially exploitable servers by hackers or through configuration settings.

We have been using Trend Vision One for approximately 18 months.

We haven't experienced any stability issues. It has proven to be stable.

The scalability of Trend Vision One is good.

I have contacted technical support from Trend Micro. The quality and speed of support are good.

Positive

It was easy. It took us one day to fully deploy Trend Vision One.

Some maintenance is required for updating agents on the servers.

The deployment involved just one person working with the vendor in one day.

Trend Vision One has reduced risks by 50%. We have reduced the response time by approximately 70%-80%.

When we have a good product such as Trend Vision One, the price is fine.

We have used Trend Micro products for many years, and we upgraded to Trend Vision One. We didn't test any alternatives, staying with what we've used for years.

I would rate Trend Vision One an eight out of ten.

My use case for TrendAI Vision One is deploying it for an entity within a company. I deployed TrendAI Vision One to protect all kinds of endpoints, including mobiles, machines, mailboxes, and servers.

The best features of TrendAI Vision One that I appreciate include its centralized nature, the Copilot AI agent, its simplicity of use, and the quality of their API.

TrendAI Vision One has helped reduce my time to detect and time to respond to threats by approximately 10%.

To improve TrendAI Vision One to a perfect score, I believe better pricing and more support would be ideal.

I have been using TrendAI Vision One for one year.

I would rate the stability of TrendAI Vision One highly, as there were no bugs. I would give it a 10.

Regarding scalability, TrendAI Vision One is scalable. I would give it an eight.

I rate the technical support an eight.

The coverage for my organization's network is critical. When we have questions, we return to them. When we need something, we return to them, and they were always available.

Positive

The risk reduced by switching to TrendAI Vision One is similar to other EDR or XDR solutions. It can detect malicious operations and threats, but the exact percentage is difficult to quantify. For the company I was deploying it for, we detected many threats. I would rate the risk reduction as a 10 because the company in question did not have an XDR or EDR solution in place before.

The deployment of TrendAI Vision One is easy; it is just an executable.

It takes almost one day for TrendAI Vision One to appear in the console.

In my organization, we had four specialists working with TrendAI Vision One: myself and three security engineers. I was the project manager.

I can estimate the ROI seen from TrendAI Vision One to be approximately 15%.

When it comes to pricing, I find TrendAI Vision One not expensive compared to other products.

I compare TrendAI Vision One with other solutions and vendors on the market, and we can see that it is well-placed in Gartner, so it is one of the best products.

TrendAI Vision One helps with centralized visibility and protection across multiple layers.

The visibility and protection provided by TrendAI Vision One allow us to see all the assets in one console, which is beneficial. We can also see all the features in one console, which is equally advantageous.

I did not use the cyber risk exposure management capabilities with TrendAI Vision One, nor did my clients use that for identifying blind spots.

The top security challenges in the industry include handling the decommissioning of old products, specifically a Microsoft product. Additionally, not all features are centralized in one console, which is not ideal for the correlation of investigations.

TrendAI Vision One is deployed as a cloud solution and a SaaS solution.

I used TrendAI Vision One sensors.

I would recommend TrendAI Vision One to other users because it is easy to use and easy to deploy, as these are the most important factors. The importance of having AI built into TrendAI Vision One is significant; I use the AI aspects. When I want to look for a feature, I go to AI. When I want to create, for example, an IOC, I go to AI, and it assists with this.

TrendAI Vision One use cases are mostly related to endpoints, such as detecting registry modifications or new software being added, as well as monitoring for malicious activities including PowerShell scripts, double extension files, ransomware, and crypto miners. Since I work for the financial sector, it is crucial to ensure there are no remote software programs running, especially regarding banking security.

TrendAI Vision One has two types of alerts that help reduce the time to detect and respond to threats. The first is based on alerts and workbench ID, while the second is host-based detections, allowing me to see all different threats on particular endpoints over a selected time frame. I can check for various endpoints affected by different alerts and customize this for specific time frames. Monitoring critical assets, threat hunting, and running queries are feasible tasks, providing a comprehensive overview of endpoint security and the ability to remove malicious files quickly.

One of the best features of TrendAI Vision One is its ability to let me remediate endpoints without disturbing branch users, as long as the endpoint is online and connected. I can delete files or take control through the console by informing the bank's security team to get approval. Another great feature is viewing alerts, segregating them by type and host, which makes it easier to fine-tune security and monitor critical resources. Additionally, the ability to create reference sets for known malicious hashes enhances detection capabilities across endpoints.

TrendAI Vision One saves resources and time. It provides better visibility of endpoints compared to other security management tools, which makes it invaluable. For smaller organizations that may not afford multiple tools, an XDR solution can handle their security needs effectively.

TrendAI Vision One allows mitigation of threats without interrupting branch users' regular work, which is its unique selling point.

The area for improvement is to provide more clarity on the query part, including examples for creating reference sets and documenting capabilities thoroughly so future users can benefit without needing to experiment.

Documenting the capabilities of endpoint consoles would also be beneficial for new users understanding what can be done effectively.

I initially used the first EDR approximately two years ago, and now I have been using TrendAI Vision One for eight to nine months.

The stability of TrendAI Vision One is good; I would rate it an eight.

I would rate the scalability at eight and a half.

I have not worked with technical support yet, so I cannot rate it.

Neutral

I have not worked with other solutions yet, so I can only speak to my experience with TrendAI Vision One XDR, which I find to be good for handling threats across endpoints.

I am not aware of the deployment process since I have not been involved with it.

Only a few of us are using the solution currently—my manager and I. Due to my background in threat hunting, I have admin access to monitor various alerts and create reference sets for potential threats effectively.

Only three or four users have access to TrendAI Vision One, including my manager and me from the vendor side, and two from the bank end.

I am a vendor hired for SOC security and threat hunting, working for IBM clients.

I cannot estimate the return on investment accurately, as I do not have insight into the financials. However, I can say that the tool is good, particularly the basic subscription which provides me with necessary tools and knowledge to protect security.

I do not have any information regarding the pricing, so I cannot comment on that.

Every organization typically installs antivirus agents on their endpoints and servers.

My false positives have decreased, but reducing them requires thorough investigation. For example, each endpoint has its own scanning device, such as Windows Defender.

Apex Central is attempting to stop the services of Windows Defender, leading to alerts when malicious behavior is detected. Through thorough investigation, I have identified that while Apex Central might not directly stop processes, it does so using CMDlets. Hence, I decided to whitelist that.

TrendAI Vision One reduces endpoint risk by approximately 60 to 70 percent; the remaining 30 percent can be due to other factors such as phishing and web interactions.

For small organizations, implementing TrendAI Vision One is a wise choice because it delivers great visibility and clarity on endpoint threats, enabling effective monitoring and quarantining regardless of the environment.

TrendAI Vision One sensors are being used on the endpoints.

I do not know if Cyber Risk Exposure Management comes under the basic subscription, as I mostly focus on threat hunting and do not recall using it.

If the suggested improvements are implemented, it will be even more flexible and feasible.

I give this review an overall rating of 9 out of 10, and I definitely recommend TrendAI Vision One to other users because it provides solid security for endpoint protection.

TrendAI Vision One sensors are used at the endpoint to gather information from endpoints, which has proven to be very useful. The coverage provided by TrendAI Vision One is critical for our organization's network because it's a comprehensive way to get all the relevant data from the endpoints regarding antivirus security and similar security settings.

Some basic features of the Cyber Risk Exposure Management capabilities in TrendAI Vision One are being used. Plans exist to expand the usage, but currently the overview of the cyber risk settings is checked, though it hasn't been used much in the last few months.

TrendAI Vision One has helped consolidate the use of security vendors and reduce silos, but other vendors have not been replaced. TrendAI Vision One alone is sufficient for current needs, so other vendors for such solutions do not need to be used, at least not for now.

TrendAI Vision One is used for consolidated security across hybrid environments.

The comprehensive overview of the security status is the most valuable feature of TrendAI Vision One. TrendAI Vision One platform's ability to provide centralized visibility and management is quite good because all the relevant data are present, providing everything needed. The interface is quite simple to use and all the relevant data can be seen there.

TrendAI Vision One has helped reduce the time to detect and respond to threats because information is gathered more quickly and all the relevant points are visible. If there's any problem, it can be seen much easier and quicker.

TrendAI Vision One has also helped reduce cyber risks because it decreases cyber risks as there is more control over the environment.

There are currently no particular suggestions on how TrendAI Vision One can be improved because improvements have been seen in nearly every version, and satisfaction with what can be seen and used is high.

Additional features are not desired to be seen in the next release of TrendAI Vision One because not all the features that are available now are being used. For current needs, everything is already there. Perhaps in the future something else will be needed, but everything that is currently needed is already included.

TrendAI Vision One has improved its integration with other products, with other vendors, or with mobile device management. The mobile device management solution has improved over the years and was pretty basic when it started, but now it has much more options. Some improvements could be made, but all the possibilities of the platform are not being fully utilized, so some features that could be discussed may not have been explored yet, though they may already be available.

TrendAI Vision One has been used for a couple of years.

There have been no problems with scaling TrendAI Vision One. The organization is not large, so there were no problems in scaling. TrendAI Vision One appears to be tailored for much bigger organizations, so no scaling problems were encountered.

There has not been much contact with technical support, though some checks and presentations were conducted, which were quite good. The response was very quick and all the information needed was received, resulting in high satisfaction.

Technical support would be rated nine out of ten. Regarding local technical support, it is also quite good through the partner network and directly. If something is escalated directly to Trend Micro, responses are received. There is high satisfaction with the current support level.

Positive

The initial setup of TrendAI Vision One was seamless because it was a migration from an on-premises Trend Micro service to a cloud-based one, so there were no particular problems.

External partners were used for the implementation of TrendAI Vision One, though the process was overseen. There was a transfer of knowledge during the implementation.

Return on investment from TrendAI Vision One has not been calculated in the traditional sense, but price-wise, it's a better solution than some others that have been looked at or researched. TrendAI Vision One is quite convenient for the organization.

Before TrendAI Vision One, a broader marketplace was evaluated. A granular possibility to purchase only needed options without purchasing unnecessary components was not observed in other solutions. The licensing model of TrendAI Vision One is the best among other solutions that have been seen.

For integrations with third-party solutions, integration was done for log management. Logs are downloaded or shipped from Trend Micro solutions to internal log management solutions, and there were no particular problems in integrations. Many other integrations specifically with Trend Micro were not conducted.

TrendAI Vision One is considered the best option on the market at the moment for this organization. TrendAI Vision One appears to be quite popular in the region, with many companies using it, both bigger and smaller organizations. A community provides information and support, making TrendAI Vision One popular in the area.

TrendAI Vision One has been using AI technologies already for some time, which shows awareness of the landscape. It is believed that TrendAI Vision One will tailor the solution accordingly, as AI is already being used in some solutions within the platform, indicating good direction for the product.

TrendAI Vision One provides learning courses, and events from partners sometimes offer opportunities to gather new information on the products. Additionally, a community is available, creating a good landscape for learning and support in the region.

The partnership program is not well known because collaboration is through partners, but it is believed that partner satisfaction is high.

TrendAI Vision One received an overall rating of eight out of ten.

Our primary use case is to secure our endpoints and servers via Managed Detection. We secure them using XDA and Trend Micro’s SOC. We secure it based on behavior so that we have someone to respond if there are unusual issues with PCs, even on weekends and holidays when we’re not onsite, and then they inform us. That’s why we chose Trend Vision One.

We have it deployed on all of our PCs, both Windows and Linux laptops.

The security coverage is very important for my company's network. It is a requirement under the NIS2 directive, which is now coming into effect in the EU. The coverage is also important for us because we operate 24/7, but our IT staff is not available around the clock. To fill this gap, we opted for Trend Micro’s XDR solution. Trend Micro’s SOC team can respond even when no one from our team is available.

They also make sure we are properly notified because if an email comes in at 3 AM on a Sunday, no one will read it but if Trend Micro's SOC team calls, someone will check immediately. That’s why we chose this solution.

The security coverage is also particularly important for us because, as a hospital running 24/7, we must ensure the security of patient data and maintain the IT infrastructure's operational capability. If our systems go down, it could directly impact patient treatment. Around 10 years ago, before we had Trend Micro, we experienced an attack and our IT systems were down for an entire week. That was incredibly difficult.

With increasing digitalization and more medical processes relying on computers, doctors need easy access to X-rays, prior medical examinations, and other records. Since all of this data is stored digitally, solutions like Trend Vision One become even more essential. Availability must be guaranteed, and we cannot afford a situation where a system gets attacked and taken down. That’s why it is crucial for us to have this protection in place.

The biggest security challenges in my organization are:

1. Preventing unauthorized external access.

2. Reducing the risk of employees unknowingly giving attackers access to the network due to inexperience.

That’s why we use these solutions, in combination with Apex One and Deep Security, to prevent such incidents. If a user mistakenly clicks on something they shouldn’t, the system can respond immediately and prevent damage before it occurs.

With Trend Micro Vision One we now have a comprehensive overview of our entire network of all of our endpoints and Active Directory. We also have an industry comparison feature that allows us to gauge our security status.

For example, our advisor recently reviewed our security score and confirmed that we are in a good position. That gives us peace of mind.

The SOC team is the most valuable feature for us. Having experts who monitor global threat landscapes and can respond accordingly is incredibly helpful. They keep an eye on our system and can intervene if necessary to prevent significant damage. That is the most important aspect for us.

That’s a bit tricky to answer. Trend Vision One is a powerful tool that provides a vast amount of information. It requires some practice to filter out the most relevant insights and respond accordingly like investigating specific endpoints when necessary.

Since we are still relatively new to the platform and have a small IT team, we haven’t been able to fully explore all of Vision One’s capabilities. However, the data we do utilize helps us react appropriately and address potential threats before they escalate.

A major advantage is that we can integrate Active Directory into Vision One. This means we get alerts if something unusual happens in AD, and these notifications appear directly in Vision One. I believe firewalls can also be integrated, though we haven’t done that yet as we are currently upgrading our firewall infrastructure.

Having a centralized platform where logs and security alerts from multiple systems converge is a huge benefit, as it allows us to react efficiently from a single interface.

AI is beneficial because it can operate independently of predefined patterns, reacting based on behavior rather than fixed rules. It continuously learns and can detect threats that might not yet be covered by existing security protocols. This is a major step forward in cybersecurity.

We realized Trend Vision One's benefits quite quickly. Within one to two weeks, we already saw improvements. We really noticed the full impact after receiving our first report. That allowed us to analyze incidents, track past threats, and understand what was happening within our network. After about four weeks, we fully realized the platform's value.

It does save time when searching for an incident because you can simply display the incidents in the Vision One console. You can drill down to the task level and see which file was affected on which endpoint.

That makes things much easier when tracking a specific incident. It saves more than fifty percent of the time because, as mentioned, you can drill down directly from the endpoint in the console, down to the task, down to the file, the DLL, or whatever it is. And you also get a display of what it is without having to access the computer and search on Google. As mentioned, everything is displayed clearly and neatly in the Vision One console, sometimes even with suggestions on what to do.

My organization has reduced its cybersecurity risk. We have a centralized view of where the risks are, you can specifically access individual endpoints, and as mentioned, the SOC in the background immediately reports unusual behavior even when you’re not around. If it’s high-risk, we get a call.

In this regard, cybersecurity has improved significantly because a lot of things that previously went unnoticed are now detected.

Trend Vision One is already very powerful. The clarity and usability could be improved a bit. Sometimes it’s difficult to find your way around.

It’s such an important tool, and you can do a lot with it. With some practice and proper training, you can manage quite well.

We are currently implementing, as a pilot hospital, an ICAP virus scanner through the Service Gateway via Vision One, which scans our KIM emails. This was an important feature and Trend Micro has now implemented it.

I have been using Trend Vision One for about six months. 

I would rate the stability a nine out of ten.

We are currently working on scaling. We are integrating with ICAP functionality.

The scalability is very good. You can integrate almost everything you need, including mail security, etc. I’d give scalability a 10 because nearly everything is integrated.

The staff we have dealt with were always very competent. What I find a bit difficult is that there is no German support. Since my English isn’t the best, we usually go through our consultant, as he knows the Trend Micro support team well and handles these things daily. So, we rely on our partner for that.

In terms of knowledge, the support is competent. The language barrier is just a bit challenging because when they speak fast in English and I don’t understand much.

The initial setup was done by a consultant from SoftwareOne. He did a really good job, and everything went smoothly except for the hybrid installation with Deep Security.

That went quite smoothly. Apex One had some issues, and we had to keep a support case open for a long time before it worked properly. But now, everything works fine.

We are only four people in IT here, and everyone does a bit of everything for the setup.

We install the agents ourselves, meaning we have to manually set them up on each computer or server.

The clients are already rolled out, and everyone contributes when needed like whenever we work on something, another sensor gets installed, etc.

We have around 400 endpoints and approximately 600 users with a Windows environment and a virtualized setup using VMware.

Our server environment also includes VMware View in some areas.

In terms of maintenance, I have to regularly check reports and see what needs to be done. Otherwise, everything updates itself in Vision One.

Since Vision One is cloud-based, the console updates itself, as do the agents. Once everything is installed, there’s little to do.

There are additional costs.

Overall, the price-performance ratio is okay.

We looked at Sophos beforehand because we use it as a firewall. Since Vision One integrates well with existing solutions like Deep Security and Apex One, we chose an integrated solution and decided to go with Trend Vision One.

We also deliberately opted against a purely web-based solution. We run a hybrid installation, meaning that Apex One and Deep Security are still managed locally and connected to Vision One.

This is because we have been hacked before, and if I cut off internet access to our firewall, I wouldn’t be able to administer my security suite. With this setup, I can still manage and configure it before reconnecting to the internet.

I would rate Trend Vision One a nine out of ten. 

My advice to anybody considering Trend Vision One is that the most important aspect is the integration with existing solutions like Apex One and Deep Security.

It’s stable and provides a lot of information. The only downside is that it can be a bit complex to navigate.

Foreign Language: (German)

Ein Benutzer klickt versehentlich auf etwas, auf das er nicht klicken sollte. Das System kann sofort reagieren und Schäden verhindern, bevor sie entstehen.

Was ist unser primärer Anwendungsfall?

Unser primärer Anwendungsfall besteht darin, unsere Endpunkte und Server durch Managed Detection zu sichern. Wir schützen sie mit XDA und dem SOC von Trend Micro. Die Sicherheit basiert auf Verhaltensanalysen, sodass jemand reagieren kann, falls ungewöhnliche Probleme mit PCs auftreten – selbst an Wochenenden und Feiertagen, wenn wir nicht vor Ort sind. Dann werden wir benachrichtigt. Deshalb haben wir uns für Trend Vision One entschieden.

Wir haben die Lösung auf all unseren PCs implementiert, sowohl auf Windows- als auch auf Linux-Laptops.

Die Sicherheitsabdeckung ist für unser Unternehmensnetzwerk äußerst wichtig. Sie ist eine Anforderung der NIS2-Richtlinie, die nun in der EU in Kraft tritt. Zudem ist die Abdeckung essenziell, da wir rund um die Uhr arbeiten, unser IT-Personal jedoch nicht jederzeit verfügbar ist. Um diese Lücke zu schließen, haben wir uns für die XDR-Lösung von Trend Micro entschieden. Das SOC-Team von Trend Micro kann auch dann reagieren, wenn niemand aus unserem Team verfügbar ist.

Sie stellen außerdem sicher, dass wir ordnungsgemäß benachrichtigt werden. Denn wenn eine E-Mail um 3 Uhr morgens an einem Sonntag eintrifft, liest sie niemand. Aber wenn das SOC-Team von Trend Micro anruft, wird sofort reagiert. Aus diesem Grund haben wir uns für diese Lösung entschieden.

Die Sicherheitsabdeckung ist für uns besonders wichtig, da wir als 24/7 betriebenes Krankenhaus die Sicherheit von Patientendaten gewährleisten und die Betriebsfähigkeit der IT-Infrastruktur sicherstellen müssen. Wenn unsere Systeme ausfallen, kann dies direkte Auswirkungen auf die Patientenversorgung haben. Vor etwa zehn Jahren, bevor wir Trend Micro genutzt haben, wurden wir angegriffen, und unsere IT-Systeme waren eine ganze Woche lang nicht verfügbar. Das war extrem schwierig.

Mit der zunehmenden Digitalisierung und der stärkeren Abhängigkeit medizinischer Prozesse von Computern benötigen Ärzte einfachen Zugang zu Röntgenbildern, früheren Untersuchungen und anderen Aufzeichnungen. Da all diese Daten digital gespeichert werden, sind Lösungen wie Trend Vision One umso wichtiger. Die Verfügbarkeit muss garantiert sein, und wir können uns keine Situation leisten, in der ein System angegriffen und außer Betrieb gesetzt wird. Deshalb ist dieser Schutz für uns unerlässlich.

Unser Hauptziel ist es, unsere Endpunkte und Server durch Managed Detection zu schützen. Dafür setzen wir auf XDR und das SOC von Trend Micro. Die Sicherheit basiert auf Verhaltensanalysen, sodass ungewöhnliche Aktivitäten frühzeitig erkannt und entsprechende Maßnahmen ergriffen werden können – auch an Wochenenden und Feiertagen, wenn wir nicht vor Ort sind. In solchen Fällen erhalten wir Benachrichtigungen, sodass keine Bedrohung unbeachtet bleibt.

Wir haben die Lösung auf all unseren PCs implementiert, sowohl auf Windows- als auch auf Linux-Laptops. Eine umfassende Sicherheitsabdeckung ist für unser Unternehmensnetzwerk essenziell, insbesondere vor dem Hintergrund der NIS2-Richtlinie, die in der EU nun in Kraft tritt. Diese neuen Vorgaben erfordern verstärkte Sicherheitsmaßnahmen, um eine kontinuierliche Betriebsfähigkeit kritischer Infrastrukturen sicherzustellen. Da wir rund um die Uhr arbeiten, unser IT-Personal jedoch nicht jederzeit verfügbar ist, haben wir uns für Trend Micros XDR-Lösung entschieden. So stellen wir sicher, dass Bedrohungen jederzeit erkannt und entsprechende Maßnahmen ergriffen werden können – auch wenn unser eigenes Team nicht erreichbar ist.

Ein entscheidender Vorteil dieser Lösung ist die zuverlässige Alarmierung: Eine E-Mail um 3 Uhr morgens an einem Sonntag könnte übersehen werden, doch ein direkter Anruf des SOC-Teams stellt sicher, dass sofort reagiert wird.

Für uns als 24/7 betriebenes Krankenhaus ist dieser Schutz unerlässlich. Die Sicherheit von Patientendaten und die Betriebsfähigkeit unserer IT-Infrastruktur haben oberste Priorität, denn ein Systemausfall kann direkte Auswirkungen auf die Patientenversorgung haben. Vor etwa zehn Jahren, bevor wir Trend Micro eingesetzt haben, wurden wir Opfer eines Angriffs, der unsere IT-Systeme eine Woche lang lahmlegte – eine extrem schwierige Situation.

Mit der zunehmenden Digitalisierung und der stärkeren Abhängigkeit medizinischer Prozesse von IT-Systemen ist ein stabiler und sicherer Zugriff auf Röntgenbilder, Untersuchungsergebnisse und Patientendaten unerlässlich. Da all diese Daten digital gespeichert werden, sind Lösungen wie Trend Vision One entscheidend, um höchste Verfügbarkeit zu gewährleisten und unser System zuverlässig vor Angriffen zu schützen

Die größten Sicherheitsherausforderungen in meiner Organisation sind:

• Unbefugten externen Zugriff verhindern.

• Das Risiko verringern, dass Mitarbeiter durch Unerfahrenheit Angreifern unbewusst Zugang zum Netzwerk gewähren.

Deshalb nutzen wir diese Lösungen in Kombination mit Apex One und Deep Security, um solche Vorfälle zu verhindern. Falls ein Benutzer versehentlich auf etwas klickt, auf das er nicht klicken sollte, kann das System sofort reagieren und Schäden verhindern, bevor sie entstehen.

Wie hat es meiner Organisation geholfen?

Mit Trend Micro Vision One haben wir jetzt einen umfassenden Überblick über unser gesamtes Netzwerk, alle Endpunkte Active Directory. Zudem verfügen wir über eine Branchenvergleichsfunktion, mit der wir unseren Sicherheitsstatus bewerten können.

Zum Beispiel hat unser Berater kürzlich unsere Sicherheitsbewertung überprüft und bestätigt, dass wir gut aufgestellt sind. Das gibt uns ein beruhigendes Gefühl.

Was ist am wertvollsten?

Das SOC-Team ist für uns das wertvollste Merkmal. Es ist extrem hilfreich, Experten zu haben, die globale Bedrohungslandschaften überwachen und entsprechend reagieren können. Sie behalten unser System im Blick und können eingreifen, falls nötig, um erheblichen Schaden zu verhindern. Das ist für uns der wichtigste Aspekt.

Das ist jedoch nicht ganz einfach zu beantworten. Trend Vision One ist ein leistungsstarkes Tool mit einer enormen Menge an Informationen. Es erfordert etwas Übung, um die relevantesten Erkenntnisse herauszufiltern und entsprechend zu reagieren – beispielsweise bestimmte Endpunkte zu untersuchen, wenn nötig.

Da wir noch relativ neu auf der Plattform sind und nur ein kleines IT-Team haben, konnten wir nicht alle Funktionen von Vision One vollständig erkunden. Aber die Daten, die wir nutzen, helfen uns dabei, angemessen zu reagieren und potenzielle Bedrohungen zu adressieren, bevor sie eskalieren.

Ein großer Vorteil ist, dass wir das Active Directory in Vision One integrieren können. Das bedeutet, dass wir Benachrichtigungen erhalten, wenn im Active Directory etwas Ungewöhnliches passiert. Diese Nachrichten erscheinen direkt in Vision One.

Das Vorhandensein einer zentralisierten Plattform, auf der Protokolle und Sicherheitswarnungen aus mehreren Systemen zusammenlaufen, ist ein enormer Vorteil, da wir so effizient über eine einzige Schnittstelle reagieren können. KI ist vorteilhaft, weil sie unabhängig von vordefinierten Mustern agieren kann und auf Verhalten statt auf feste Regeln reagiert. Sie lernt kontinuierlich und kann Bedrohungen erkennen, die möglicherweise noch nicht von bestehenden Sicherheitsprotokollen abgedeckt sind. Dies ist ein bedeutender Fortschritt in der Cybersicherheit.

Wir haben die Vorteile von Trend Vision One sehr schnell erkannt. Innerhalb von ein bis zwei Wochen haben wir bereits Verbesserungen festgestellt. Die volle Wirkung wurde uns bewusst, als wir unseren ersten Bericht erhielten. Dadurch konnten wir Vorfälle analysieren, vergangene Bedrohungen nachverfolgen und verstehen, was in unserem Netzwerk passiert. Nach etwa vier Wochen erkannten wir den vollen Wert der Plattform.

Die Suche nach einem Vorfall wird erheblich beschleunigt, da man die Vorfälle einfach in der Vision One-Konsole anzeigen lassen kann. Man kann bis auf die Aufgabenebene herunterbrechen und genau sehen, welche Datei auf welchem Endpunkt betroffen war.

Das erleichtert die Nachverfolgung eines bestimmten Vorfalls enorm. Es spart mehr als fünfzig Prozent der Zeit, da man, wie erwähnt, direkt vom Endpunkt in der Konsole bis zur Aufgabe, zur Datei, zur DLL oder zu anderen relevanten Elementen navigieren kann. Zudem erhält man eine Anzeige darüber, um was es sich handelt, ohne den Computer direkt aufrufen oder bei Google suchen zu müssen. Wie erwähnt, wird in der Vision One-Konsole alles übersichtlich und klar dargestellt – manchmal sogar mit Handlungsempfehlungen.

Eine zentrale Plattform zu haben, auf der Logs und Sicherheitswarnungen aus verschiedenen Systemen zusammenlaufen, ist ein enormer Vorteil, da wir so effizient von einer einzigen Benutzeroberfläche aus reagieren können.

Was braucht Verbesserung?

Trend Vision One ist bereits sehr leistungsfähig. Die Übersichtlichkeit und Benutzerfreundlichkeit könnten jedoch noch etwas verbessert werden. Manchmal ist es schwierig, sich zurechtzufinden.

Es ist ein so wichtiges Tool, mit dem man viel machen kann. Mit etwas Übung und der richtigen Schulung kann man sich jedoch gut einarbeiten.

Wir implementieren derzeit als Pilotkrankenhaus einen ICAP-Virenscanner über das Service Gateway via Vision One, um unsere KIM-E-Mails zu scannen. Dies war eine wichtige Funktion, und Trend Micro hat sie nun implementiert.

Seit wann nutze ich die Lösung?

Ich nutze Trend Vision One seit etwa einem halben Jahr.

Was halte ich von der Stabilität der Lösung?

Ich würde die Stabilität mit neun von zehn bewerten.

Was halte ich von der Skalierbarkeit der Lösung?

Wir arbeiten derzeit an der Skalierung und integrieren ICAP-Funktionalitäten.

Die Skalierbarkeit ist sehr gut. Man kann fast alles integrieren, was man benötigt, einschließlich E-Mail-Sicherheit usw. Ich würde ihr eine 10 geben, da fast alles integriert ist.

Wie sind Kundenservice und Support?

Die Mitarbeiter, mit denen wir zu tun hatten, waren immer sehr kompetent. Was ich etwas schwierig finde, ist, dass es keinen deutschen Support gibt. Da mein Englisch nicht das Beste ist, laufen Anfragen meistens über unseren Berater, der das Trend-Micro-Support-Team gut kennt und diese Themen täglich behandelt. Wir verlassen uns daher auf unseren Partner.

In Bezug auf Fachwissen ist der Support kompetent. Die Sprachbarriere ist nur etwas herausfordernd, insbesondere wenn sie schnell Englisch sprechen und ich nicht alles verstehe.

Wie würde ich den Kundenservice und Support bewerten?

Positiv.

Wie war das Implementierungsteam?

Die erste Einrichtung wurde von einem Berater von SoftwareOne durchgeführt. Er hat sehr gute Arbeit geleistet, und alles verlief reibungslos – bis auf die Hybridinstallation mit Deep Security.

Apex One hatte einige Probleme, und wir mussten lange einen Support-Fall offenhalten, bis es richtig funktionierte. Aber jetzt läuft alles einwandfrei.

Wir sind hier nur vier Leute in der IT, und jeder kümmert sich um alles rund um die Einrichtung.

Wir installieren die Agenten selbst, das heißt, wir müssen sie manuell auf jedem Computer oder Server einrichten.

Wir haben etwa 400 Endpunkte und ungefähr 600 Nutzer in einer Windows-Umgebung mit einer virtualisierten Infrastruktur über VMware.

Was ist meine Erfahrung mit Preisgestaltung, Einrichtungskosten und Lizenzierung?

Es gibt zusätzliche Kosten.

Insgesamt ist das Preis-Leistungs-Verhältnis in Ordnung.

Welche anderen Lösungen habe ich evaluiert?

Wir haben zuvor Sophos in Betracht gezogen, da wir es als Firewall nutzen.

Da Vision One gut mit bestehenden Lösungen wie Deep Security und Apex One integriert ist, haben wir uns für eine integrierte Lösung mit Trend Vision One entschieden.

Wir haben bewusst gegen eine rein webbasierte Lösung entschieden und betreiben eine Hybridinstallation.

Welches Bereitstellungsmodell nutzen wir?

Public Cloud.

Falls Public Cloud, Private Cloud oder Hybrid Cloud – welchen Cloud-Anbieter nutzen wir?

Microsoft Azure.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure

Our use cases are essentially all the classic defense mechanisms that are used to protect devices, secure emails, and ensure that we don’t pull in anything harmful. We also monitor Internet and Intranet traffic to detect abnormal behavior and address it. This has helped us in many situations where we’ve faced external attacks, which then usually try to go back out. I always say that they try to drill through the wall and get back out, and in that way, we’ve been able to recognize when someone has gained access to our devices. 

We operate in 60 countries with 4,000 to 4,500 employees, of which nearly 2,000 are based in Frankfurt. All of the end devices of our colleagues are under IT security monitoring. The Deep Discovery Inspector is implemented at three global locations: one in Europe, one in Asia, and one in the USA. This allows us to detect any issues early on, and with network segmentation, we can minimize potential damage in case of an incident.

The biggest security concerns in our industry are not really industry-specific but are intrusions. Identity theft is a challenge and then there are issues where people are manipulated into making money transfers to what seem like customer accounts that don’t actually exist. 

Another is the classic attack, where ransomware is used to infiltrate systems and gain access through encryption and similar methods. 

Additionally, we also have the issue of IP protection.

Trend Vision One has significantly improved our company because we can now track and see how many attacks we have. Since we’ve implemented it, we haven’t had any major attacks that have successfully entered the company. So, we know the defense mechanism is working.

In terms of our ability to manage risks, we already had the stances for risk management in place, from our side, from a purely conceptual standpoint. Through a solution like this, we always want to get a more concrete approach for the operational side. We aim to identify and assess risks and then determine the measures we can take to mitigate those risks. That’s where Trend Micro is very helpful.

Trend Vision One has significantly helped reduce our time to detect and respond to threats. 

In terms of whether or not Trend Vision One has helped my organization reduce noise from false positives, it’s always a matter of perspective in terms of whether or not the number of alarms has truly been reduced or if they were false alarms. We rolled out the solution across the company, and as a result, we now monitor more devices and have a more comprehensive view of security. Therefore, the number of alarms and false alarms has certainly increased, because we are now looking at all devices. Previously, we didn’t monitor them, so we didn’t notice them.

We have always seen alarms and false alarms. However, we have incorporated mechanisms to identify where the false alarms are coming from, and we continuously refine the system. Sometimes, activities in the internal IT administrative area trigger alarms that are not actual threats, and we continuously adjust and refine those rules to reduce false alarms. We didn’t have a solution in place before to compare whether or not it has reduced false positives. The mechanisms we have now allow us to assess both alarms and false alarms in detail and, in the case of false alarms, to trace where they come from and implement rules to prevent them from happening again. 

Trend Vision One has definitely reduced my organization's cyber risk. We took a holistic view of all devices, became more aware of IT security risks from the outset, and then integrated all devices into that view. In the incidents we encountered at the beginning, as we increasingly implemented and observed this solution, a clear path was outlined on how to address and resolve these issues.

We implement the sensors globally from the angle that we are, in fact, global and operate worldwide. The importance lies in the fact that we know attacks can happen from anywhere, and therefore we decided to implement this as a standard solution within our company, The Samson Group. The Samson Group itself has 60 legal entities worldwide, and from our side, this is more of a governance requirement, meaning it must be used to protect the entire organization.

We have found the Deep Discovery Inspector that is in place exceptionally valuable. It has consistently helped us identify areas where issues are happening and where there have been small vulnerabilities in the network that could lead to issues. This happens when, at some point, an unauthorized device—one that shouldn’t be in the network—somehow gains access. This is certainly one of Trend Micro's standout features, as it has provided us with insight into what is happening in our network, which has prevented us from facing significant damage.

We have a positive impression of Trend Vision One's ability to provide us with centralized visibility and management across protection layers. The impression is definitely positive for us. That’s also why we decided to extend the contracts. It’s a very mature solution that is well-understood and user-friendly for people working in this field.

Trend Micro helps us consolidate security vendors because we are now establishing this as standard software for the company. We only work with one solution provider, which is part of the consolidation. When selecting the solutions, we carefully considered what was important to us and where issues occurred. For example, we were particularly pleased that the base and system come from a Japanese company, meaning we don’t have to put ourselves in the hands of Russian or American companies to make this happen.

We use the CREM features and from our perspective, it is very helpful because it provides a supportive function. In situations where we notice something, we also have a very direct line to the team.

When it comes to having AI, from a high-level perspective, I don’t really care how it’s done in terms of the solution. It's great if AI is used because we measure based on the results we achieve. It must meet the requirements for performance and speed. Today, AI is the tool of choice to achieve the necessary speed and performance. But it’s not about the fact that AI is involved; it’s about the fact that, at the end of the day, a fast and reliable solution has been created.

We still have devices that are not traditional IT equipment but rather fall under the category of Operational Technology (OT) devices. There is increasingly a blending of the traditional OT world, which requires a specific focus, as OT devices often don't use standard Ethernet protocols and similar technologies. These are areas where I believe more can be done by Trend Vision One. 

Taking it a step further, we also produce items that include IT elements, which are then used by customers. It would be great if there were Trend Micro products that could enhance the security of these devices, either as part of our product or in some other way integrated into our offering. But that's a different approach. At the moment, we use Trend Micro to protect our own company and our internal networks, but expanding this to our customer-facing products is an idea for the future.

We have been using Trend Micro for a long time, since 2020. We started in 2019 and signed our first Trend Vision One contract in 2020.

The stability is very high. We rarely encounter stability issues. When we do have issues, we typically find that they originate from our side, usually because certain information couldn't be provided by the server.

Compared to other companies, we're not huge, but during the rollout and expansion, we found that it scales easily. We haven't encountered any issues with scaling effects or anything like that.

Their technical support is excellent because we continuously see that when an issue arises, direct communication is sought. The ability to act quickly and be in direct communication is very important to us. It's not just about high-level support with the chatbot; rather, when an issue occurs, we have the experts on-site and ready to respond swiftly, which is crucial. In such situations, you need to act quickly without wasting time on what should happen next.

Positive

We have used a lot of products. Over the past few years, we have been consolidating into a single corporation and replacing other solutions with the corporate mandate of Trend Micro. The reason is for efficiency reasons, among others. By using the same solution across the entire company, we can manage and maintain it centrally, ensuring uniform behavior without having to deal with individual solutions for each part of the organization.

I was involved in the setup in terms of managing the role and function, but not from a technical standpoint.

My colleagues reported that it is a very well-designed software. We’ve experienced other solutions where we’ve worked on software for a long time, and it didn’t go as smoothly. I haven’t heard any complaints, so the setup must have been good.

We took a risk-based approach to implement this. We started rolling it out in some large manufacturing companies, where the potential damage in case of an incident would be the greatest. From there, we moved to the smaller legal entities, such as just sales offices or similar, so from large to small.

We have a relatively small team in the global function with three people who worked on it. We also have a packaging team and similar resources when it comes to creating installation scripts for end devices.

In terms of maintenance, we have purchased Trend Vision One as part of a SaaS solution. This includes updates and ongoing support, such as the provision of virus signatures, so we don't have dedicated staff specifically for maintenance. We do have designated contacts around the world dedicated to handling alarms and events. This is an additional responsibility for the IT team members after their training, so I can't give you a precise number of people involved. These activities are integrated into the existing IT staff who manage them alongside their regular tasks.

We have seen a return on investment fundamentally more qualitatively, proportionally, and quantitatively. We haven't done a strict ROI calculation. We know it's in place to counter potential damage, but it's hard to quantify potential damage in an ROI calculation. On the other hand, we had two incidents during the rollout for the global company. Thankfully, we also had cyber security insurance, and the insurance covered the incidents because, through Trend Micro and the implementation of the solution, along with the data it provided, we were able to demonstrate what had happened. Without this, we certainly wouldn’t have received the insurance payout.

Of course, we'd prefer for it to be free. Security has its price. Regarding the prices we've experienced, we consider Trend Micro to be competitive. However, we sometimes wish for a higher discount based on more usage as the company grows.

We looked around at other solutions. When we started evaluating options in 2019, we explored the typical solution portfolios available at the time. We considered several options, and then, based on different factors, we decided on a company operating out of Japan, rather than an extension of an American company. I don't quite remember all the details, but at the time, there was also a Russian solution that was quite popular in the European market, which we decided not to pursue further.

The main differences between these products and Trend Vision One were the functionality and the overall environment. We wanted a truly independent solution. From the perspective of German and European data protection laws, it was a matter of weighing where we could place the most trust and where we would see those principles reflected in the implementation.

My advice would be that one should really take the time to think carefully about what they want and need, and particularly engage in conversations with colleagues to find the right solution. One could say that to perform Deep Discovery Inspector on network traffic, more nodes could be added but at some point, the cost-benefit effect becomes minimal. 

We always felt that Trend Micro provided us with very good advice, suggesting that more than three nodes in a global context weren't necessary. Any additional nodes would only slightly improve performance, making it not worthwhile. It's important to listen to the Trend Micro team and communicate openly. What's key is that you have to think about your scenarios and risks in advance—this is something they can't take off your hands. For example, network segmentation, which isn't part of Trend Micro's offering, is a mechanism we also bring in. It's important to work hand in hand, and there needs to be a lot of dialogue at this stage.

Foreign Language: (German)

Hat die Unternehmenssicherheit signifikant verbessert, da wir nun Angriffe sehr genau nachverfolgen und erkennen können

Was ist unser primärer Anwendungsfall?

Im Wesentlichen alle klassischen Abwehrmechanismen, die zum Schutz von Geräten, zur Sicherung von E-Mails und zur Vermeidung von Schadsoftware verwendet werden. Darüber hinaus überwachen wir Internet- und Intranetverkehr, um abnormales Verhalten zu erkennen und entsprechend zu handeln. Dies hat uns in vielen Situationen geholfen, in denen wir mit externen Angriffen konfrontiert waren, die normalerweise versuchen, erneut auszubrechen. Ich sage immer, dass diese Angriffe versuchen, sich durch die Wand zu bohren und dann wieder auszubrechen. Auf diese Weise konnten wir erkennen, wann jemand Zugang zu unseren Geräten erlangt hat.

Wir sind in 60 Ländern mit 4.000 bis 4.500 Mitarbeitern tätig, von denen fast 2.000 in Frankfurt ansässig sind. Alle Endgeräte unserer Kolleginnen und Kollegen stehen unter IT-Sicherheitsüberwachung. Die Deep Discovery Inspection wird an drei globalen Standorten implementiert: einem in Europa, einem in Asien und einem in den USA. Dies ermöglicht es uns, Probleme frühzeitig zu erkennen und mit Netzwerksegmentierung potenziellen Schaden im Falle eines Vorfalls zu minimieren.

Die größten Sicherheitsbedenken in unserer Branche sind nicht unbedingt branchenspezifisch, sondern beinhalten Angriffe. Identitätsdiebstahl ist eine Herausforderung, ebenso wie Situationen, in denen Personen dazu manipuliert werden, Geldüberweisungen an scheinbare Kundenkonten zu tätigen, die tatsächlich nicht existieren.

Ein weiteres Beispiel ist der klassische Angriff, bei dem Ransomware genutzt wird, um Systeme zu infiltrieren und durch Verschlüsselung und ähnliche Methoden Zugang zu erlangen.

Zudem haben wir auch mit dem Thema IP-Schutz zu kämpfen.

Wie hat es meinem Unternehmen geholfen? Trend Vision One hat die Sicherheit unseres Unternehmens signifikant verbessert, da wir jetzt Angriffe sehr genau nachverfolgen und erkennen können. Seit der Implementierung hatten wir keine größeren erfolgreichen Angriffe mehr. Das zeigt: Die Verteidigungsmechanismen funktionieren.

Hinsichtlich unseres Risikomanagements hatten wir bereits Strategien zur Risikobewältigung aus konzeptioneller Sicht implementiert. Eine Lösung wie diese ermöglicht uns jedoch, einen konkreteren operativen Ansatz zu verfolgen. Ziel ist es, Risiken zu identifizieren, zu bewerten und dann Maßnahmen zu ergreifen, um diese zu mindern. Trend Micro ist dabei äußerst hilfreich.

Trend Vision One hat uns geholfen, die Zeit zur Erkennung und Reaktion auf Bedrohungen erheblich zu reduzieren.

Ob Trend Vision One meinem Unternehmen geholfen hat, den Lärm durch Fehlalarme zu reduzieren, ist eine Frage der Perspektive. Wir haben die Lösung unternehmensweit ausgerollt, wodurch wir jetzt mehr Geräte überwachen und eine umfassendere Sicherheitsübersicht haben. Die Anzahl der Alarme und Fehlalarme ist dadurch gestiegen, da wir nun mehr Geräte einbeziehen, die zuvor nicht überwacht wurden.

Wir haben Mechanismen implementiert, um Fehlalarme zu identifizieren und kontinuierlich das System zu verbessern. Manchmal lösen interne IT Administrationsaktivitäten Alarme aus, die keine Bedrohungen darstellen. Hier passen wir die Regeln kontinuierlich an, um Fehlalarme zu reduzieren.

Trend Vision One hat definitiv das Cyberrisiko in unserem Unternehmen reduziert. Wir haben einen ganzheitlichen Blick auf alle Geräte geworfen, sind uns der IT Sicherheitsrisiken von Anfang an bewusster geworden und haben alle Geräte in diese Übersicht integriert.

Was ist besonders wertvoll?

Die globale Implementierung der Sensoren ist für uns von zentraler Bedeutung, da Angriffe von überall erfolgen können. Daher haben wir entschieden, dies als Standardlösung innerhalb unseres Unternehmens, der Samson Group, zu etablieren.

Die Deep Discovery Inspection ist ein besonders wertvolles Feature, da sie uns regelmäßig dabei hilft, Schwachstellen im Netzwerk zu identifizieren. Insbesondere wenn ein unbefugtes Gerät Zugang zum Netzwerk erlangt, bietet uns Trend Micro Einblicke, die uns vor größeren Schäden bewahren.

Trend Vision One bietet uns eine zentrale Übersicht und Management-Funktion über alle Schutzebenen hinweg. Diese Funktionalität ist reif und benutzerfreundlich, weshalb wir die Verträge verlängert haben. Trend Micro unterstützt uns bei der Konsolidierung von Sicherheitsanbietern, indem wir jetzt nur mit einem Lösungsanbieter arbeiten, der als Standardsoftware im gesamten Unternehmen eingesetzt wird.

Was könnte verbessert werden?

Es gibt weiterhin Geräte, die nicht in die klassische IT-Ausstattung fallen, sondern in den Bereich der Operational Technology (OT). OT-Geräte verwenden oft keine Standard-Ethernet-Protokolle, was spezielle Aufmerksamkeit erfordert. Hier könnte Trend Vision One mehr leisten.

Darüber hinaus wäre es wünschenswert, wenn Trend Micro auch Lösungen anbieten würde, um die Sicherheit der von uns produzierten IT-Produkte zu verbessern, die an Kunden geliefert werden.

Wie lange nutze ich die Lösung?

Wir verwenden Trend Micro bereits seit einiger Zeit, genauer gesagt seit 2020. Angefangen haben wir 2019 und haben unseren ersten Vertrag für Trend Vision One im Jahr 2020 unterzeichnet.

Was denke ich über die Stabilität der Lösung?

Die Stabilität ist sehr hoch. Wir stoßen selten auf Stabilitätsprobleme. Wenn es doch Probleme gibt, stellen wir in der Regel fest, dass sie von unserer Seite kommen, meist weil der Server bestimmte Informationen nicht bereitstellen konnte.

Was denke ich über die Skalierbarkeit der Lösung?

Im Vergleich zu anderen Unternehmen sind wir nicht riesig, aber während der Einführung und Expansion haben wir festgestellt, dass die Lösung leicht skaliert. Wir hatten keine Probleme mit Skalierungseffekten oder Ähnlichem.

Was halte ich von dem Kundenservice und Support?

Der technische Support ist hervorragend, da wir immer wieder sehen, dass bei auftretenden Problemen der direkte Kontakt gesucht wird. Die Fähigkeit, schnell zu handeln und direkt zu kommunizieren, ist für uns sehr wichtig. Es geht nicht nur um Support auf hoher Ebene mit einem Chatbot, sondern darum, dass Experten vor Ort sind und schnell reagieren können, wenn ein Problem auftritt. Das ist entscheidend, denn in solchen Situationen muss man schnell handeln, ohne Zeit zu verlieren.

Wie bewerte ich den Kundenservice und Support bewerten?

Positiv.

Welche Lösung habe ich zuvor genutzt und warum habe ich gewechselt?

Wir haben viele Produkte verwendet. In den letzten Jahren haben wir uns zu einer einheitlichen Unternehmenskultur konsolidiert und andere Lösungen durch die Unternehmensvorgabe von Trend Micro ersetzt. Ein Grund dafür sind Effizienzüberlegungen. Durch die Verwendung derselben Lösung im gesamten Unternehmen können wir sie zentral verwalten und warten, was ein einheitliches Verhalten sicherstellt, ohne dass jede Organisationseinheit eigene Lösungen benötigt.

Wie war der anfängliche Set-Up?

Ich war in Bezug auf die Verwaltung der Rolle und Funktion beteiligt, jedoch nicht aus technischer Sicht.

Meine Kollegen berichteten, dass es sich um eine sehr gut konzipierte Software handelt. Wir haben andere Lösungen erlebt, bei denen die Arbeit mit der Software viel länger gedauert hat und nicht so reibungslos verlief. Ich habe keine Beschwerden gehört, daher muss die Einrichtung gut gewesen sein.

Wir haben einen risikobasierten Ansatz gewählt, um die Implementierung durchzuführen. Wir begannen damit, die Lösung in großen

Fertigungsunternehmen einzuführen, wo der potenzielle Schaden im Falle eines Vorfalls am größten wäre. Von dort aus gingen wir zu kleineren rechtlichen Einheiten über, wie reinen Vertriebsbüros oder Ähnlichem, also von groß nach klein.

Wir haben ein relativ kleines globales Team mit drei Personen, die an der Implementierung gearbeitet haben. Außerdem gibt es ein Verpackungsteam und ähnliche Ressourcen, die Installationsskripte für Endgeräte erstellen.

Wie sieht es mit der Wartung aus?

Wir haben Trend Vision One als Teil einer SaaS-Lösung gekauft. Diese umfasst Updates und laufenden Support, wie die Bereitstellung von Virensignaturen, sodass wir keine dedizierten Mitarbeiter speziell für die Wartung haben. Wir haben jedoch weltweit benannte Ansprechpartner, die für die Bearbeitung von Alarmen und Ereignissen verantwortlich sind. Diese Aufgaben sind eine zusätzliche Verantwortung der IT-Teammitglieder nach deren Schulung. Daher kann ich Ihnen keine genaue Anzahl an Personen nennen, die daran beteiligt sind. Diese Aktivitäten sind in das bestehende IT-Personal integriert, das sie neben seinen regulären Aufgaben verwaltet.

Was war unser ROI?

Wir haben einen Return on Investment im Wesentlichen qualitativ, proportional und quantitativ gesehen. Eine strikte ROI-Berechnung haben wir nicht durchgeführt. Wir wissen, dass die Lösung eingesetzt wird, um potenzielle Schäden zu verhindern, aber es ist schwierig, potenzielle Schäden in einer ROI Berechnung zu quantifizieren. Andererseits hatten wir während der Einführung für das globale Unternehmen zwei Vorfälle. Zum Glück hatten wir auch eine Cyberversicherung, die die Vorfälle abgedeckt hat, weil wir durch Trend Micro und die Implementierung der Lösung sowie die bereitgestellten Daten nachweisen konnten, was passiert war. Ohne dies hätten wir sicherlich keine Versicherungszahlung erhalten.

Was sind meine Erfahrungen mit Preisen, Einrichtungskosten und Lizenzierung?

Natürlich würden wir uns wünschen, dass es kostenlos wäre. Sicherheit hat jedoch ihren Preis. Was die von uns erlebten Preise betrifft, halten wir Trend Micro für wettbewerbsfähig. Manchmal wünschen wir uns jedoch einen höheren Rabatt bei steigender Nutzung, da das Unternehmen wächst.

Welche anderen Lösungen habe ich evaluiert?

Wir haben uns andere Lösungen angesehen. Als wir 2019 mit der Evaluierung begonnen haben, haben wir die typischen Lösungsportfolios geprüft, die zu dieser Zeit verfügbar waren. Wir haben mehrere Optionen in Betracht gezogen und uns dann, basierend auf verschiedenen Faktoren, für ein Unternehmen aus Japan entschieden, anstatt für eine Erweiterung eines amerikanischen Unternehmens. Ich erinnere mich nicht mehr an alle Details, aber damals gab es auch einerussische Lösung, die auf dem europäischen Markt recht beliebt war, die wir jedoch nicht weiter verfolgt haben.

Die Hauptunterschiede zwischen diesen Produkten und Trend Vision One lagen in der Funktionalität und der Gesamtumgebung. Wir wollten eine wirklich unabhängige Lösung. Aus Sicht der deutschen und europäischen Datenschutzgesetze war es eine Frage des Abwägens, wo wir das größte Vertrauen haben können und wo wir diese Prinzipien in der Umsetzung wiedererkennen würden.

Welche weiteren Ratschläge habe ich?

Mein Rat wäre, sich wirklich Zeit zu nehmen, um sorgfältig zu überlegen, was man will und braucht, und sich insbesondere mit Kollegen auszutauschen, um die richtige Lösung zu finden. Man könnte sagen, dass man zur Durchführung einer Deep Discovery Inspection auf Netzwerkverkehr mehr Knoten hinzufügen könnte, aber irgendwann wird der Kosten-Nutzen-Effekt minimal.

Wir hatten immer das Gefühl, dass uns Trend Micro sehr gut beraten hat und uns empfahl, dass mehr als drei Knoten im globalen Kontext nicht notwendig wären. Zusätzliche Knoten würden die Leistung nur geringfügig verbessern, was sich nicht lohnen würde. Es ist wichtig, auf das Team von Trend Micro zu hören und offen zu kommunizieren. Entscheidend ist, dass man seine Szenarien und Risiken im Voraus durchdenkt – das können sie einem nicht abnehmen. Zum Beispiel ist die Netzwerksegmentierung, die nicht Teil des Angebots von Trend Micro ist, ein Mechanismus, den wir ebenfalls einsetzen. Es ist wichtig, Hand in Hand zu arbeiten, und es muss in dieser Phase viel Dialog geben.

Welches Bereitstellungsmodell nutzen Sie für diese Lösung?

Hybrid-Cloud

Cloud oder Hybrid Cloud: Welcher Cloud-Anbieter wird genutzt? Amazon Web Services (AWS)

My use case is to monitor my entire infrastructure, investigate the latest vulnerabilities, identify loopholes, and monitor live threat detections to mitigate these threats.

TrendAI Vision One's best features are the ESRM and its email gateways, along with its playbooks, which are useful for testing any threat or vulnerability.

It helps in identifying blind spots by providing comprehensive knowledge about risk assessment and a method to compare our organization with others, allowing us to understand our current stage in cybersecurity.

TrendAI Vision One needs to work on its logging system as the logging systems are very complex, and they need to reform their logs in a more informative way.

I have been using TrendAI Vision One for the last three years.

I would rate the stability an eight.

I would rate the scalability a nine.

Their response rate is approximately 80 to 90%, and they mitigate the issue.

I would rate the technical support a nine.

Positive

I compare TrendAI Vision One with Trellix and Kaspersky, and compared to both of these, TrendAI Vision One is very useful with one-window operation and is a market-gaining product.

The deployment is easy and very moderate, taking approximately one month.

It was a partner purchase.

The ROI is positive, and I see a reduction of 100%.

TrendAI Vision One is not so expensive; it is very moderate.

TrendAI Vision One is very effective and very market competitive, which is why we are using it.

I will definitely recommend this product because of its deep knowledge and deep features, such as ESRM, playbooks, and other email gateways.

We have approximately 50 users.

I do use TrendAI Vision One sensors, and they totally cover our network as we are using network sensors and service gateways to scan the whole network and gather information about our loopholes, mitigations, and vulnerabilities with respect to the latest CVEs.

I give this product a rating of 9.

My main use case for TrendAI Vision One is XDR security in our AWS environment for our EC2 instances, and I'm hoping to accomplish effective security measures with it.

The best features TrendAI Vision One offers are the dashboard, reporting, and the customer service experience, specifically the customer service experience.

What makes the customer service experience stand out is that the onboarding process was exceptionally smooth. John, our account manager, was able to coordinate us with a technical resource to help with a white-glove onboarding process to ensure that our migration from Trend Micro Cloud One to Vision One was smooth and successful.

TrendAI Vision One has impacted my organization positively, and it's our XDR solution, so it works as intended.

Having TrendAI Vision One as my XDR solution has helped my team significantly. The Sentinel integration is a huge help for allowing us to detect and respond to events in our AWS environment.

I cannot think of anything that TrendAI Vision One can be improved.

I have been using TrendAI Vision One for about a week.

TrendAI Vision One is stable. I have experienced minimal issues with reliability or downtime.

TrendAI Vision One's scalability is excellent. It can handle my organization's growth and changing needs.

The customer support is exceptional. Working with their technical resource, Victor, was fantastic, and I am very happy with the customer service that we experienced from both Victor and John.

I would rate the customer support exceptionally high on a scale of one to ten.

Positive

I did not previously use a different solution before TrendAI Vision One.

I have seen a return on investment. I have been a Trend Micro customer for years and I continue to see value in their platform and have used it at several jobs.

My experience with pricing, setup cost, and licensing was very easy. Our enterprise account manager, John, made all of that very easy, as he was able to send me the private offer, walk us through accepting it inside of the AWS Marketplace, and helped us cancel our existing subscription.

Before choosing TrendAI Vision One, I evaluated other options. I considered Microsoft Sentinel and Microsoft Defender.

The advice I would give to others looking into using TrendAI Vision One is to try it.

I rate TrendAI Vision One an 8 out of 10.