TrendAI Vision One Reviews

The primary use of Trend Vision One is for its Endpoint Detection and Response and Extended Detection and Response solutions.

To address challenges with our attack surface management, we implemented Trend Vision One.

Trend Vision One's most valuable feature is its endpoint firewall rules.

The centralized visibility and management have been very important to us, as it allows for an effective EDR or XDR solution with central management. Without such solutions, I cannot imagine dealing with problems efficiently. The executive dashboards are used for main reporting and central management, improving readability.

Trend Vision One's attack surface management capabilities are a critical feature that we utilize.

Integration with other tools and deploying in hybrid environments need improvement. The deployment can be complex, and we'd like an easier process, especially when integrating with on-prem and cloud environments.

The high number of false positives in Trend Vision One presents a challenge. Reducing these requires extensive exclusion and allow lists, which are difficult to manage effectively.

I have been using Trend Micro Vision One for one year.

Trend Vision One is scalable.

The technical support is not good. We have to purchase support separately and the engineers are not readily available.

We previously used Sophos and Microsoft Defender. For hybrid, we switched to Microsoft Defender due to easier integration with on-prem and cloud. I would recommend Trend Micro for Linux and mixed environments.

The standard deployment of Trend Vision One was straightforward and took approximately 24 hours to complete with two people involved.

Trend Vision One offers a competitive price-to-value ratio.

We evaluated Microsoft Defender and Sophos before switching. Microsoft offers more options for attack surface reduction rules compared to Trend Vision One.

I would rate Trend Vision One eight out of ten.

We have 400 users of Trend Vision One in our organization.

Two administrators are required to manage Vision One.

Vision One access supports multiple modules, including endpoint protection, the XDR module, and the Cloud One module, which are the ones that particularly caught our interest.

We have been doing a proof of concept for Trend Vision One to assess its capabilities as a cybersecurity solution. Vodafone is partnering with Trend Micro to offer security services and products to our customers to secure their environments, similar to a SaaS solution. We are exploring it as a partnership opportunity to provide enhanced security solutions to our customers.

We conducted a POC and tested multiple use cases by downloading malicious files and observing their behavior. Trend Vision One successfully detected and blocked all threats, including malicious files, scripts, and even dormant scripts that later became active. All these threats were stopped at the endpoint level, demonstrating that Trend Vision One effectively defends against malware, ransomware, and malicious scripts.

Trend Vision One incorporates a machine learning agent designed to defend against advanced threats, such as zero-day attacks. This agent monitors endpoints for malicious activity and, if detected, automatically quarantines the affected machine to conduct further analysis.

It employs machine learning to quarantine devices during ransomware attacks, however, this functionality has not yet been tested.

Trend Vision One provides a single console with a unified dashboard that consolidates information from our entire environment.

The single console provides end-to-end visibility into our IT security environment. We tested the endpoint security, and the SDR performed exceptionally well, providing a clear topology and metrics of our environment. This allows us to monitor the status of each node within our network.

The Trend Vision One platform was integrated with a Linux-based Service Engine to facilitate integration with third-party IT security solutions.

Learning to use Trend Vision One was straightforward, thanks to the helpful courses available on their portal and the excellent support provided during product introduction.

Administering Vision One endpoint security is easy through the single console.

We successfully tested Trend Vision One in a hybrid environment, with components deployed both on-premises and in the cloud.

Trend Vision One offers virtual patching to protect against vulnerabilities while vendors develop permanent patches. This is crucial because vendor patches can be delayed, leaving systems exposed. Virtual patching provides immediate protection, acting as a temporary shield until the official fix is released.

Since we are still in the testing phase, we have not yet seen a reduction in viruses or malware. However, we anticipate potential improvements in security operations across hybrid environments if implemented fully.

Trend Vision One's greatest assets are its cloud-based platform and credit-based purchasing system, which eliminate the need for traditional licensing and procurement processes, enabling quick product acquisition within one or two days. Trend Micro's strong reputation and excellent threat intelligence further enhance the platform's value. The analytics are also good, particularly the XDR and cloud assessment tools, which correlate logs and information to consolidate alerts for the SOC team.

One area that requires improvement is the installation process of the agents, as it is not seamless. The installation sometimes requires multiple troubleshooting steps and is not straightforward.

We have been conducting the POC of Trend Vision One for approximately three to four months.

There were no major issues with stability, no bugs, glitches, or errors, except for the challenges faced with agent installation. I rate the stability of Trend Vision One eight out of ten.

I rate the scalability of Trend Vision One ten out of ten.

We did not engage with customer support during the POC phase, so we cannot provide feedback on that aspect at this time.

Positive

For endpoint protection, we have used Microsoft Defender and Cortex XDR. We encountered issues with those solutions, but Trend Vision One seemed to address these concerns effectively.

The initial setup was not complex. The prerequisites were set first, allowing integration to be completed in about a week.

The pricing is mid-range, neither cheap nor overly expensive. The cost is considered fairly priced.

I would rate Trend Vision One nine out of ten.

Our team from our organization includes three members involved in the POC testing.

I recommend Trend Vision One to other users based on our experience during the POC phase.

Its main purpose is orchestration where I have full visibility into all the different Trend Micro products I use, and it is all centralized in a single dashboard. There is ease of use with this centralized dashboard. With this centralized management, I can dive into technicalities, and I am able to do all my workbench investigations. It is quite clear, and I do not have to sift through different logs. It makes our work so easy when we need to respond to or remediate a particular issue.

The main problem that we wanted to solve by implementing Trend Vision One was the blindspots. We tend to focus on endpoints, but we forget IoT devices such as printers and CCTV cameras. This is where we had serious blind spots simply because these devices do not have an operating system. For us, it was just about eliminating these blind spots. That was our number one focus.

It has been exceptional. If you look at the evolution of the Trend Micro products up until Vision One, you can see that they do what they say they do. It has worked for me so well. That is why I have had it all these years.

We have protection against zero-day threats. One of the things that pushed me towards Trend Micro was the fact that they have the R&D for the zero-day initiative. They are a pioneer in terms of classifying CVEs. It gives me comfort. When you go and check the workbench or the report, you can see the type of exploits that it was able to detect, which have even been classified as CVEs.

Apart from the things that I do in IT, my responsibility is to protect my company's assets. I am able to safeguard my data against ransomware. The company does not have to worry that they can be held at ransom. The assurance that they do not have to pay just to get their data back makes it easy to sleep at night.

We have a single console for cross-layer detection, threat hunting, and investigation. We have what we call the executive dashboard. This is what I share with the C-suite. It is quite easy for me to break down cybersecurity in a business way, and then, of course, we have the operational dashboard and the security dashboard where I centralize all the products into one single pane. From an orchestration point of view, I love Trend Vision One. We are able to orchestrate all of our different products from one single dashboard.

Trend Vision One provides visibility into different products. I have a 360-degree view of my entire IT infrastructure, which helps me understand my threat landscape and the way it looks. The beauty of it is that it has metrics. I can see how I am performing as compared to 30 days or 7 days ago in terms of the risk indicator. Is it going up or is it going down? This is important for me because I am able to forecast and anticipate behaviors or patterns from the people perspective and the process perspective. I know what I need to do and train people on, and in terms of processes, I know what I need to do to clean up my policies. In terms of technology, I can assess if there is any other thing of Trend Micro that I need to supplement to make sure I am fully protected.

Our response is instantaneous. I do not have an exact percentile in mind when it comes to the reduction in the response time, but our response is instantaneous.

I have integrated it with my NUC, my firewall, and my database monitoring tool. Trend Micro has a feature for virtual patching through Trend Micro TippingPoint. It instantaneously does the patching and cascades them across. Apart from what we call scheduled patching, on-demand patching is a part of their product features.

Trend Vision One is very easy to learn. This is the second organization where I am using this Trend Micro solution. When I introduced it, my team did not know about Trend Vision One, but within a month, simply with the help of the business portal where we have the e-learning, they were fully skilled and even certified at the entry-level of Trend Micro. Their feedback was that it was quite easy for them to adopt.

Trend Vision One is not at all difficult to administer.

We have seen a reduction in viruses and malware since implementing this solution. They provide you with the metrics for risk posture. You can see the reduction in your threat landscape. It goes granular to the point of telling you which type of malware or threat you are exposed to and the reduction. It is very definitive from a percentile marking. In my previous organization, we saw about a 75% reduction when we rolled it out. We were previously using something else there.

It reduces administrative overhead. I stopped adding additional headcounts from a security analyst and a security officer's point of view. It helps me reduce the overhead. On average, considering the annual wage of a security analyst, there is a reduction of about 7,000 dollars per annum.

I use Trend Micro's managed XDR services in conjunction with Vision One Endpoint Security. It reduces overhead. It is a fully-fledged managed service, so I do not need to have the business invest in an in-house SOC. It is a whole lot cheaper.

From an automation point of view, I find the ability to curate and deploy playbooks very helpful. I find that very convenient for us. It gives away the manual process. There is the ease of use.

I love what they have done with their Trend Companion AI, where it becomes so easy to have it do something for you instead of sifting through different tabs. So, the automation element and their new AI feature are top-notch for me.

I find the virtual patching that they offer superb.

There should be a bit more dynamism when it comes to their playbooks in terms of the action triggers. That is the only thing that I would want to see a bit more. There should be a bit more dynamism, especially when you are creating your own playbook. This is something I have also discussed with Trend Micro.

I have been using Trend Vision One since 2020 when it was rolled out. I have been using Trend Micro products since 2015.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

I would rate their support a ten out of ten.

Positive

I have used a plethora of other solutions. I moved to Trend Vision One for multiple reasons:

• The ability to do what the solution says it does
• The ability to orchestrate all different solutions into one single pane
• The ability to have automation when it comes to detecting and responding to threats

It is deployed on the cloud. For me, the deployment was easy. For the endpoints, we just did a GPO push through Active Directory. For the cloud, we used just simple tenancy APIs and we were good to go.

It took us a week simply by virtue of how big the organization was.

In the IT team, there are 10 people working with this solution. We also have other departments such as risk and audit that use it. Overall, there are about 20 people directly working with it. The remaining are users for whom it just works silently in the background.

The maintenance is not done in-house. It is handled 100% by the OEM. They do share notifications, but we as users do not feel it, so whatever maintenance is required is handled 100% by the OEM. That is the beauty of a cloud service. You are not overly bothered by it.

In my previous company, over the four years, I believe we had seen about 81% ROI.

There are cost reductions because of the simple fact that I have automation. It means that I do not need to spend a whole lot on headcount for security analysts. From a commercial point of view, it has helped me reduce my operational costs, and then there are also security cost reductions because of the fact that it is automated and it responds in real time.

When I compare it to its peers that can do the same, it is cost-effective.

The evolution has been great. When I started using Trend Micro Vision One, the product feature was what they used to call business worry-free. It has evolved from an EDR to a fully-fledged XDR. You can see that the R&D is putting in work, and there is evolution. In terms of product coverage, they do not look at only endpoint protection. Right now, we have bespoke server protection. We have cloud asset protection and email security. You can see the growth of Trend Micro when it comes to its cybersecurity offering.

Based on my experience, I would recommend this solution. The ease of use, elimination of overhead, and return on investment are the reasons why you should have this solution.

I would rate Trend Vision One a ten out of ten.

We use it for analytics. We check all the maps and communications when there is an incident or an issue. It is very helpful for analytics.

Trend Vision gives a lot of visibility. If you have a big environment, you can use it to see logs or events. It gives more visibility into what is going on in your infrastructure.

Last year, we experienced an attack attempt, and it gave us a lot of visibility. We were able to track the source and all the processes that were involved during the attack. For security, it is very good.

Trend Vision One has helped reduce our time to detect and respond to threats by 30% to 40%.

I find the maps particularly helpful. The object list, specifically the suspicious object list, is also quite valuable. You can simply add one object to that list to manage it from another solution.

It gives comprehensive visibility. It is very good. It gives a lot of visibility into all layers such as layer three or layer seven. It helps with monitoring the endpoints, including all the desktops and processes or communication between servers.

I believe that the interface could be more user-friendly. At times, it is challenging to locate certain features, and they need to reorganize the user interfaces.

I have been using the solution for one year.

I would rate their customer support a five out of ten. They sometimes do not give enough attention to the tickets. Even when I update a ticket or a case, they ask the same questions that I have already answered. I explain my problem, and they respond as if not paying enough attention.

Neutral

Previously, we used another solution. We observed that Trend is trying to move all the solutions to Vision One. That is why we decided to transition, and it is working very well. 

It gives more visibility. The other solution was focused only on the server or endpoint protection. It did not provide any tracks, just the basics. With Vision One, we can see all the information correlated in one place, which I find very helpful.

The initial setup is very easy. It is not very complicated. Sometimes, the documentation is not updated, but the processes are very intuitive, so it is not that hard.

In terms of the implementation strategy, we first focus on non-critical servers or appliances, and then we move on to critical ones.

It is being used in an enterprise environment at a data center.

The implementation may require two people, depending on the infrastructure and scale. You might need an engineer or an administrator.

For maintenance, there are two people. One person scans and reviews all the information and the other one is from the backup. It requires minimal maintenance.

Overall, the visibility and security that it provides are our returns on the investments.

I feel that Vision One is a bit expensive. As for the pricing or licensing, I would rate it a seven out of ten.

I would rate Vision One an eight out of ten.

We use Vision One XDR to provide managed security services to our clients by correlating logs from various Trend Micro products like Apex One, Cloud One, and Deep Security. Vision One acts as a central monitoring platform, providing a single pane of glass view of our clients' security posture. This simplifies monitoring and allows us to easily create playbooks and analyze alerts. While our EDR solutions, Apex One, Cloud One, and Deep Security provide robust security features like anti-malware, web reputation, and intrusion prevention, Vision One enhances this by correlating logs and leveraging threat intelligence to identify incidents missed by these individual products. Essentially, Vision One functions like a level three SOC analyst, providing an additional layer of protection and ensuring comprehensive security coverage.

Trend Vision One's centralized visibility and management are crucial for our managed security services because they reduce the overhead required for monitoring. As an XDR solution, it performs many of the tasks an analyst would typically handle, streamlining our workflow and allowing us to focus on in-depth analysis when needed. This reduction in workload is a significant benefit, enabling us to efficiently provide comprehensive security services to our clients.

The executive dashboard is a valuable tool for analyzing the threat level of specific assets, particularly for generating end-of-month reports that detail threat and alert volumes, and highlight high-security risks. This comprehensive analysis helps customers understand their security posture and take appropriate action to strengthen their defenses. However, it's important to note that the dashboard's usefulness may vary depending on the individual customer's needs and priorities.

The risk index is a useful tool that provides benefits, but its value depends on the specific needs of the customer. Some customers may utilize the risk index to identify assets with high-security risks, allowing them to address vulnerabilities and implement necessary patching. However, other customers may rely on alternative sources for vulnerability visibility and, therefore, may not prioritize the risk index. While not always a primary focus, the risk index remains a valuable resource.

Trend Vision One provides immediate benefits upon deployment. Its built-in XDR, which includes EDR functionality and integrates with existing security models like Apex One, Cloud One, or Workload Security, allows for seamless provisioning of endpoints and workloads. Rigorous testing confirms that Vision One effectively identifies and correlates alerts, including those missed by other EDR solutions. This enhanced detection capability is evident during post-deployment testing, as Vision One Workbench alerts are generated immediately.

We use Trend Vision One to consolidate security across hybrid environments.

We use attack surface risk management and often customize it in our reports to meet client needs. This service helps identify vulnerabilities and blind spots in their environments. For instance, we assisted a customer experiencing recurring attacks due to unknown vulnerabilities. Our attack surface management analysis provided the data to identify and patch these critical vulnerabilities, ultimately enhancing their security posture.

Vision One XDR significantly reduces threat detection and response time by automating the analysis typically done by a level two or three analyst. It provides a comprehensive view of the environment, incorporating behavioral analysis and intelligence sources to quickly identify unusual activity. This eliminates the need for manual investigation of logs and data, allowing analysts to focus on addressing actual threats. The XDR's automated workbench triggers alerts with a high degree of accuracy, minimizing false positives and further streamlining the security process.

We use security playbooks for certain low-level security alerts because many of these alerts, despite the large volume of data they represent, do not require significant time or attention. Playbooks are particularly useful in these situations as they automate the process of blocking the source or IP address associated with the alert.

Vision One offers several features I value. 

The threat intelligence sources enable it to automatically block domains known for command-and-control callbacks, effectively preventing attacks from those sources. 

Additionally, the security playbooks provide templates to block URLs or scripts, enhancing endpoint protection. 

Finally, the console allows for remote connection to endpoints, enabling direct investigation and remediation within the customer's environment. This flexibility and comprehensive functionality make Vision One a valuable tool.

Trend Micro is making many improvements, including addressing some of our feature requests. However, their reporting functionality needs improvement. The reports lack detail and customization options, particularly for XDR, which hinders our ability to provide tailored reports to clients. For example, we cannot generate reports on threat intelligence data from XDR, making it difficult to assess the protection received from external sources. This limitation also prevents clients from seeing the total value of XDR, including external factors contributing to their security posture. Threat intelligence is crucial, and clients want to understand its impact. Therefore, enhancing report customization, especially for XDR, would be a significant improvement.

I have been using Trend Vision One XDR for one and a half years.

Lagging does happen in Trend Vision One but it is infrequent and does not significantly disrupt operations. This is typical for many SaaS platforms and not a major issue.

Trend Vision One is scalable, allowing for flexibility from four licenses to a hundred or more, depending on how much or how fast scaling is needed.

The experience with customer service can vary depending on the case. Simple issues might involve referring to KB articles for resolution, while more complex issues might need backend support, which can take time. Overall, my experience has been positive.

Neutral

Trend Vision One is easy to set up and can potentially be handled by one person. However, teamwork is preferred to ensure accuracy, catch potential errors, and maintain a high standard of service.

Trend Micro's licensing is outsourced to third-party vendors, resulting in price variations depending on the vendor. Since Trend Micro doesn't directly handle pricing, I cannot provide specific cost details.

Trend Vision One XDR is an excellent security product that deserves a ten out of ten rating. It's surprising that more companies haven't adopted XDR, given its advantages over traditional SIEM solutions. XDR automates tasks like configuration, signature creation, and rule implementation, significantly reducing the manual workload required with SIEM. While I expect a shift towards XDR, many companies still rely on SIEM, which seems inefficient in comparison.

Trend Vision One functions as our XDR solution. I spend considerable time within it conducting reconnaissance on any security incidents requiring investigation. This tool allows me to quickly search for information that might be difficult to locate using our other tools.

We implemented Trend Vision One to improve our security posture by creating multiple layers of protection. This tool addresses security gaps our existing solutions, like Defender, may miss, providing deeper insights into potential threats.

We have implemented the product on both our cloud environment and endpoints. While we utilize a different Trend product for email, we also leverage Trend for this purpose. Trend's complete coverage is invaluable, as it centralizes data that would otherwise be difficult to locate, and its robust search function has been instrumental in our decision to continue using the platform. Although our organization is always exploring alternatives, the all-in-one nature of this solution has proven highly effective for our needs.

Vision One offers centralized oversight and control across our protective layers. It provides valuable insights into our various Trend applications, though its visibility into other layers is understandably limited. This limitation isn't a concern at this time.

Vision One has significantly improved our efficiency. For example, we recently faced a critical situation where a rule change on a client-server posed a potential security breach. Using Vision One, we quickly identified the employee responsible for the shift and resolved the incident without an extensive investigation. This would have been highly challenging without the tool, as determining the culprit would have been much more difficult.

We've been using the risk index feature to try to chip away at the risks within the environment and identify the vulnerabilities that need to be prioritized because that's been one area that has been more invisible to us with the other tools.

Vision One offers a valuable new perspective on our risk profile. While we receive reports from other tools like Nexus IQ, Vision One's unique risk classification and ranking system allows us to prioritize issues differently. This enables more informed decision-making as we can identify risks that other tools might underestimate. We've fully leveraged Vision One's benefits since our team's formation over two years ago. Though the tool existed previously, its impact was limited due to the absence of a dedicated team focused on its utilization.

It's able to detect things that other tools don't detect. We use a layered approach, so those tools have found stuff it hasn't detected. But that's to be expected. That's the goal of using the layered approach to it. But it's helpful because it catches things we might have been unaware of. Additionally, it might rank things differently than the other tools, and that's the same for this piece. And that can be very helpful for us to catch things we might have otherwise missed because it gives us that extra detail.

Trend Micro XDR has significantly reduced the time needed to detect and respond to threats. It offers capabilities that other security solutions lack, enabling us to address challenges innovatively. Additionally, built-in features such as insights and endpoint protection provide valuable tools that enhance our security posture compared to other systems.

Despite having a fifteen-year career in cybersecurity, I joined this role with limited hands-on experience. However, I quickly became proficient with Trend Vision One through self-directed learning, and my team soon recognized my expertise in the tool, making it a positive experience overall.

The Workbench feature is fantastic. It is so helpful to have something that pulls all the data into one visual representation of the events.

Vision One generates numerous false positives, forcing unnecessary investigations and highlighting a need for improved filtering options. A recurring false positive in our environment cannot be safely filtered, preventing us from ignoring it without risking overlooking genuine threats. This issue arises from a script that renames computers, which behaves suspiciously like malware but lacks a unique identifier within Trend for precise filtering. We cannot exclude the entire script due to potential exploitation by attackers who could embed malicious code within it, bypassing our security measures. While this scenario requires a targeted attack, the sensitive nature of our client's data, including threats from nation-state actors, necessitates a cautious approach to avoid compromising our security posture.

We want the ability to download and inspect emails from clients' mailboxes. Microsoft's platform supports this functionality, and we possess the necessary license. However, some clients lack the required license, prompting us to recommend Trend. If we could directly access and inspect client emails, it would eliminate the need to sell additional licenses to those clients, streamlining the process.

I have been using Trend Vision One for over two years.

Trend Vision One is stable.

As we've added employees and removed employees and added servers and removed servers, I haven't had to think about the scalability of Vision One. It has been very smooth.

We had a script that was not right and kept triggering false positives. I had reached out for help with that. The help I got took a lot of time to get responses. And in the end, they closed out the ticket I had opened without resolving it. I also found the communication experience to be rather frustrating. My biggest complaint about my experience with Trend has been the support. There's a lot of good to be said, but there's room for improvement in the support. The people were very polite, so I'm not giving them a five because that goes a long way for me. Having support that is snippy makes the experience significantly worse. So, I am grateful for that part.

Neutral

We used a Microsoft XDR in conjunction with Trend Vision One. The main pros for Vision One are that the interface is typically a lot easier and a lot less confusing. 

The overall experience of the interface is a lot more positive. The details I can pull out of Trend are much better than I can typically pull out from Microsoft. I'm able to get results that Microsoft doesn't seem to gather. The cons are that it's in such flux right now because they're moving all their other products into the Vision One console, which can sometimes make it a bit confusing. 

It can also mean that we're unable to access the tools we previously did as rapidly. For example, many of the Apex One stuff is now within Vision One. So we had to relearn how to do that, which cost us time during security incidents. And Microsoft does change things, but they typically change things by adding extra bloat. So that ends up being a con for Trend compared to Microsoft.

While I cannot confirm the specific return on investment for Vision One without firsthand data, I expect it to be positive, given our organization's tendency to quickly discontinue partnerships that fail to deliver value.

I would rate Trend Vision One eight out of ten. There is room for improvement, but with the tools I've used, Vision One is one of the better.

I don't do much regarding the maintenance of Trend Vision One, but I also know that because I get emails about stuff that goes down, it's relatively low maintenance compared to other tools.

We have Trend Vision One deployed across multiple locations internationally. Because the number fluctuates, we have roughly 1,500 to 2,000 users at any given time. Three people on our network team use Vision One. We have also used Trend products, other than Vision One, for a couple of our clients, which would expand those numbers significantly.

My experience with Trend Vision One has taught me many valuable details, and I strongly recommend that new users carefully review the provided documentation.

We use Vision One to detect to detect and respond to malware incidents. With endpoints (Apex One/Cloud One Workload Security), network (Deep Discovery Inspector) and Office365 (Cloud Email and Collaboration Security).

The environment is complex, distributed in more than +100 locations. Some locations are just offices, some others are industrial facilities with ICS and SCADA. Besides Windows, we deal with a lot of operating systems, including Solaris on SPARC. And our users are diverse, with lots of employees roaming around the country.

With CREM, we tackle important use cases around identity protection and risk management in general. Identification, prioritization, and remediation.

The full stack of Vision One has delivered what "SIEM 2.0" couldn't deliver. The capability to monitor threats and discover attack vectors before they are exploited and across all our workspace (on-prem, IaaS, PaaS and SaaS). We have invested well over a million into SIEM during the last decade. A full ArcSight upgrade and then a Splunk migration assisted with a large MSSP. Vision One is still ahead at a fraction of the cost.

Going through a capable, single-vendor solution was necessary, given our small team. Choosing the best solutions for every task and building all the integrations was not an option.

Vision One is much more than just EDR for us; it is a threat intelligence platform and a SOAR too. And even with the limited capabilities in this area, we find ways to tackle challenges our MSSP and SOC haven't been able to accomplish on a very large budget.

I like everything. The most valuable feature is how the stack fully integrates all components of a solution. Then, integrations with third parties will be provided.

As an example, I am capable of sending a suspicious file directly to my Deep Discovery Analyzer appliance (a sandbox) while investigating a suspicious download/file interaction, and I can then quickly push the IOCs in the suspicious object lists to protect both managed endpoints, and the rest of the network too! Yes, you can push domains and IP addresses to Palo Alto through a Trend Micro Service Gateway, ensuring you can protect even what cannot receive an endpoint. And all this without writing a single line of code. The ease of use and ease of deployment for use cases like this are my favourite features.

The SOAR features (Security Playbooks) are quite limited. At the moment, it is impossible to execute a simple piece of Python code that would pull or push something to an API, for example. While you can tackle some use cases, a SOAR from another vendor is still a must-have.

To assist with complex use case integrations, having all the data from the SIEM inside XDR would be great, too. That's where the market is moving with solutions like Falcon Logscale and Cortex XSIAM. Pivoting from XDR to Splunk or vice-versa can be time-consuming during incidents.

I was actually an early beta tester of the Apex One Endpoint Sensor before Vision One appeared in 2021. That would be three solid years of using it.

Quite reliable. In the last three years, only one incident created memory leaks on Windows Servers. We didn't see too much impact (fortunately) as a workaround could be quickly provided.

Support is quite responsive when something does work well. However, we do pay for Premium support.

The scalability is really good.

My experience is generally good, but I have had the chance to deal with premium support. I'd say I get the support I expect for the price that I pay.

Positive

Although we have been dealing with other security vendors (McAfee, Symantec, Proofpoint, and more), Vision One was really our first EDR.

The initial setup was a breeze. It is realistically one of the strong points of the solution.

We implemented the solution in-house. Although with premium support, you do get a lot of help from Trend Micro if you ask for it. You'll be able to talk to actual experts.

It is very hard to quantify an ROI on a security product. It doesn't generate revenues, and you can't quantify the cost of incidents that didn't happen.

Product names are changing all the time. Lots of changes in the last three years. They introduced the concept of credits, too, which did not make anything easier.

It's also easy to underestimate the credits required with Cloud Email and Collaboration Security: people invited from third-party tenants will count.

The credit usage and allocation tool has been improving, at least.

We had a look at Carbon Black and CrowdStrike Falcon.

It's probably the best solution for a small team that cannot absorb the complexity of a multivendor solution. The ability to execute VS the cost is surprisingly good.

We use Vision One together with the other products in the Trend Micro security stack, such as XDR, Site Management, and Apex One. 

Vision One has made our detection and response time much faster. We have 30-plus integrations, helping us to identify the most critical threats. The more connections, the better. We can also identify and resolve false positives faster. 

I like Vision One's workbench. It provides helpful logs that I can search, and the telemetry is excellent because I can see what's happening during an attack or potential attack.

Another one of my favorite features is attack surface risk management. It shows me faults and blind spots in my security. I also like the attack phase management. The model shows the risks in the corporation and provides considerable information about what is happening on the platform and the network, offering more visibility. There's also a risk index that shows me where I can improve my security. 

Vision One provides centralized visibility and management across multiple layers. This is critical because I need to see what's happening. It also allows me to set separate rules and policies for some security areas. 

Vision One's search could be improved. While the platform is very user-friendly, the search feature uses terms that aren't as intuitive. The automation is excellent, but I wish there were more templates to help me optimize more things. 

I have used Vision One for nearly a year.

I rate Vision One nine out of 10 for stability. It has only crashed once. 

I rate Trend Micro support six out of 10. They respond quickly but the answers aren't clear sometimes. They don't always understand the issue, so I need to explain a lot.

Neutral

I previously used the Microsoft 365 security stack, but I found Microsoft's XDR lacking. We also used Microsoft CASB and Defender for Endpoint. Vision One's threat intelligence and modeling are better. It has all the features like attack surface and risk management as well as the workbench. I also find Vision One easier to navigate. 

Vision One is easy to deploy. It's mostly automatic, but we needed to deploy some of the agents manually. If you can deploy all of the agents to the endpoints automatically, it takes only about five minutes. 

Vision One is expensive, but I think it's a typical market price. 

I rate Visione One nine out of 10. I recommend fully exploring Vision One's features. It has many features that you don't need to pay extra for. There are so many things to explore. For example, they have free playbooks for third-party integration.