Trend Vision One Reviews

We use Trend Vision One for the XDR and we absolutely love it, especially the full visibility into protected assets. It's incredibly easy to identify weaknesses across systems and manage any outdated software or areas needing attention directly within the user interface. Previously, we juggled multiple dashboards, but the new version has streamlined everything into a single, unified dashboard. This has significantly simplified our workflow and improved manageability. In essence, we can now manage multiple products seamlessly within the same Vision dashboard, which is a considerable improvement over the previous system. This year has brought significant and positive changes to our workflow.

We use XDR across Office 365 in the cloud and on-premises environments to safeguard our assets. This includes protecting our server environment, workstations, and Virtual Desktop Infrastructure, ensuring comprehensive endpoint security.

Our deployment utilizes a hybrid model, making agent deployment incredibly simple. We employ several different deployment methods: on-premise deployment through Active Directory and utilizing various tools. In case a system leaves the network for any reason, we have third-party solutions in place. We have multiple RMM solutions that can be rapidly deployed in these packages. For example, I've recently observed systems being spun up and sent home before antivirus protection was activated. We still have the opportunity to deploy these solutions in the cloud automatically. So, we have a few ways to work around this and deploy those agents, making it easy to deploy either on-premise or in the cloud. We can address several scenarios and push out to those endpoints.

Coverage is extremely important. We want to ensure visibility into all assets across the network, whether it's a workstation within the office or someone working remotely. This visibility is crucial even when they're outside the network or using cloud-based software, especially since we have no on-premise infrastructure. With the rise of remote work, having this extra visibility into devices, whether at home or abroad, is invaluable. We appreciate the ability to see what's happening on any asset, regardless of its location. This allows us to monitor running processes, identify vulnerabilities, and push necessary updates, ensuring we maintain connectivity and security no matter where devices are operating.

Trend Vision One offers us comprehensive visibility within a single dashboard, which is crucial since we manage numerous other products and security solutions with various dashboards. The simplicity and centralized visibility provided by Trend Vision One significantly streamline our operations. Managing a multitude of security products across our environment necessitates consolidated visibility to minimize back-and-forth navigation. Having all the necessary information in one place is essential for us.

We use executive dashboards to generate weekly or monthly reports that provide a risk score index. This index helps us identify areas needing attention and understand the teams' focus. We then share this information with IT senior management. In addition to our reporting, we receive a monthly report that allows us to compare our current status to the previous month's and highlight new challenges, team weaknesses, and ongoing efforts. This comprehensive view enables the executive team to monitor the team's continuous progress.

We utilize the risk index feature to monitor and mitigate potential environmental risks. One example of this is how we proactively worked to reduce the risk index score of a recently acquired company. Their antivirus product was expiring, so we opted to purchase additional licenses for our existing Trend Apex One product suite instead of renewing it. However, this integration significantly increased the risk index score due to numerous previously unmanaged devices on their network. To address this, we systematically worked through the risk index list, identifying outdated software and determining if it was still in use or could be safely removed. By leveraging the risk index in this way, we successfully lowered the score and ensured the secure integration of the newly acquired company into our environment.

It took some time to fine-tune Trend Vision One before realizing its benefits. A significant concern was integrating it into our virtual environment, a complex process. However, we gained significant visibility once set up in our VDI, leading to further adjustments. We fine-tuned the environment, removing unnecessary elements, which is especially crucial for our non-persistent VDI, where VMs reset if anything goes down. Through these tweaks, performance improved, and the extra visibility provided by Vision One highlighted areas needing attention, allowing us to optimize the environment gradually.

We use Trend Vision One within Azure, expanding its monitoring capabilities to both on-premises and cloud assets, including Active Directory, which is synchronized from our on-premises environment. This hybrid setup covers assets locally and in the cloud, including Office 365, and Trend Vision One effectively manages security across this environment. It has simplified the process, particularly for virtual environments, providing enhanced visibility and flexibility compared to previous products. The additional visibility has been invaluable, enabling us to address previously undetected vulnerabilities and mitigate risks.

During XDR and managed services pen testing exercises, we identified some weaknesses. They were able to automatically crack some accounts. As soon as one system was breached, the managed services team contacted us, escalating until they got a response. We could see their process in action - their steps and what they did in the backend. We provided them with details about the events and the ongoing pen test. It was an excellent test to see that the managed services worked as intended. There was a breach; they asked if we were aware and stated they would isolate the device if we weren't. We acknowledged we knew about the ongoing pen test. Throughout these exercises, they reached out immediately, demonstrating their focus on alerts, their process for triaging them, and their communication with clients.

The attack surface is directly related to exposure and risk. Any identified vulnerabilities, such as outdated software like older versions of Office or Google Chrome products, are flagged immediately. We use third-party solutions to address these issues across all workstations. Whenever we detect internal or internet-facing exposure, we prioritize remediation based on criticality. External-facing vulnerabilities are patched first, as they pose a greater risk than those affecting only internal assets. We rely heavily on exposure risk and risk index to determine priority and ensure the most critical vulnerabilities are addressed first. This helps us identify blind spots in our environment. Take the new acquisition as an example; many devices were unprotected and lacked crucial Windows updates. Numerous products and workstations required immediate attention. Security wasn't the initial priority, so we addressed that and ensured it became one. We implemented numerous changes with acquisitions to align them with our security standards.

Trend Vision One has significantly reduced our mean time to detect and respond to threats by 60 percent. It centralizes all information, enabling us to identify and address vulnerabilities quickly. For example, if we discover multiple devices running an outdated version of Office 2013 missing patches, we can easily compile a list of those devices and share it with the responsible team for remediation. This visibility allows us to proactively address weaknesses across the network, such as deploying updates or the latest release of third-party software to mitigate risks. Trend Vision One has been instrumental in enhancing our overall security posture.

The managed services significantly reduced the time we spent investigating false positive alerts. In uncertain scenarios, we consult the managed services team. If unsure about anything, we use the AI companion for questions. If we encounter an unfamiliar flag or event, we research it independently and involve the managed services team's professionals for deeper investigation.

We have implemented some automation but haven't fully explored its capabilities. We have a few playbooks for tasks like blocking user access based on IP addresses or email content. Since we use Office 365 in the cloud, there's also a lot of automation for handling incoming emails, such as blocking and sending alerts. While we've used playbooks to a limited extent, there's potential for further automation, and we plan to explore this further.

The most significant recent change has been the addition of the new AI companion. This feature has proven invaluable, especially when integrating with third-party products or resetting the dashboard, as it provides detailed step-by-step guidance. In fact, we were able to resolve all issues independently, without needing to contact support, thanks to the AI companion's comprehensive answers.

The only downside to Trend Vision One is its complexity. It's a comprehensive product covering a lot of ground, which can be a little intimidating initially. The user interface, in particular, can take some time to get used to, with menus that could be better organized and a dashboard that could be more user-friendly. Due to the sheer complexity of the product, navigating and familiarizing oneself with the environment requires some effort. While the initial learning curve might be steep, the product's vast capabilities justify the time investment.

I have been using Trend Vision One for two and a half years.

I would rate the stability of Trend Vision One nine out of ten. I haven't experienced any crashes or issues in the last few years since we started using the product. While there are occasional upgrades and minor changes that require adjustments, the overall stability is excellent. We have no complaints, especially considering the VDI environment, our primary focus, has been running seamlessly. The lightweight agent minimizes resource usage, further contributing to smooth performance.

I would rate the scalability of Trend Vision One nine out of ten. We successfully scaled it up by adding approximately 250 workstations and deployed the product within a week. We replaced their previous product, scripted everything, integrated it into their on-premise servers, and deployed the agents. The 250 additional assets were integrated within two or three days, providing complete visibility in the dashboard. The team then took over and identified any weaknesses. In summary, scaling up and adding 250 workstations was easy to implement.

The technical support and service are excellent. After our new acquisition, we encountered a few issues that we hadn't seen in our environment compared to theirs. Through troubleshooting, we determined that the problems weren't caused by the product itself but rather by corruption in specific systems. We systematically worked through the other products, disabling them one by one. The troubleshooting experience was excellent, and we reached a resolution within a couple of days of contacting support. They were very professional and provided direct answers, resulting in the issues being resolved correctly and in a timely manner.

Positive

In the past, we have used a few different products, including Sophos and Cylance, which we have used for the past couple of years. We also used Trend's older products, like OfficeScan, about eight or nine years ago. We eventually moved away from those products due to their lack of AI capabilities. After trying other products, we returned to Trend with Apex One and Vision One. We've been happy with the product, and its virtual environment capabilities were a major factor for us. Trend has consistently been the best performing product for us, so we decided to continue using their products with Trend Vision One.

The initial deployment was straightforward. We leveraged our existing products to force and uninstall the previous product, opting for a custom scripting approach rather than standard GPOs or internal solutions. This allowed us to uninstall the old package and ensure the new installation was reflected in the dashboard, streamlining the process and enabling us to proceed seamlessly to the next phase. Overall, the deployment was straightforward from our perspective.

We deployed Trend Vision One during COVID, which took approximately one and a half weeks because the server side required additional fine-tuning for all the exclusions.

We implemented the solution in-house. We repeatedly reached out to obtain basic information and guidelines on the VDI component and the virtual environment, specifically regarding steps for managing the virtual environment when closing a gold image and imaging numerous workstations with a single image. Due to the complexities involved, we requested documentation. However, our internal team completed the entire deployment with limited support from their support team, following the provided instructions.

The pricing is fair compared to other solutions. It's within the price range we're looking at for a single endpoint, and fair pricing is important to us.

I would rate Trend Vision One nine out of ten.

The Trend Vision team handles all maintenance on the SaaS backend. Internally, we only need to update the VDI environment occasionally because it's a non-persistent VDI, meaning it's locked down and reverts to its previous state upon reboot. We periodically open the gold images to perform maintenance, update signatures, and force program upgrades, but this is only a monthly task. So, we spend minimal time managing the solution.

Before implementing Trend Vision One, ensure you gather comprehensive documentation. Adhering to the guidelines will streamline setup, and any queries can be resolved using the efficient AI companion. Users can pose questions or access documentation directly from the Trend website. Initially, focus on familiarizing yourself with the dashboard, risk indexing, and the executive dashboard. Explore the product, ask questions, and continue experimenting and seeking assistance once deployed. The process is straightforward once you've had the opportunity to explore the system thoroughly. The primary challenge is becoming comfortable with the interface and navigating its features effectively.

It's a perfect tool for monitoring infrastructure, including endpoints, servers, and potential attacks via networks. That's especially true for internet-visible hosts, which we can monitor directly from the tool.

We had problems with users not using legitimate tools, such as pendrives. We needed to protect hosts from external threats and third-party actors. That included monitoring behavior, scanning our infrastructure, and exploitation of vulnerabilities.

The solution has enabled us to completely reorganize our work. I was the first person using this tool in our company, and I completely changed user behavior to become more restricted. In Poland, but also in the United States, we are very strict about abnormal usage of our tools or attempts to download tools that shouldn't be on desktops, laptops, or servers. From my point of view, we are now a completely different organization than when I joined it. Trend Micro is one of the most important security tools we have implemented.

We don't need to use an external vulnerability scanner because Trend Micro XDR has a module for that, and we can save that money.

Trend Micro's Managed XDR is quite nice because I can manage more than 2,000 endpoints. I use the playbooks with particular scenarios for incident management. It's a very nice tool. It competes with anyone on the market. Sometimes, when we detect some kind of threat and we have no idea how we should investigate, troubleshoot, or mitigate the risk, we use the managed service team with Trend Micro engineers. I'm very happy with this team. They are very good professionals.

We respond much faster thanks to the intelligence used by Trend Micro. They have very good knowledge because they have many threat sources. That is why we are reacting much faster than we would if we had to dig deeper without that knowledge and this tool. It would be absolutely impossible to manage this infrastructure by a single admin or even two security admins. We are able to detect and respond about 80 percent faster. It's not only the monitoring and alerting for classic signature threats; there is also a tool for monitoring user behavior. It would be utterly impossible to find abnormal user behavior without this type of tool.

And we have mitigated most of the false positives—more than 90 percent. About one out of 10 alerts may be a false positive. In the beginning, we had to learn about Trend Micro, what was a legitimate action and what was a suspicious or malicious action. We had to learn what the right approach was.

This product is simple to use. Sometimes, especially when new features come out, I need to spend a little bit of time discovering how they work. But overall, it's simple. The interface is quite nice.

The integration is also nice because there are many external tools that we can connect to the platform, such as configuration management tools. Because the platform is integrated, I can manage almost the whole company across our global organization. I can almost manage the infrastructure alone. We have minimized the need to expand our team.

It also handles vulnerability management.

We use Trend Micro to cover endpoint protection and server protection. That's one of the key points for our company. And Trend Micro Vision One absolutely gives us centralized visibility and management. Especially when we integrate it with Active Directory, we get full visibility of our endpoint and server infrastructure. That is very important; a 10 on a scale of one to 10.

We also use the solution's Executive Dashboards. We present the findings in steering committees periodically. Sometimes, there is a repetitive alert or event. Directly from this dashboard, I can see the groups of this type of event. For me, it's quite a nice tool for presenting the results to the C level and the whole company for those who are not technically experienced.

And especially because of the new European regulation called NIST 2, we are using the solution's Risk Index feature. We calculate our risk score and we can see how it is changing in the timeline. Is it growing? Is there a new vulnerability detected? We can also compare our risk score with organizations of the same size or in the same industry and see if we are better or worse.

The area for improvement is mobile security. We have just finished a proof of concept for Zero Trust Secure Access. We withdrew from this PoC because it does not have that many points for proxy across Europe. Our organization is across Europe, and it will be nice when it is possible to have Trend Micro proxies across many more countries. At this time, they are only located in Germany and the UK. For us, it's not enough. We are waiting for them to increase the points of contact, and after that, we will return to this project. 

From my experience, it was quite a nice tool, and I could manage almost all of the actions that I could not manage in a traditional way. Traditionally, I could allow or block usage of an application. But using the Zero Trust Secure Access tool, I could manage the schema of the usage. I will wait for this tool to change in the next few months.

I have been using Trend Micro XDR for almost 20 months.

It's a stable product. We haven't detected any issues other than the false positives, but that's normal.

We use it in multiple locations because our company is spread across Europe and Asia, as well as the United States and Canada. We have more than 2,000 users, and the solution covers 400 or 500 assets.

If our company were to increase over two to three months to 10,000 users, it would not be a problem. We have the ability to extend as we scale our users. It's very simple and absolutely flexible.

Their technical support is nice. On a scale of one to 10, it's a 10. They respond fast using email, phone, and the customer service portal.

Positive

I used competitors' tools, Secureworks, as well as Carbon Black. These are nice tools, but they are very heavy to implement and heavy on daily operations. Trend Micro is much better, much more flexible, and I have much more visibility. It is a cost- and time-saving tool.

Our deployment is a hybrid. We have advanced our implementation a lot. The first implementation was only one of the features called OfficeScan. That was a few years ago, and the implementation was in the United States. After that, we moved forward with the implementation across servers and endpoints, including Mac and Microsoft endpoints.

The whole project took about three months, with the custom discovery and the fine tuning. We had two people involved, one in Europe and one in the US.

Sometimes, maintenance is required if there is a new feature. It needs to be restarted. But this function is done by Trend Micro engineers because we are using the XDR in the cloud. We don't touch it. There is maintenance on our side for Deep Discovery because that part is an on-prem solution. But it's simple to manage.

They are implementing new tools, like Trend Micro Apex One and DDI. They are ready for implementation on the console, and we are waiting to transition to these tools.

For the new features, I prefer doing a proof of concept, like we did for the Zero Trust Secue Access platform. That was a good move because we saved time when it came to resolving issues on the user side. We had a few users in every department, and we tried to discover what would happen if we implemented this tool. That is my approach to being safe with such products. We can do things without any technical training and can disconnect users around the world using one switch. For new features, I'm a big fan of using a proof of concept.

Our infrastructure utilizes Trend Vision One for endpoint and cloud-based security. While all our endpoints are cloud-based, allowing us to deploy Trend Vision One in the cloud, we also maintain endpoint-specific protection. Currently, our network infrastructure is not fully integrated with Trend Vision One. The platform primarily monitors our backend infrastructure and provides initial response capabilities.

I implemented Trend Vision One to consolidate log inspection, integrity monitoring, intrusion prevention, and application control into a single platform, eliminating the need to switch between multiple applications.

Trend Vision One provides centralized visibility and management across protection layers, which is crucial for compliance. It allows us to show audits of what’s going on and keep all evidence in one place. This centralized visibility has improved our efficiency, as it means just one login is needed to complete all necessary tasks, maintaining focus and reducing distractions resulting from multiple sources.

The Vision One executive dashboards effectively communicate our company's overall security posture by providing a clear risk overview. Executives appreciate the simple visual cues, with green indicating low risk and yellow signaling high risk, allowing for quick and easy understanding of our current security status.

I immediately recognized the benefits of Trend Vision One because, unlike our other security applications, it provides comprehensive visibility.

I utilize Vision One's risk index feature to assess our organization's risk level and benchmark it against our peers. This comprehensive evaluation allows us to understand our current risk profile, identify areas for mitigation, and determine acceptable risk thresholds. The risk index feature is essential to our business operations.

Attack surface risk management helped us identify blind spots in our environment and provided detailed remediation strategies. This works as a second pair of eyes that helps look for vulnerabilities, which in turn improves our security posture.

Trend Vision One improves our detection and response times by identifying vulnerabilities and summarizing mitigation strategies.

Trend Vision One helps reduce the amount of time we spend investigating false positive alerts by 80 percent.

I love Trend Vision One for its robustness, allowing us to deep dive into a lot of information. The Trend hunting feature is beneficial, providing the opportunity to investigate and see what's happening, using frameworks such as MITRE ATT&CK to analyze logs. Its risk index feature allows us to see risk status quickly and provides valuable insights into our security posture.

The only issue I have with Trend Vision One is the credit structure, which is confusing. An easier way to understand the credit structure would be helpful.

I have been using Trend Vision One for over five years.

Trend Vision One is stable and does not crash. In my experience, it has not shown any instability issues.

Trend Vision One is scalable. We can increase or decrease according to needs, although pricing changes when scaling.

Trend Micro's support response time can be slow. The quality of assistance varies depending on the issue. However, reaching qualified technical engineers can be challenging due to lengthy escalation processes.

Neutral

I've used many alternatives before, like Avast, SonicWall, and Mimecast. These alternatives don't have all the integrated features of Trend Vision One, particularly the server and workload capabilities.

The initial setup required deep diving and using resources such as help centers. Despite not being straightforward, it was manageable.

The deployment took three days.

I implemented Trend Vision One in-house with the support of team members, using resources like software guides and videos.

Trend Vision One is an expensive product.

I would rate Trend Vision One eight out of ten.

The most significant security challenge we face is zero-day attacks, which exploit vulnerabilities unknown to us. While Trend Vision One provides some protection, it cannot catch all zero-day threats, leaving us potentially exposed. This inherent vulnerability in our security poses the greatest risk.

Trend Micro handles most maintenance, but we are responsible for installing agent patches on our servers.

New users should understand that Trend Vision One is different from other solutions they might have used. Reading and fact-finding are crucial. They must ask the right questions.

We rely on Trend Micro Vision One as our Extended Detection and Response platform, leveraging its capabilities for endpoint detection and response across our entire IT environment.

Trend Micro Vision One boasts a good detection rate thanks to its data lake analysis and frameworks like MITRE. This helps minimize false positives, ensuring alerts are truly security threats. While no platform is flawless and occasional false positives can occur, Vision One's detection is effective for our use cases.

Trend Micro Vision One doesn't have a separate module for advanced threat protection. Instead, its standard endpoint protection, formerly Apex One, includes features like real-time scanning with advanced telemetry collection to identify and prevent unknown threats. These features go beyond basic signature-based detection and offer advanced actions like specific file quarantine or cleanup thanks to machine learning capabilities.

Trend Micro Vision One uses real-time machine learning to detect ransomware, a critical tool since cybercrime is increasingly focused on extortion. While ransomware isn't new, its prominence in news reports makes it a major concern. However, even though it's widely reported, it may not be the biggest threat. For healthcare organizations especially, protecting patient data from being leaked and sold on the dark web is paramount. This is why using tools like Trend Micro Vision One is crucial.

Trend Micro's Vision One simplifies security management by offering a unified console for threat detection, investigation, and hunting across all security layers. This replaces their previous approach of separate consoles for different products like cloud app security and Cloud One, eliminating the need to switch between consoles for a complete security picture.

While telemetry data offers valuable insights into identity access, endpoint detection, and threat intelligence, doesn't provide complete visibility. There's no access to firewall logs or built-in network access control. However, the platform's strength lies in its advanced features like intrusion detection and integration capabilities, allowing for threat hunting and sharing data with other security solutions.

Vision One uses two methods for endpoint detection. The first is "active update," where devices connect securely using port 443 to the cloud to download the latest signature data every 12 hours, ensuring they have up-to-date protection. This eliminates the need for on-premise signature updates.

Vision One is user-friendly with clear navigation, but its wealth of data can be overwhelming for new users. For example, telemetry can be complex, and some alerts might go unnoticed by inexperienced users who lack the necessary skills to interpret the data effectively. This isn't a flaw of the product itself; it's simply a matter of needing the right training and experience to get the most out of it.

Vision One, while easy to manage, requires significant upfront investment when building a platform from scratch. Configuring agent deployment, servers, and third-party integrations, takes many hours and there's no perfect out-of-the-box solution.

While initially considering Trend Vision One as just a replacement antivirus solution, we realized its extended detection and response capabilities offered more than just basic endpoint protection. XDR allows for collecting telemetry data beyond signatures, enabling us to identify threats like suspicious file activity, lateral movement, and potential command-and-control communications. This provides a more comprehensive security posture compared to traditional antivirus solutions and helps reduce our workloads.

Our organization utilizes the full range of Trend Vision One features, excluding tipping points. This includes attack surface risk management, XDR threat investigation, endpoint, cloud, network security, and email protection. This full security posture positions us well for our future security roadmap.

Trend Micro Vision One requires significant customization to fit our specific needs, which increases the administrative burden. While the wider data collection offers a broader security net, we don't utilize all its services (e.g., Okta integration). This necessitates manual log ingestion from Azure (e.g., anonymous logins, suspicious tokens) and additional verification using separate tools like Azure for risky sign-in detection and IP vetting, making it a more hands-on security solution.

Trend Vision One has some usability issues. For example, extracting browser history for forensic analysis is cumbersome. The platform parses the history file but then doesn't allow exporting the data, making it difficult to share findings with managers. Additionally, the lack of a Network Security Installer for endpoint agents is surprising, especially considering servers have them. The feature request process, relying on a community voting system within a product portal, seems inefficient. Overall, improvements in data consistency and user-friendliness would be beneficial. 

I have been using Trend Vision One for two years.

Despite having several open support tickets with Trend Micro, I'm impressed by their exceptional customer service. Unlike Microsoft, they proactively reach out by phone to resolve issues quickly. This personalized approach makes me confident we'll get everything sorted out.

Whenever I encounter an issue, technical support is fantastic at providing a root cause analysis, which helps me understand the underlying problem and document it accurately for leadership.

Positive

I wasn't involved in the initial Trend Vision One deployment, but I heard about performance problems. While my team deployed the product itself through SCCM after enterprise approval, the agent caused high CPU usage due to configuration issues. Now, from my new perspective, it's clear these problems stemmed from deployment configuration, not the product itself.

Trend Micro recently switched from a license-based pricing model to a credit system, which caused some initial frustration during my renewal. While I've spoken with their leadership about the credit system's functionality and potential improvements, it still feels unconventional even though I'm now more comfortable with it.

I would rate Trend Vision One eight out of ten. 

In our organization, the IT department has a collective decision-making process for product procurement. During the proof of concept calls, a group of 30 IT professionals evaluate vendor presentations, like, Microsoft partners showcasing Windows Defender. They consider features, budget fit, and individual preferences before voting on the best option. Leadership then finalizes the purchase. While I, the senior security team member, have no direct influence on product selection like Trend Vision One, I significantly impact its functionality. I work directly with Trend Micro, providing daily suggestions for product improvement within the platform.

Upon taking control of Trend Vision One, I identified several areas for improvement, including integrating custom data feeds like taxi data, deploying agents in different ways, and collecting telemetry data specific to our environment e.g., Office 365 data. Since Trend Vision One doesn't natively collect everything, and tailoring it to our needs involved significant effort e.g., setting up DLP rules for email and collaboration, I'm unsure about its initial impact without customization.

While a patch exists for the vulnerability through Tipping Point, we don't have it, our existing intrusion prevention/detection rules within our server and workload protection system offer some mitigation. A specific module in this system is being configured to address the CVE and potentially protect our assets even if a patch isn't applied.

Trend Vision One is a great cybersecurity platform that requires upfront effort to set up but offers comprehensive protection for your organization. While it has room for improvement, the developers are actively adding new features like cloud scanning and AI-powered detections, demonstrating their commitment to innovation. This ongoing development ensures Trend Vision One stays relevant and effective in the ever-evolving security landscape.

Each component that we have purchased from Trend Micro has its own unique value set. But as CISO, the most excitement in my day is when a Zero Day initiative lands. It's one of those things that, by nature, you're generally not prepared for, and the initial reaction of the security team was, "What are we going to do about this?"

When that happened, I suggested we look at our Trend Micro IPS and see if there are any vaccines related to the particular Zero Day, and there were. We enabled those vaccines and we could see, using the ExtraHop appliance, that the issues we were seeing before had been remediated. That particular experience was a predictor of what was to come. Since then, on almost every occasion, we have had a mitigating response in our arsenal to any type of Zero Day attack before the attack actually occurs.

And even when we got into a situation like Log4j and there wasn't anything in our arsenal to deal with it, we called Trend Micro, and they said, "Yeah, we're delivering it right now, but you'll have to install it manually." And I was thinking, "I'll install it while upside down if I have to, but the bottom line is just get it over here." We deployed it and—problem solved. I believe they own that VDI initiative and it's really good that they're so close to it. That is something that has really really made my life a lot easier. Running around with your hair on fire is not fun.

In essence, it has allowed us to get a handle on our security initiatives and planning, and construct security over the long term. We've been working with them for at least ten years.

Their toolset integrates well with our existing infrastructure. It integrates well with our AT&T AlienVault SIEM.

Another piece that makes Trend Micro kind of unique—and I could see where they might have had a problem kicking the whole thing off—is that they were one of the companies, early on, that spent a lot of time integrating their toolsets, and I was really impressed with that. That meant the endpoint management system could reach out to the Deep Discovery system on the network and pick up something that it perceived as a suspicious object. It could then sandbox it and monitor it. If that suspicious entity reached out for command and control or did something nefarious, the endpoints would be alerted and would start getting rid of the problem.

The issue this addresses—and it's one of the most important issues—is that you really have to consider automation and be conscious of it. Because when the stuff hits the fan, you're not necessarily fast enough, as a human being, to get everything done the way it needs to get done—and document the process.

You might not think about that last piece so much when you start doing security engineering. But when you get into a big healthcare company like ours, there are audits going on all the time. The auditors will want to pick out two or three events that you've dealt with and say, "We want to see the audit trail," et cetera. As a result, there are advantages to the integration of Trend Micro's disparate toolsets.

Trend Micro has worked very hard on making their toolsets, like IPS, Deep Discovery, Deep Security, et cetera, talk to each other and work together. And they're still doing it today.

They have made their IPS an application rather than an appliance. You install it on the endpoint, which is a server in your data center, and it will actually configure it to a minimal standard. That means the applications and the version of the operating system you're running, right down to the colonel version, get only the tools installed that are needed for that particular instance.

They minimize the installation because they don't want you looking for bugs and indicators of compromise that you're not in a position to experience because you're using an operating system that isn't vulnerable to them. That gets rid of a lot of overhead when it comes to server management. They keep in mind that these are servers that have a job to do. They're not just desktops, and if they're eating up a lot of the CPU, that's bad for us because we're out to do business and make money. We've never had a problem with them. It's really reliable, once you get it set up.

When you deploy these tools from Trend Micro, the integration and getting them to work together, are among the more difficult pieces of the puzzle. But when you get that set up and working, you're glad you did.

When you manage a security department for a number of healthcare organizations and deploy security into their environments, they want it done today. And they certainly don't want to be bothered with it over the course of a few weeks. We've been in our Cloud One migration for a couple of months now and it isn't our only project. We've got a lot of things going on here and at our subsidiaries, for which I'm also the CISO. It's very busy. We don't have time to sit down and work on projects just for the sake of having the resources to work on them.

When we invest the time to integrate disparate resources, appliances, and applications, we do so with the idea that we're going to get something out of it that is worth more than what we put into it. In each and every case, that's what has happened with Trend Micro.

Still, a lot of folks I know have adopted their technology but have not integrated it. The endpoint management tool sits on the endpoint and manages it, but it's not fully integrated with, for example, the sandbox. So it would be nice if they could simplify the integration process. And I would like to see better documentation.

Another point is that, with Vision One, there were issues that we experienced with the IPS and EDR technologies when we first got it. We had some difficulties figuring out how to make it dance. Once we figured it out, we were okay.

The remediation they put in place for that was to increase the number of presentations they did on the software, presentations where they answered questions. We attend one about every two to four weeks with Trend Micro to go over things, and it's not just us. There are 70 to 100 people in those meetings. They figured out that, while it's okay to build reasonably complex systems, at some point you have to pass the knowledge along to the end-users. That's not always easy to do. Most companies operate under the mindset that, "Well, we understand it, why don't you understand it?"

We started the integration of Trend Micro Vision One three or four years ago.

Trend's gear is very stable and reliable. In this business, it almost has to be because, if your system goes down frequently, you just don't have time to mess with it. In the years we've had their IPS deployed, and that's a complicated product, we may have had one or two failures. And as I recall, it was something in a power supply. If your primary failure is something to do with a power supply once every ten years, you're in good shape.

It's the same thing with all of their technology. The way they design it, just keeps running and that's not necessarily always the standard in the industry. For example, I finally had to abandon IBM's IAM solution because it was so bad. It would just break. We don't have those problems with Trend Micro. Their stuff just works. It's really good and well-designed.

It's reasonably scalable, but remember that, as you're scaling out, some of the components need to be scaled while other components just need to be reconfigured. You don't want to be paying for what you don't need, meaning you don't necessarily have to double everything. When you scale out, you have to give it some thought.

Their tech support people are better than most. In my career, I have seen it all. But Trend Micro support is really good. They're the best vendor I have for support.

Anytime we've had an issue with their gear, they have been prompt and have gotten on it and gotten it fixed. And if they can't fix it, they replace whatever they have to replace.

Another aspect with Trend Micro that is really good is that they listen to what you say. If you come up with a use case that they don't currently have, they'll add it to their repertoire and, a couple of updates down the road, there is that tool you needed. It's just a well-driven and well-run company when it comes to that side of things.

For example, in the beginning, using the dashboard was a little bit tricky. But the cool thing they did was to hold biweekly meetings on it. They would not only go through use cases, but at the end they would ask, "What else would you like to see? How would you enhance this?" Once the CISO community got a hold of that, they were coming with their guns loaded and saying "I'd like to see this and I'd like to see that." And Trend Micro started knocking out the ones that made sense. As of today, it's a completely different ballgame than it was back then. They're constantly upgrading their platforms.

And they don't absolutely have to do large releases to get things into the users' hands. They'll build something out and say, "Hey, we've included this. Try it out and let us know what you think." Most companies would say, "That feature will be in Release 5 and not until that release. Release 5 is slated for May, but it probably won't be out until October." Trend Micro is not like that and we appreciate that.

Positive

We go back quite a way with Trend Micro. When I first met with them, it was a sales guy at Torrey Pines resort who was meeting with individuals. A bunch of CIOs and CISOs were brought together there and put up for a few days to meet with various salespeople. It was a "getting-to-know-you" event and I did it every year. One of the sales guys was from Trend Micro and I didn't know anything about them but I was impressed with his presentation. I thought to myself at the time, "Keep this one in mind. Think about this a little bit."

About a year or so later, when, at the time, we were using the IBM endpoint suite, IBM decided to take it down. It had about five different toolsets, one of which was IBM BigFix, which is a patch management solution that we still have.

They said that if you want to replace them with what was called, at the time, Trend Micro OfficeScan, you can, and we did. When we migrated to OfficeScan to replace the endpoint piece, we realized that the other IBM pieces were all up in the air except for BigFix. We then just blocked out IBM tools for Trend Micro tools, component by component. That worked out really well for us because the Trend Micro toolset was a lot more comprehensive than the IBM tools. And it integrated well with our BigFix infrastructure. It all just worked together. It was a no-brainer. Trend Micro built much better security systems than IBM did.

Once we had OfficeScan in place, we started talking about purchasing an IPS. I generally do a proof of concept when I'm going to purchase something. Trend Micro's TippingPoint IPS system was included in the eval. What I found is that it's not only the best product, but it has the best product support and that really makes a difference.

We're using Trend Micro on just about every front that they work on. They've been a tremendous partner for us, really good.

When we first kicked off the security department here, one of the problems we had was that we were chasing malware up and down the wire. We had McAfee endpoint management software and antivirus at that time, but we couldn't run it because, if we did, it would eventually eat up all the CPU and tip over the desktop.

We were looking for a replacement for that. We took a look at Trend Micro's Vision One technology and we found that they were deeply interested in what they refer to as attack surface management. It integrates the Trend Micro EDR tool that we had and turned it into something that can trace backwards. It could not only detect that an event had occurred, which is what we used to get, but now gave us information about what led up to that event. What sequence of events happened in our platforms that led up to it? We could trace it backwards, and that's the XDR component. They replaced the EDR component and that's when we got into business with Vision One.

Since then, we have deployed the Deep Security and Deep Discovery components. in addition to their IPS TippingPoint and their endpoint. We also have their email security solution in place.

The Deep Security toolset sits in your data center on every server instance you want protected. The operating systems Trend Micro supports are Windows, Linux, Solaris, and AIX. And what do we deploy in our organization? Those four operating systems. I thought, "That is like a message from God himself." I was taken aback by that.

And right now, we are migrating into their Cloud One environment. That takes it to the next level and allows us to take advantage of the analytics that exist in the cloud without having to set up all of the infrastructure to support it. Everything we have remains as is, on-prem, but everything now reports up to the cloud, and that information is enhanced and further aggregated into more meaningful data, which then comes back down into our purview. That's what the Cloud One approach is all about.

They are a pretty cool company and they're really well organized and well managed.

The initial deployment is always the toughest because you've never done it before. You're going to run into issues that you aren't familiar with. As you go from OfficeScan to Apex One, to Vision One to Cloud One, it gets easier every time you do it because you know what's coming.

By then, you already have an established group of people who support you, and who have been supporting you for some time. You're familiar with working with them, you know what to expect and how things are going to roll forward. And you pretty much know what the time frame is going to be. That part is all good.

Vision One is on-prem. We started building data centers a long time ago and I had the honor and privilege of doing that. We built out redundancy at the data center level so there are two of everything. And then you think, "Well, what happens if something happens to the data center?" So we built another one. And then we realized we wanted it somewhere else because we get enough earthquakes in Southern California to know that nothing is safe here. As a result, we built one out in Arizona and we mimicked what we had here and then whammed it all together. So we can fail over here or to the Arizona facility. We essentially have two private clouds that we manage. That got us to where we were about a year ago.

And then, suddenly, there was the idea of moving up into the cloud. We did start working with Azure and AWS to move items into the cloud, but there were some issues with that too.

For example, if we build out a big piece of infrastructure in our data center, we purchase the hardware and then deploy it. All of that hardware is CapEx and you can write off the cost of most of it over a period of years. When you move into the cloud, you don't get that break, and if you're taking advantage of somebody else's infra, they're going to be charging you for that service. While I'm no expert on the cloud, we have put together some cloud-based applications, but, from a financial standpoint, it is really expensive. You don't get that CapEx back into your pocket like you do when you're putting together your own data centers.

Our management still wants to put more stuff up in the cloud, so we'll continue to do that, and Cloud One allows you to do that with the workload security features.

We did it all in-house. I found someone who had already worked in security, within our company, and brought him onto my team. If you can find somebody who has already done this job and understands it, then not only can you have them deploy it immediately, which takes that piece off the table, but they are in a position to start learning other things because they already know the infrastructure that you're deploying really well. At every opportunity that I had to grab somebody who already had experience, and was good with what they did, I did so. It helps to get experienced people.

I've always felt that automation and the integration of platforms were going to be the key to this. 

The reason I felt that way was that I didn't go into security when I got out of school. I was fortunate enough to get a job at the NCR Systems Engineering division. I built and designed microprocessors, and then I built operating system software for the microprocessors. I was exposed to a lot of what's going on in the bowels of the beast. Although the beast changes from company to company, you have an idea of what's actually going on.

I then started my own company and what I learned was that integration of elements is key to your success, as was automation. You need to automate solutions because you don't want a bunch of people trying to fix things if you can automate things and take care of problems.

When we look at the logs from the IPSs, for example, they're blocking hundreds of thousands, and sometimes millions, of packets a day. If we were allowing those packets in, I don't know what would happen, but I don't think it would be good.

Also, I don't have a big staff under me. The idea that, as a chief information security officer, you're going to get a couple of hundred people to go work on things is just not going to happen. So you really have to set things up and configure them for automation, and any kind of alerting has to point to the problem rather than tell you where to start looking.

They have a new pricing method and we haven't been pulled into that yet, which I'm grateful for. It's tough enough dealing with dollars, but with their new solution—and I'm not up on it because I haven't used it yet—you buy tokens or some kind of points and you purchase things with them. We haven't gone there. We stayed with what we had.

From a pricing standpoint, they're a really good negotiator and they'll work with you. At the first Trend Micro conference I attended, there was a presentation to their sales team and they were told, "Do not worry about making money. Just make our clients happy, and the money will come." They're good at that and a lot better than most companies. It's always good to have a good partner.

We looked at the new stuff that IBM was coming out with, which wasn't that new, so they didn't get very far in our evaluation. We also looked at McAfee and another company that was a startup at the time, although I don't remember its name.

I had three or four vendors in for PoCs, and I asked each one of them for someone to support the effort, and to give me about a month. By the time I was done, I not only got the best product, but the best vendor too. The support has to be there during that process or they're not going to win the day. Some of them were as bad as, "Here it is, let us know how it fares." And I was thinking, "Well, I may have a few questions between now and then. I hope somebody is on the phone to answer them," but you don't always get that luxury. But Trend Micro was really good and that's why I stuck with them.

Trend Vision One functions as our XDR solution. I spend considerable time within it conducting reconnaissance on any security incidents requiring investigation. This tool allows me to quickly search for information that might be difficult to locate using our other tools.

We implemented Trend Vision One to improve our security posture by creating multiple layers of protection. This tool addresses security gaps our existing solutions, like Defender, may miss, providing deeper insights into potential threats.

We have implemented the product on both our cloud environment and endpoints. While we utilize a different Trend product for email, we also leverage Trend for this purpose. Trend's complete coverage is invaluable, as it centralizes data that would otherwise be difficult to locate, and its robust search function has been instrumental in our decision to continue using the platform. Although our organization is always exploring alternatives, the all-in-one nature of this solution has proven highly effective for our needs.

Vision One offers centralized oversight and control across our protective layers. It provides valuable insights into our various Trend applications, though its visibility into other layers is understandably limited. This limitation isn't a concern at this time.

Vision One has significantly improved our efficiency. For example, we recently faced a critical situation where a rule change on a client-server posed a potential security breach. Using Vision One, we quickly identified the employee responsible for the shift and resolved the incident without an extensive investigation. This would have been highly challenging without the tool, as determining the culprit would have been much more difficult.

We've been using the risk index feature to try to chip away at the risks within the environment and identify the vulnerabilities that need to be prioritized because that's been one area that has been more invisible to us with the other tools.

Vision One offers a valuable new perspective on our risk profile. While we receive reports from other tools like Nexus IQ, Vision One's unique risk classification and ranking system allows us to prioritize issues differently. This enables more informed decision-making as we can identify risks that other tools might underestimate. We've fully leveraged Vision One's benefits since our team's formation over two years ago. Though the tool existed previously, its impact was limited due to the absence of a dedicated team focused on its utilization.

It's able to detect things that other tools don't detect. We use a layered approach, so those tools have found stuff it hasn't detected. But that's to be expected. That's the goal of using the layered approach to it. But it's helpful because it catches things we might have been unaware of. Additionally, it might rank things differently than the other tools, and that's the same for this piece. And that can be very helpful for us to catch things we might have otherwise missed because it gives us that extra detail.

Trend Micro XDR has significantly reduced the time needed to detect and respond to threats. It offers capabilities that other security solutions lack, enabling us to address challenges innovatively. Additionally, built-in features such as insights and endpoint protection provide valuable tools that enhance our security posture compared to other systems.

Despite having a fifteen-year career in cybersecurity, I joined this role with limited hands-on experience. However, I quickly became proficient with Trend Vision One through self-directed learning, and my team soon recognized my expertise in the tool, making it a positive experience overall.

The Workbench feature is fantastic. It is so helpful to have something that pulls all the data into one visual representation of the events.

Vision One generates numerous false positives, forcing unnecessary investigations and highlighting a need for improved filtering options. A recurring false positive in our environment cannot be safely filtered, preventing us from ignoring it without risking overlooking genuine threats. This issue arises from a script that renames computers, which behaves suspiciously like malware but lacks a unique identifier within Trend for precise filtering. We cannot exclude the entire script due to potential exploitation by attackers who could embed malicious code within it, bypassing our security measures. While this scenario requires a targeted attack, the sensitive nature of our client's data, including threats from nation-state actors, necessitates a cautious approach to avoid compromising our security posture.

We want the ability to download and inspect emails from clients' mailboxes. Microsoft's platform supports this functionality, and we possess the necessary license. However, some clients lack the required license, prompting us to recommend Trend. If we could directly access and inspect client emails, it would eliminate the need to sell additional licenses to those clients, streamlining the process.

I have been using Trend Vision One for over two years.

Trend Vision One is stable.

As we've added employees and removed employees and added servers and removed servers, I haven't had to think about the scalability of Vision One. It has been very smooth.

We had a script that was not right and kept triggering false positives. I had reached out for help with that. The help I got took a lot of time to get responses. And in the end, they closed out the ticket I had opened without resolving it. I also found the communication experience to be rather frustrating. My biggest complaint about my experience with Trend has been the support. There's a lot of good to be said, but there's room for improvement in the support. The people were very polite, so I'm not giving them a five because that goes a long way for me. Having support that is snippy makes the experience significantly worse. So, I am grateful for that part.

Neutral

We used a Microsoft XDR in conjunction with Trend Vision One. The main pros for Vision One are that the interface is typically a lot easier and a lot less confusing. 

The overall experience of the interface is a lot more positive. The details I can pull out of Trend are much better than I can typically pull out from Microsoft. I'm able to get results that Microsoft doesn't seem to gather. The cons are that it's in such flux right now because they're moving all their other products into the Vision One console, which can sometimes make it a bit confusing. 

It can also mean that we're unable to access the tools we previously did as rapidly. For example, many of the Apex One stuff is now within Vision One. So we had to relearn how to do that, which cost us time during security incidents. And Microsoft does change things, but they typically change things by adding extra bloat. So that ends up being a con for Trend compared to Microsoft.

While I cannot confirm the specific return on investment for Vision One without firsthand data, I expect it to be positive, given our organization's tendency to quickly discontinue partnerships that fail to deliver value.

I would rate Trend Vision One eight out of ten. There is room for improvement, but with the tools I've used, Vision One is one of the better.

I don't do much regarding the maintenance of Trend Vision One, but I also know that because I get emails about stuff that goes down, it's relatively low maintenance compared to other tools.

We have Trend Vision One deployed across multiple locations internationally. Because the number fluctuates, we have roughly 1,500 to 2,000 users at any given time. Three people on our network team use Vision One. We have also used Trend products, other than Vision One, for a couple of our clients, which would expand those numbers significantly.

My experience with Trend Vision One has taught me many valuable details, and I strongly recommend that new users carefully review the provided documentation.

We use Vision One for antivirus, endpoint protection, and identifying misconfigurations in our cloud platform. It secures our servers and endpoints and detects any sort of malicious software or inappropriate user behavior. It's a cloud solution with agents on the machines for endpoint protection. 

Vision One gives us more insight. When we implemented the solution, we didn't have a mature security platform, so we couldn't see what was happening on our servers or what our users were doing. It has decreased our time to detect and respond. Initially, we didn't have as much insight into any attacks that came through. It gives us more data points to work with and guidance about the remediation efforts. We aren't dealing with eight or nine different systems to identify one issue. It's all centrally located in one place.

Their Managed XDR service acts as our security operations center. It helps us sleep a little better at night. We know that they can call us on the phone when a significant alert comes in after hours. It makes things more efficient because we know there's someone on the other side who can look at alerts for us and at least do the preliminary analysis if anything comes in. Multiple teams are notified when an alert comes in. We can allocate security resources more efficiently and plug more data sources into the Vision One platform. We don't need to dedicate personnel to continuously monitor the dashboard because we know someone is looking at it with us.

The platform has allowed us to identify blind spots and see where there are holes in our network. It suggests remediation steps in many cases.  There is typically a link in the documentation. That has been a significant benefit because it tells you what to do. For example, it might suggest running a command in the terminal to identify the issues or take x output and put it into y input. 

The solution reduces the time spent investigating false positives by around 65 to 75 percent. For example, when we are pushing out custom code, the workbench tells us the risk level. If it's 70 or higher, we check it out. At 69 or lower, it could be a false positive, so it might require some poking around. It gives us enough data in the alerts that anyone who knows the system could say, "Oh, that was me. I was running patches," instead of checking nine different systems to identify what triggered the alert. It's all there in the alert, including the hashes, commands, impacted web files, etc. We can instantly dismiss it as a false positive and flag it as resolved.

Vision One's playbooks help us save time but I can't say how much because we're still maturing those. For instance, we know what those patching commands look like, so we're working on a playbook to automatically ignore or close those false positive alerts as they come in. We're still trying to fine-tune those playbooks. 

I like Vision One's observed attack techniques feature. It lets you see what an attacker is doing, how they have tried to exploit a machine, or how malicious code is operating. It helps us discover indicators of compromise so we can write better rules for detection.

Migrating to the Vision One platform helped us because we no longer need to look at eight different screens to find data. It's all just consolidated into one location. Having everything in one place is critical. I've been in the industry for almost a decade now, and it's a struggle to find that single pane of glass for all my alerts, logs, and anomalies like random users clicking on a link or downloading a file. It's nice to have it all in one location. Having centralized visibility saves the time we would spend checking various systems to look for things. I can also correlate data points more effectively and make data-driven decisions about the remediation and mitigation of any internal or external threats discovered.

The executive dashboard is nice. It's consolidating all of the tools into the Vision One platform, giving you a high-level overview. Executives love dashboards and pretty colors. The ability to drill down into XDR detection from the executive dashboard his handy. I don't have to go fishing. We get an alert that says a machine did X, and I can fire it up. It's on the dashboard, so I can click on that machine, and it lets me drill down into the logs. It cuts down on the time required to do any kind of forensic analysis on anomalous alerts or behavior. 

The Risk Index gives you an overview of the risk and how it compares with others in your industry. It's nice to be able to quantify the risk, and it enables you to justify the spending on these tools to your executives by showing that it pays off. Also, if we start plugging in more data points and the risk score goes up, we can conclude that there are some issues with the new data source that we just hooked up to our platform. The goal is to have a risk level of zero, but that will be hard to achieve. 

We've received some mild complaints that the documentation is sometimes not up to date. 

I used Vision One at my last job, and I brought them on board when I joined this company, so I have been using the platform for about two years. 

I haven't had any issues with stability. 

We run several different AWS accounts, and Vision One keeps up pretty well. I haven't noticed any downtime, lagging, or crashes.

They were using something else, but my team wasn't in charge of it. Vision One offers a more mature platform. I had used it at my previous job. My boss brought it in because we had both worked with Trend Micro in the past. We know the platform and the engineers. 

Deploying Vision One was relatively straightforward. We were on the legacy platform. They had written a script, so all you had to do was hit the play button. We recently moved to their all-in-one VisionOne platform, which was super simple. The deployment team included two on our side and two on the Trend Micro side. Their engineers hopped on a call and walked us through the process. The setup process primarily entails deploying the agents globally. 

Trend Micro's licensing is fair. 

I rate Trend Micro nine out of 10. This is a SaaS product, so you can do a trial period. If you like it, contact their sales people and try to develop a good relationship with the company. 

We have deployed the Trend Micro product suite across all our servers and workstations, including their XDR component, Vision One.

Our decision to switch from Kaspersky to Trend Micro stemmed from the concerns surrounding Kaspersky and the Russian government. Following those developments, we were advised to discontinue using Kaspersky and began the process of evaluating alternative security solutions. Trend Micro ultimately emerged as our preferred choice due to their exceptional support during the proof-of-concept stage. Unlike other vendors, Trend Micro proactively dispatched an engineer to our corporate headquarters at their own expense to assist with setting up and running the POC, demonstrating their commitment to our success. Vision One was released a year into our contract and we were able to work with the Trend Micro account team to deploy it in our organization.

Previously, our security setup with Trend Micro was entirely on-premises. This meant we were managing our backend servers and manually reviewing security updates. It was a time-consuming process, especially when vulnerabilities arose in their on-prem products. Reviewing briefing files and ensuring everything was patched was a constant burden. Moving to the cloud was a game-changer. The maintenance of backend servers is now handled by Trend Micro, freeing up our resources. We receive monthly emails notifying us of upcoming maintenance, and they take care of everything behind the scenes. It's a breeze. Vision One has always been cloud-based, but our previous on-premises solutions included their endpoint product Apex One, server product Deep Security, and exchange product. When we transitioned to the cloud, Apex One remained our endpoint protection, while Deep Security evolved into Cloud One. Additionally, Cloud App Security was introduced, providing security features for SharePoint and Teams alongside Exchange Cloud. 

Trend Vision One streamlines our security by centralizing data collection and threat management. It pulls data from Exchange, SharePoint, endpoints, and servers to the cloud, providing a unified view of our IT environment. This centralized data feeds into advanced playbooks that automatically block URLs and files based on predefined conditions, reducing our reliance on manual intervention. For potential threats requiring further analysis, Vision One flags them for human review, allowing security personnel to quickly approve or deny access to specific URLs or files. These decisions then inform the suspicious object lists used across all deployed Trend Micro products, maximizing our overall security posture. In short, Vision One effectively automates routine tasks while empowering security teams to focus on critical decisions, making it a valuable asset for our organization.

Vision One grants us centralized visibility and management across our protection layers. With its ongoing development, Trend Micro has steadily consolidated this visibility into a single pane of glass.

Centralized visibility significantly improves our efficiency. Instead of scouring endpoints or hopping between the mail server and data lake, we can consolidate our search for malicious activity into one central location. Vision One empowers us to leverage comprehensive search parameters and scan all data within the data lake, not just data limited to specific products.

For me, the executive dashboard is always the first one I check. Then, I turn to the operations dashboard for a more detailed look. These two dashboards provide a comprehensive overview of our security posture, drawing data from internal and external assets, application agents without vulnerability assessments, and detected account compromises. Vision One also excels at alerting us to potential risks, including accounts exposed to data breaches. I've personally experienced this when the executive dashboard's risk score suddenly spiked due to flagged accounts. After investigating and confirming the risk, we dismiss the alert and the score adjusts accordingly.

The attack surface risk management capability has identified several vulnerability issues in external assets, necessitating immediate action. It has also shed light on blind spots within our environment. 

When we identify blind spots, we need to implement measures to address them and mitigate, reduce, or even eliminate the associated risk from our environment. Our team is relatively small, so dedicating someone to focus intensively on a single issue can be challenging. Vision One has alleviated this burden. Vision One's playbook and built-in automation features help us by proactively alerting us to issues requiring immediate attention, enhancing our overall security posture.

Vision One offers a feature where, if it detects a phishing email with high confidence, it automatically locks the email, removes it from the Exchange database, quarantines it, and disables any links within the email or similar emails. For emails requiring human intervention or immediate action, Vision One flags them for review. We can then approve or deny the actions on the URLs and emails within the system. We use Vision One as a secondary measure if something slips through our other security layers. It allows us to see exactly what happens when users click on a malicious link, even if it wasn't flagged beforehand.

To some extent, Vision One helps us reduce the time we spend investigating false positive alerts generated by our firewalls. While firewalls throw out many alerts, I often turn to Vision One for clients flagged as compromised. Jumping over the firewall report, I check Vision One's insights on those specific endpoints and the sites flagged by the firewall. Previously, I'd spend time on the machine itself, sifting through cookies and deleting temporary files to track the source of the suspicious traffic. But with Vision One, I can quickly see if the endpoint is trying to reach those flagged endpoints. In most cases, it turns out to be just Google searches – images or other elements loading as part of a search.

Vision One has become my go-to spot every morning because of the dashboards. They put everything I needed in one place, saving me the hassle of jumping between multiple platforms. It's a half-hour ritual that sets me up for success, allowing me to review everything efficiently and tackle the rest of my day with confidence. Vision One has probably saved me several hours of valuable time per day.

We currently have some playbooks in place, and we're exploring the option of adding more automation features to them. Our limited IT support staff is one factor that makes a managed XDR solution particularly appealing. However, we recognize the need to invest time in learning and understanding the available automation features, of which there are many.

I could visit VisionOne daily and check the operations dashboard. It provides a good high-level overview of our risk posture, and I can drill down to see the specific registrations from the endpoint network that VisionOne is highlighting. This helped us understand that our risk index recently increased due to users requiring patches for the latest Google Chrome bug. Beyond that, VisionOne offers a clear window into the security posture of our endpoints. It shows any existing vulnerabilities and, if applicable, highlights any available tools from Trend Micro that can help us reduce the risk and mitigate the issues.

The support documentation could be more comprehensive. The last time I needed to find information, it was scattered, and took me a long time to locate what I needed. 

I have been using Trend Vision One for almost six years.

While all products can encounter occasional stability issues, we've had specific instances where Trend Micro caused problems. We were unable to pinpoint the exact cause ourselves. Therefore, we contacted Trend Micro's technical support and collaborated with them to resolve the issue. In one case, it was a bug or previously unknown problem that was fixed in the next release.

Vision One is fairly scalable, especially the cloud model. Because as long as we have the licenses installed. They can create folders and groups to help keep things organized for us.

The technical support team is always incredibly helpful. Whenever we call them, they typically recommend using their data collection tool to gather some information. However, they're quick to respond, easy to work with, and knowledgeable, making for great customer service.

Positive

Previously, we used Kaspersky for several years after Symantec's exorbitant pricing led us to switch. We hadn't considered Trend Micro at the time. When concerns about Kaspersky arose due to the geopolitical situation, our director decided to move away from it. Seeking an alternative that was lightweight and met our needs, we explored various vendors and ultimately settled on Trend Micro.

The initial deployment was straightforward. Trend Micro sent one of their engineers from Toronto to Halifax to help us set up the point-of-sale system for the proof-of-concept trial. The beauty of their approach was that if we decided to move forward with Trend Micro after the POC, we only needed to apply the license to the existing model, and it could be seamlessly transitioned into production. The engineer worked closely with us to develop a script that would uninstall Kaspersky and install the Trend Micro product. They also helped us configure the necessary policies, making the entire process remarkably simple.

Three people were involved in the deployment including the engineer from Trend Micro.

The implementation was completed in-house with the help of a Trend Micro engineer.

Initially, the new pricing structure from Trend Micro seemed reasonable compared to what we'd seen before. They've introduced a credit system, where we purchase credits and then allocate them to the specific services we need active. This concept is intriguing, but it has its pros and cons. In the past, licensing for 700 clients meant purchasing 700 licenses for everything in the package, a straightforward approach. Now, the new system requires a sizing exercise to determine our actual needs. However, the upside is that unused credits don't go to waste. We can divert some to a sandbox environment or other Trend Micro service for a limited time, if needed, to address specific issues.

Each feature costs a certain amount of credits.

I would rate Trend Vision One a nine out of ten.

The on-premises version requires maintenance on the management server and update the software. The cloud model reduces the amount of time spent on maintenance dramatically because the cloud model automatically takes care of the software maintenance side of Trend Micro.