Trend Vision One Endpoint Security Reviews

We use Trend Micro Apex One for endpoint security on our devices.

Trend Micro Apex One has been doing a good job protecting our endpoints against malware and malicious scripts. We have not had to deal with any threats.

Apex One boasts advanced protection capabilities that continuously adapt to safeguard against previously unknown and deceptive new threats. The ability to adapt to evolving threats is crucial, especially considering the surge in new variants, including zero-day attacks.

It detects ransomware using machine learning. This capability is important to defend against ransomware attacks.

The solution provides a single console for cross-layer detection for threat hunting and investigations. This is particularly helpful for gaining visibility across multiple platforms.

Apex One is integrated with our other security products.

It is easy to learn. Updating the solution is also easy.

I have experience with previous versions of Trend Micro so for me administering Apex One is easy.

Apex One has protected our organization from threats.

Apex One provides virtual patching before patches are available for the source of the issue. The virtual patching helps minimize risk until the patch is ready.

Since using Apex One, we have seen a reduction in viruses and malware by 50 percent.

We use Apex One as a service and this has helped save our staff five percent of their time.

Apex One has reduced our administrative overhead by five percent.

The antivirus is the most valuable aspect of Trend Micro Apex One.

While the single console offers partial end-to-end visibility into our IT security environment, we leverage additional solutions to achieve comprehensive coverage, so this area can be improved by Apex One.

I have been using Trend Micro Apex One for two years. 

Trend Micro Apex One is stable. We have not encountered any issues.

Trend Micro Apex One is scalable. We have not had any limitations on our environment.

We have a dedicated account manager that helps us with the support.

Positive

We previously used McAfee, but it was not protecting our endpoints as well as we liked. So, we switched to Trend Micro Apex One.

Trend Micro Apex One is priced well.

I would rate Trend Micro Apex One nine out of ten.

We have a team of six people who are responsible for the monitoring and maintenance of Trend Micro Apex One.

Trend Micro Apex One is deployed globally and we have 8,000 endpoints connected to it.

I recommend Trend Micro Apex One. It is a good solution with proper backend support.

To avoid any challenges, users need to consider hardware compatibility before implementing Trend Micro Apex One. 

We use Trend Micro One Endpoint Security for endpoint security. We are using the SaaS version of One Endpoint Security. 

I am confident in One Endpoint Security's capability to defend endpoints against threats like malware, ransomware, and malicious scripts. 

One Endpoint Security has predictive machine learning and behavior monitoring, which are essential for endpoint security. Our file scan also scans the memory for malware. Behavior monitoring is particularly effective at detecting ransomware attacks because it can check for unusual encryption methods.

I like the way Trend products integrate with each other. The servers are all tied into Central, which is now integrated into my Vision One console. The on-premises stuff is also integrated with Azure.

We use a single dashboard through The Central to view detections, threat hunting, and investigations. The visibility through the single console is important. When we open the dashboard, it tells us what it has found. For example, I am currently looking at the SaaS version. If I go to One Endpoint Security, I can see all of the agents that are currently connected. It takes a few moments for all of the agents to load. We are currently in a downtime during the summer months. We are a school board, so there are fewer staff members on-site, and not all of the schools are open. We have 12,000 employees and 80,000 students. However, not all of the students are online right now as they would be during the school year. Next Friday, we will have more staff members in the office. When school starts after the Labor Day long weekend in Canada in September, everyone will be back online. Currently, the dashboard only shows 9,140 agents. Last week, it showed 6,400 agents. I have the system set up to remove inactive agents so that the system does not have to constantly scan a bunch of systems that are not even there. I have seen up to 17,000 endpoints on our system.

Vision One is now monitoring my Cloud One workload security and My Cloud Central. This means that Vision One is collecting data from both systems and giving me a comprehensive overview of my security posture. When I open Vision One, I will be able to see visibility into my entire organization. I have configured Vision One to send data to our Syslog server and receive data from our Qualys server. The Qualys server scans my servers for vulnerabilities and reports back to Vision One. I have also set up a service gateway and a workload security data center gateway. The workload security data center gateway feeds data from my VMware ESX servers into Vision One. This allows Vision One to see the real-time status of our VMs, including which ones are powered on, which ones are running the Deep Security Agent, and which ones are still running on my on-prem Deep Security server. Vision One provides me with a risk overview, an exposure overview, and an attack overview. This information includes details about credential access, lateral movement, collection impact, and suspicious mail forwarding rules.

We have our Azure system for Office 365 and on-premises Azure Active Directory also connected to Vision One. This means that Vision One can see all logins to our Azure system and our on-premises AD. I have agents running on our on-premises directory controllers, so this data is also being fed into Vision One. Vision One can also see our Azure domain controllers and our DMZ. I receive alert emails when something serious happens. I haven't received any of these emails since we started using Vision One. However, I receive emails about endpoints that have had files quarantined. The file on the endpoint was too large to move to the main server quarantine, so Vision One just gave me a small error message. Currently, the endpoint protection dashboard shows that out of 19,678 endpoints, agents have been deployed on 13,675. This includes Macs. The dashboard shows one Linux endpoint, which is my service gateway. There are 882 Mac OS endpoints, which is lower than the usual number of 1,100 because not all of them are turned on. There are 12,792 Windows endpoints. The dashboard also shows that 6,003 endpoints have no security protection. These endpoints likely include network equipment, certain Linux servers that are not running Trend Micro software, and proprietary operating systems that are used by our network team and other IT groups. There are also endpoints that are listed in our Active Directory, but they are either turned off or do not have any active systems.

Updates are applied on an hourly basis. If an exploit gets through and an endpoint has not been updated, it will receive the update on the next cycle. The most common reason for an endpoint not receiving an update is a network issue or the endpoint being powered off. Once an endpoint goes online, it is configured to automatically retrieve security updates from the server, or directly from Trend Servers over the internet if the server is unavailable. The first thing the endpoint does when it goes online is update its security patches, signatures, and scan engines. When a detection is made, the endpoint first deletes the file and quarantines it. It then blocks the action of whatever the file was trying to do. The endpoint's virtual patching, behavior monitoring, and predictive machine learning then stop any unusual activity. This may even include an activity that is supposed to happen. We have had members of our ICT department complain that they were unable to install software because the antivirus protection was blocking it. In some cases, we have groups within our organization that are responsible for maintaining their own servers. When they are doing upgrades, they may schedule us to temporarily disable the antivirus protection so that they can complete the upgrade. Even if malware does not get detected by the web reputation system and is downloaded by a user, it may still be detected by the signature-based malware detection system. If it is not detected by either of these systems, it may still be blocked if it tries to contact its master. These master addresses are often common addresses on the internet that are used by bots to communicate with a server that is maintained by the threat actor. If a bot is blocked from contacting its master, it will be unable to function. If we see a large number of bots being blocked, we will investigate the system to see what is causing the issue. In many cases, it turns out to be a legitimate activity that is being blocked by the system. For example, we may have custom scripts running on certain servers that look suspicious to the system. We can manually whitelist these scripts so that they are not blocked. Overall, the system is designed to be overprotective. This is because it is better to block something that is legitimate than to let malware through. We can always fix a false positive, but it is much more difficult to fix a security breach.

I started using One Endpoint Security in August 2020. I learned how to move agents, install software, and get the agent onto the server. I also learned from the documentation, knowledge base, forums, and other users. I found One Endpoint Security to be more difficult to learn than PaperCut because the terminology and concepts are different. PaperCut is just about printing and monitoring, while One Endpoint Security is about cybersecurity. There are also many caveats to consider with One Endpoint Security. I found the scan settings to be particularly challenging. Trend Micro has helpful best practices documents, which I used to learn what the normal settings are for servers and workstations. For example, servers don't need to be scanned for office document exploits because they typically don't have Office installed. I also learned that it's important to balance security with performance. We don't want to scan servers so heavily that it slows them down, but we also don't want to skip important security checks. In January 2021, we changed our policy on security settings. We now tell users that if there are any problems, we will fix them. We would rather have a small problem that we can fix quickly than have to restore a server from backup, which can take days.

One Endpoint Security provides virtual patching, also known as vulnerability protection, to protect against vulnerabilities before they are exploited. Deep Security and Workload Security call this feature intrusion prevention, but it is essentially the same thing.

Workload security now has a feature called Activity Monitor for each endpoint. This is a free version of their Endpoint Basecamp product that is automatically installed with every One Endpoint Security agent. Even if we are not licensed for Endpoint Basecamp, it will still be installed. On the servers, I had to remove the Endpoint Basecamp and then deactivate and reactivate the workload security agent to get the Activity Monitor working properly. However, I am glad that we get free monitoring for our servers, even though we do not get it for our workstations.

The agent program version column in the agent screen, we could never sort by. It's so handy to be able to sort by that now. We can go to one end of the scale to see the lowest agent version, and then go to the other end to see how many are updated to the latest agent.

Microsoft's new Azure Code Signing is causing a lot of issues for us with One Endpoint Security. We currently have two systems in operation, on-prem and SaaS, and many of the agents won't upgrade beyond version B11564 because these newer versions require Azure Code Signing compliance on the endpoint. If we are not up to date with our Windows updates, we don't have this compliance. Irrespective of the Windows version we are running, we have to apply patches to the machines, if the OS is not damaged, to make them compliant. After that, we can upgrade to the latest version of the respective agent. This process also applies to both Deep Security and Workload Security.

I have two production servers: one for Windows and another for Mac. These servers are available in both on-premise and SaaS versions. Additionally, I have a test server that is located on-premises. The significant distinction with the SaaS version is the absence of a test server where I can install a new version. This means I can't allow the agents on it to upgrade and then perform testing. In contrast, with the production SaaS version of One Endpoint Security, I have numerous agents transitioning and coming online. It's essential that these agents upgrade to a newer version. Among these agents, there are five or six different versions, not counting the really old ones that have yet to upgrade due to ACS non-compliance. I can't leave the testing phase for an extended period because I still have outdated agents that need to be updated. These agents can't be left hanging while I wait to test the newest version that has just been released. New versions seem to come out every couple of months in the SaaS environment. In the past, when I solely used the on-premises version, I would review security bulletins for the SaaS version to identify any issues. I'm apprehensive about potential future situations involving this, primarily because the majority of our agents now operate on the cloud version. If a problem is discovered, rolling back on those agents would be challenging. It would require careful operation to revert them to a different version.

The on-premises version of One Endpoint Security has an update function that allows us to manually update a bunch of servers. For example, if I just turned on a policy, I can force the agents to quickly download the policy and start following the update procedure or update settings. However, this function is not available in the SaaS version. This is because the system cannot communicate with the agent through the firewall. The SaaS version has an automatic update function and an update source entry in the update agents sub-menu, but it does not have a way to force agents to update. This is a problem because we cannot automatically update the agents. We have to manually log in to the machines and give them an update command. Currently, we have no choice but to wait until the agents find the updates themselves.

I have been using Trend Micro One Endpoint SecurityOne for three years.

I have the enterprise version, so I can usually talk to someone in the Philippines even during after-hours. I only do this when it's something that can't wait until the next day. If it can wait, I'll let it go until then. But if something is broken and needs to be fixed right away, I'll get in touch with the Philippines team. They have some good people there, and the support is really good. I think Trend's support is probably the best of any of the vendors I work with.

I have a few open tickets, and one of them involves the developers. They keep coming back to me with questions that they have passed on to the service representative I'm working with. The developers want to know why I'm seeing something that they think I shouldn't be seeing. I'm generating a report that is supposed to show me all the endpoints on our workload security server that do not have agent self-protection enabled. This is part of the Vision One report. One of the endpoints that the report identifies is our service gateway. It is running Ubuntu Linux and has a Deep Security agent installed, but agent self-protection is not enabled by default. There is a way to enable it, but it's not typically done for Linux systems. Agent self-protection prevents unauthorized configuration of the Trend Deep Security agent service settings. This means that we can't change or stop the service without first disabling agent self-protection.

Positive

I would rate Trend Micro One Endpoint Security ten out of ten.

My concern arises when an endpoint lacks One Endpoint Security, as we are not actively monitoring for this. While we possess a scanner, this is why I intend to maintain the on-premises system's functionality. I plan to transition away from the deep security system and migrate the application team to the cloud version, although this transition process is currently pending. I need to retain the on-premises One Endpoint Security primarily for assessment scanning purposes. This involves scanning all items listed in our active directory, along with the subnets for our VPN, to identify unprotected endpoints. During a recent scan, I identified nine such endpoints and proceeded to install the agent on them. Occasionally, there are instances where the agent won't install, but no error message indicates a connection issue or existing installation. Some of them show as not having the agent installed, even though they do, which can happen when the endpoint is booting up during the assessment scan and the agent hasn't yet been loaded. Resolving this is relatively swift, although there are instances where devices not compliant with ACS will trigger a message stating that the agent cannot be loaded. These devices are then flagged, and I work on making them ACS-compliant to ensure proper agent protection.

The noteworthy aspect of One Endpoint Security is that we didn't begin using it extensively until the third quarter of 2021 when vulnerability scanning was initiated. Although we had an Central server, we were not using any policies on it. To enable Vulnerability Protection, we needed to implement endpoint policies in Central. Vulnerability protection involves virtual patching, where regular scans check our operating system's vulnerability to known exploits. It also includes monitoring applications for vulnerabilities and guarding against those vulnerabilities until they can be patched. This process is largely automatic, as the rules to counter cyber threats are introduced until the system is patched, at which point they are removed automatically. In contrast, on the Deep Security side, I need to execute this process manually. A weekly automated scan takes place, followed by an emailed report. This report aids in identifying missing policies or necessitated rule adjustments based on scan findings.

We have to constantly monitor the systems to make sure it is okay. I have email alerts coming in from Trend Micro One Endpoint Security, and Central Systems. I have folders for workload security, deep security, and Trend Micro in my inbox. I check these folders even when I'm not online to make sure there are no major alerts. In a way, this gives me peace of mind. As long as the agents are running properly and there is enough memory and disk space, everything is fine. However, I still have to manually check the System Event Log to see if any One Endpoint Securityendpoints are running out of memory or disk space. We also use SCCM. I set up a scheduled script to create a report of all endpoints with less than 1 gigabyte of disk space. I put this report in a folder that is accessible to all of our school techs and team leaders. This way, they can check the report periodically to see if any endpoints need to be reimaged or have some garbage removed from the disk.

We were using it for our endpoints. We had more than 1,000 points. 

We were using it for anti-malware, DLP, and device control. We also used encryption, which did not work well, but the anti-malware, DLP, and device control capabilities worked very well.

By implementing Apex One, we wanted malware protection for our endpoints. We also had a requirement for a data loss prevention solution. It was integrated into the Trend Micro suite, so we got three capabilities: malware protection, DLP, and device control. The Trend Micro suite worked for these three use cases for us.

Device control worked as expected. We tried other solutions too, but they did not work the way we configured them, whereas with Trend Micro, it was not difficult.

Apex One was good at defending endpoints against threats such as malware, ransomware, and malicious scripts. In the five to six years that I used it, I did not have a single issue. All the endpoints were protected. I did not have any outbreak or anything else. It was effective.

Apex One had advanced protection capabilities that adapted to protect against unknown and stealthy new threats. It was pretty good. In the reports, we could see the outbreaks mitigated by Trend Micro. It automatically provided an alert.

Apex One provided us with a single console for cross-layer detection and investigation, but I am not sure about threat hunting. As I understand, threat hunting is something that comes under the SIEM solution. I am not sure whether it has threat-hunting capabilities or not. I did not deal with that.

Apex One integrated well with other security products. It was good. We integrated it with our SIEM solution. It was seamless. When a threat was detected, it deployed rapid updates to endpoints. It was very critical. I could see that every two hours, definitions were getting updated.

Apex One has consistently been a good product. It consistently performed well for me. It kept getting updated for any new evolving threats and ransomware. I did not have any issues.

Apex One provides virtual patching to protect against vulnerabilities even before a patch is available for the source of the issue. Because we did not have any issues, we were not very concerned about that, but the feature was there.

Device control works well, and the anti-malware updates are also pretty good. Every two or three weeks, you get updates. The frequency of the release of new definitions is quite good. We had peace of mind.

It was easy to administer. It was easy and user-friendly. When new technicians joined, we just provided access to them. They could efficiently manage it. It was not very difficult to train them.

Trend Micro's encryption is not up to the mark. We tried their encryption product, but we did not like it. Encryption was difficult to manage.

Other than that, I do not have any input. We did not go into XDR. We were planning, but then we moved to another solution. The product is stable, and they should keep working on handling new threats.

I used it for five to six years. I stopped using it three months ago.

It was pretty stable. We never had any problem related to stability, where it was not performing or not updating. 

It is easily scalable. If an organization has 500 endpoints and they are expanding to 1,500 endpoints, the migration is not very difficult. It is easy.

We had a support partner to support us. Whenever there was a technical issue, they helped to resolve it. I never went very deep into it because our partner used to handle the technical support service.

We were using McAfee. We switched because the pricing of Trend Micro was competitive at the time. 

We were happy with McAfee, and we were happy with Trend Micro. We did not have any issues with either product. We did not see any reduction in viruses and malware after moving to Apex One.

It was an on-premises solution. My team and I were involved in its deployment.

It took us about three to four months to completely implement it. We took our time. We first implemented it on some of the machines and saw the results. We then implemented it on other machines. Within one year of implementing it, we could realize its benefits.

We work with a consultant. He supported us with any technical issues. The initial configuration and installation on a certain number of machines was done by the consultants, and later on, my team handled it. Overall, we had seven to eight people who were involved in its deployment.

For managing it, I had two resources for managing servers and different applications. They could manage Trend Micro along with them. I did not have to have a separate resource for it. The same two people could handle it along with their other responsibilities. They were responsible for monitoring, updating clients, and checking the client status. They checked how many clients were updated and troubleshooted the ones that were not updated. They looked at the compliance reports and alerts.

Its price is competitive.

We did not evaluate other options because Apex One was already being used in other groups in my company. They were satisfied with it, and it also had better pricing, so we just went for it. We did not evaluate other products.

It is pretty good. We did not have any surprises. We did not have any kind of attack. Trend Micro provided good protection. It gave us confidence.

It has a lightweight agent. The installation is not very difficult, but the partner should be competitive enough. The product is good. It does not require much maintenance, but you should have a good partner to support you. 

Overall, I would rate Apex One a nine out of ten.

We use Trend Micro to troubleshoot and monitor. We implemented it to gain more visibility into the networks we manage. Automatic network mapping helps visualize the network.

Trend Micro reduces our response time by around 40 percent. We can patch vulnerabilities and create specific rules to fix issues before an official solution is available. We've also reduced viruses and malware by about 30 percent. 

The Trend Micro security products are well-integrated with each other, creating a lot of value for the company. We need a comprehensive solution for preventing all cyberattacks and problems users cause when they don't understand the dangers of clicking on phishing websites, emails, attachments, etc. The company needs to reduce its exposure to threats. If we lose the data, we lose the company. 

Apex One provides a single console for receiving information about each machine, virus, malware, etc. The console receives telemetry from each machine that we can consolidate and view on one dashboard. We can see all the problems and vulnerabilities to make the best choices to prevent, restore, or recover. It gives us unified visibility into our entire IT environment. It's easy to administer Apex One. There are some advanced settings, but they aren't difficult to understand, and the documentation is detailed. 

OfficeScan wasn't 100 percent perfect when it was rolled out, but integration with Apex One improved its efficiency for dealing with trending attacks or ransomware. Initially, it wasn't very good, but now we can better control the environment. 

Trend Micro has advanced protection capabilities that cover unknown and advanced novel threats. It's critical because restoration could be complicated if we lose machines or information on the machine. If we lose some business information, we might run afoul of the law. Apex One can prevent all these incidents. It's an excellent solution.

Machine-learning ransomware detection is essential, as ransomware attacks can be difficult to contain. Without this agent, we wouldn't know that we lost all this information, and we might be forced to close the company and lose money.

Initially, it isn't easy to understand the console because most of the applications integrate through Visual One. When we create a new dashboard, it takes some time to adapt, but the IT staff does not have any problems.

We have used Trend Micro for seven years.

Trend Micro's support has been very helpful.

Deployment is simple. The engine was difficult to install the first time, but the latest versions are different. The package is small and doesn't affect the performance. It deploys quickly and we start receiving the telemetry on the console fast. 

Trend Micro reduces equipment costs. We don't need to buy services for an on-prem data center.

In Brazil, Trend Micro is cheaper than its big competitors like CrowdStrike and Symantec.

We evaluated several products and landed on the Trend Micro stack because it can be integrated with different solutions. They also have products covering various IT areas, such as networks, email, etc., that we can control from one place and manage from our mobile phones. The appeal of Trend Micro is that we can consolidate all our security and IT tasks into one console.

I rate Trend Micro eight out of 10. 

I create real-life scenarios with products and work with products such as Trend Micro, CrowdStrike, SentinelOne, Palo Alto, etc. Trend Micro is not my focus item or brand. My focus is more on CrowdStrike, but I am using Trend Micro in my lab environments to check the real-life situation. I am not okay with what vendors share on their websites, so I give my customers and partners real-life scenarios.

I offer Trend Micro Apex One to our customers just because they want a secondary signature-based solution.

Apex One did not work as per my expectations. I am doing zero-day attacks by myself, and for fileless attacks, it does not work at all.

With the current architecture, Apex One does not have advanced protection capabilities that adapt to protect against unknown and stealthy new threats. It might have these capabilities in the future if they change the architecture. For instance, McAfee merged with FireEye and created a new brand Trellix. They changed the overall architecture. If Trend Micro considers shifting its architecture, it can get this kind of protection.

Apex One is okay for detecting ransomware with runtime machine-learning capabilities. It has some signature-based protection against ransomware, but it may miss the ransomware, which has been a huge threat at least for the last seven or eight years. It is the foundation of zero-day protection, and that is why I am looking for a more capable solution besides Trend Micro.

Apex One integrates with other security products. As part of this integration, when a threat is detected in the network sandbox, it deploys rapid updates to endpoints, which has huge importance because if you can respond to events in a short time, you get the least damage from attacks. It is of huge importance.

Apex One provides us with virtual patching to protect against vulnerabilities even before a patch is available for the source of the issue, but it is a problem in itself because it consumes too many resources on an endpoint. It is a good feature, but it is a problematic feature because it consumes lots of the system resources. If you use signature-less architecture, you do not have to deal with virtual patching because all attack types are already addressed with some framework, such as the MITRE ATT&CK framework. You do not have to deal with virtual patching at all.

There has been no reduction in viruses and malware since moving to Apex One because my customers are using it as a secondary solution. They have primary products, and there are not many things left for Apex One. My customers are using it as a secondary solution just because of their habits of using signature-based. Some of my customers could not understand the concept of signature-less protection. Antiviruses have been there for 40 years or so, and their habits are a little bit hard to change. That is the reason why I am offering this product.

I offer this solution only if a customer is looking for a signature-based protection solution. Its database is better than most of the endpoint protection solutions.

It is weak in terms of intelligence. By implementing Trend Micro Apex One, I wanted to see real-life scenarios. I deployed it on 50 clients to check if I could do lateral moments and zero-day exploits. I wanted to check how the zero-day protection works with Trend Micro. It fails with most of them because it is signature-based. They are not looking at the MITRE ATT&CK framework, so with zero-day attacks, it mostly fails. Instead of signature-based, Trend Micro may want to change the architecture to use more behavior analysis. Behavior analysis is included with Trend Micro, but it is not a complete set, so it needs enhancement.

Apex One does not provide a single console for cross-layer detection, threat hunting, and investigation. Managing it is a little bit hard. You have to use different consoles for Apex One, Deep Security, and Trend Micro endpoint protection, so managing it is a little bit tricky.

In terms of the learning curve, Apex One is easy for me, but regular users may have some issues. The management of Trend Micro products is a little bit tricky. Apex One does not include every protection in itself, so you have to use endpoint protection, and you have to use Deep Security. If three of them come together, at some point, it will be competitive with next-generation antiviruses or EPPs such as SentinelOne, Microsoft, CrowdStrike, etc.

Its implementation takes too much time. With CrowdStrike, I do not have to restart any operating system, but with Trend Micro, I have to.

Its administration is also a little bit tricky. It is easier when you have background knowledge.

I have been using this product for a year.

Its stability is quite good. I cannot complain about the stability.

It sometimes also depends on luck. The product can sometimes conflict with other products, but to this day, I never encountered any issue like that.

It is a little bit hard to scale as compared to CrowdStrike. I am using on-prem solutions most of the time. With on-prem solutions, it is a little bit hard to maintain, deploy, or scale a product, but cloud products are easier to scale.

I have a centralized customer, and I also have customers who have distributed locations all over Turkey, so I have both types of customers.

It takes a little bit of time, and it can be improved. Sometimes, I get a response in two days, and at other times, I get a response in two hours. It depends. More consistency would be great, but I have already gotten used to this kind of issue, so I cannot complain at all. I would rate them a seven out of ten.

Neutral

I am using other server protections and intelligence products. I still have CrowdStrike in my portfolio. I have clients for that, and I am okay with CrowdStrike.

Its deployment takes time. If I have to deploy it in a huge company with over 10,000 clients, it takes a little bit of time. If I am using CrowdStrike, it would take only two or three days, whereas Trend Micro takes more time. I have not measured the exact time difference, but it takes more time compared to other solutions or the next-gen antiviruses. It also depends on the environment because organizational units are not available all the time.

I deployed it on the cloud and on-premises. It depends on the end-user scenarios and topology. In Turkey, customers mostly prefer on-prem solutions, but this is changing day by day. Customers in Turkey tend to have their information on-premises. If a customer wants an on-prem solution, then I offer them the Trend Micro product or Trellix product. It also depends on their budget.

Its deployment is not too complex in my experience, but from the customer perspective, it is a little bit tricky. It takes a little bit of time. They have to have a little bit of background knowledge.

The implementation strategy varies. Sometimes, I use third-party solutions, and sometimes, I am just pushing from the central management console. It depends on the customer's topology.

In terms of maintenance, it does require maintenance. It depends on the company budget because some of my customers have a few locations in Turkey, and sometimes, they have only one IT specialist. They send that one person everywhere in Turkey or to multiple locations. If they have more than one IT guy and if they are also distributed, they do not have to send those guys to other places. It depends on the customer's budget.

If I deploy the product, then one person is enough, but if I have to leave it to my customers, they need two or three people. They are usually IT specialists, but they are not so knowledgeable.

It takes time, but it is better than some of the other products such as Symantec. Symantec takes more time compared to Trend Micro.

It is okay. Compared to Sophos, it is a little bit expensive, but it is a good product and it is better than Sophos, for instance. It is equivalent to Trellix.

Its cost depends on the country. I am in Turkey, and Trend Micro is not so affordable in Turkey. SMB companies are looking for cheaper products. In Turkey, enterprise customers tend to use Trend Micro, and if they have more money, then they use next-generation antivirus or EPP products such as SentinelOne, CrowdStrike, or Microsoft E5 package.

I evaluate most of the popular brands such as Trellix, Sophos, and Kaspersky.

Trend Micro Apex One has some good benefits, and CrowdStrike also has some benefits. I would recommend Apex One depending on the scenario. I have to check it with my customer first. I have to identify their basic needs and what they want to do. Sometimes, it just matches the requirements, and sometimes, it does not, so it depends.

If you are looking for the productivity of employees, go for a signatureless solution.

For an SMB, I would rate it an eight out of ten.

We utilize Trend Micro Apex One for endpoint security across all of our clients, managing it centrally alongside the entire Trend Micro suite.

We implemented Trend Micro Apex One to improve our endpoint security.

Trend Micro Apex One is able to identify threats and notify us to investigate from a central location. From there we are able to inform the client and disconnect the affected device to protect the environment.

Apex One employs advanced protection features, including behavior analysis, to adapt to and defend against unknown threats. Apex One's ability to recognize abnormal behavior and terminate processes is crucial for safeguarding our organization's security.

Apex One utilizes runtime machine learning to detect ransomware, a crucial feature for safeguarding our data from ransomware attacks.

We utilize Apex Central as a single unified console for comprehensive management, enhanced visibility, and effective cross-layer threat detection, hunting, and investigations. As managers of Apex One, we require a centralized console for comprehensive threat detection, investigation, and hunting across all layers of the environment to effectively monitor and manage client performance.

Apex One's single console provides end-to-end visibility into the entire IT security environment.

The end-to-end visibility has significantly reduced our response time, enabling us to respond within five minutes.

We have integrated Apex One with other security products. Apex One is able to deploy rapid updates within ten minutes of detecting threats in the network sandbox. 

The ability to deploy updates immediately is crucial for me as a security manager.

Apex One is easy to learn.

Administering Apex One is more straightforward than the other products I manage.

Apex One has helped improve our production. We were able to see the benefits within two months.

Apex One offers virtual patching to mitigate vulnerabilities that attackers could exploit.

We have seen a reduction in viruses and malware since the implementation of Apex One.

Apex One has reduced our administrative overhead because it is easy to use.

Trend Micro Apex One's centralized management is user-friendly and efficient. It provides comprehensive visibility into all client logs and seamlessly integrates with other products, such as CM. This well-structured design facilitates effortless monitoring of the entire environment from a centralized location.

The time required for Apex One to notify us of detection in the central console should be reduced.

I have been using Trend Micro Apex One for almost seven years.

I would rate the stability of Apex One nine out of ten.

Apex One is scalable and can easily manage up to 5,000 endpoints.

Our client has 5,000 employees, and each employee uses two laptops. Therefore, we have plans to increase the usage to cover 10,000 endpoints.

The technical support is good. They are able to action our requests.

Positive

We previously used Kaspersky Endpoint Detection and McAfee. We switched to Trend Micro Apex One because it offered a lower price, better central management, and is a popular solution in our country.

The deployment was straightforward and took approximately six hours to complete. The vendor provided us with resources in advance, including database and IS configurations, before arriving to implement Apex One. This facilitated the download, implementation, and licensing of Apex One. One person was required for the deployment.

The implementation was completed by a third-party vendor.

The price of Apex One is competitive and lower than the prices of the solutions we compared it to.

We evaluated the different Kaspersky and McAfee offerings in addition to Trend Micro.

I would rate Trend Micro Apex One nine out of ten.

Two people are required for maintenance.

I recommend Trend Micro Apex One. It is a good solution.

We utilize Trend Micro Apex One as our antivirus protection.

Trend Micro Apex One has assisted us in safeguarding our data.

Trend Micro Apex One has helped improve our organization's performance by preventing attacks. We noticed the benefits during the testing phase.

The number of accessories included is the most valuable feature.

The EDR feature is difficult to use and could be made more user-friendly.

I would appreciate the inclusion of malware and zero-day attack features in a future release of the solution.

I have been using Trend Micro Apex One for five years.

Trend Micro Apex One is stable.

Trend Micro Apex One is scalable. We have 50 people in our organization that are protected by the solution.

The technical support is quick to resolve our issues.

Positive

We used to employ McAfee, but we transitioned our systems and subsequently switched to Trend Micro Apex One.

The implementation was completed in-house by our system integrator.

Currently, Trend Micro Apex One's price is good and there are no extra costs attached.

We evaluated both Kaspersky and Avira, both of which are good solutions. However, we did not use them for our system. Trend Micro Apex One received a higher rating in our evaluations.

I rate Trend Micro Apex One nine out of ten.

We employ four engineers to maintain the solution. Trend Micro Apex One is deployed in one central location.

I recommend Trend Micro Apex One to others.

We use Apex One for Antivirus only.

Our company currently has more than 8,500 machines with the Apex One agent installed, including servers and workstations. We are a 100% Microsoft Windows environment.

Being a financial institution, data integrity is paramount to keeping our customers' information safe, as well as the well-being of the bank. We use the Apex One web console to review logs and triage any infections that may be occurring or that have occurred.

We really like the ability to have different policies to keep servers and endpoints unique to their own policy.

Apex One has streamlined our AV. We use the SaaS instance in the cloud.

We use real-time scans, manual and scheduled scans for viruses, malware, grayware, ransomware, etc. We also use other modules like Behavior monitoring and predictive machine learning, malicious web tracking, and blocking.

We were previously using the Trend Micro OfficeScan antivirus product, so it was only natural that we upgraded to the Apex One product when we decided to upgrade. The SaaS instance in the cloud was right for us.

We really have found the web reputation monitoring and the behavior monitoring portions to be highly valuable. These modules really cut down on careless user impact.

Behavior monitoring keeps ransomware from taking hold.

Real-time scans also monitor files as they are accessed, downloaded, sent, etc.

We have our environment set up to alert our security department not only when endpoints are infected, but for anything that is considered a low risk that may need further investigation.

A daily check of the logs helps us keep an eye on those things.

The console is divided into two parts. One for the policy and configuration, another for agent management. I'd like to see the different interface components combined into one, or be allowed to get to the agent management portion without having to log into the main console.

Another item that I would like to see change is the fact that, on occasion, the console will be updated and items that I once knew the location of have moved to a different location. I would like to see a model where we are alerted to the changes as they happen.

We have been using Trend Micro Apex One for six months.

Stability-wise, we have no complaints. We have had zero downtime with our SaaS instance.

From what I've seen, we would have no issue adding more policies, endpoints, etc. to our environment.

Our account manager and lead tech were essential in setting this up and getting everything the way we needed. They were quick to answer our questions and very knowledgeable.

We were an OfficeScan portion, which was rebranded and upgraded to Apex One.

The initial setup was very straightforward.

Go to the site, answer a few questions and within five minutes, you're up and running.

We did the work in-house, with support from our Trend team if needed.

Our ROI is yet to be determined, as we have not had the product long enough.

The SaaS version is competitively priced and amazingly easy to set up.

We evaluated CrowdStrike, Carbon Black, and FireEye.

We have really had a good experience so far with Apex One.