Trend Vision One Reviews

We use Vision One to detect to detect and respond to malware incidents. With endpoints (Apex One/Cloud One Workload Security), network (Deep Discovery Inspector) and Office365 (Cloud Email and Collaboration Security).

The environment is complex, distributed in more than +100 locations. Some locations are just offices, some others are industrial facilities with ICS and SCADA. Besides Windows, we deal with a lot of operating systems, including Solaris on SPARC. And our users are diverse, with lots of employees roaming around the country.

With ASRM, we tackle important use cases around identity protection and risk management in general. Identification, prioritization, and remediation.

The full stack of Vision One has delivered what "SIEM 2.0" couldn't deliver. The capability to monitor threats and discover attack vectors before they are exploited and across all our workspace (on-prem, IaaS, PaaS and SaaS). We have invested well over a million into SIEM during the last decade. A full ArcSight upgrade and then a Splunk migration assisted with a large MSSP. Vision One is still ahead at a fraction of the cost.

Going through a capable, single-vendor solution was necessary, given our small team. Choosing the best solutions for every task and building all the integrations was not an option.

Vision One is much more than just EDR for us; it is a threat intelligence platform and a SOAR too. And even with the limited capabilities in this area, we find ways to tackle challenges our MSSP and SOC haven't been able to accomplish on a very large budget.

I like everything. The most valuable feature is how the stack fully integrates all components of a solution. Then, integrations with third parties will be provided.

As an example, I am capable of sending a suspicious file directly to my Deep Discovery Analyzer appliance (a sandbox) while investigating a suspicious download/file interaction, and I can then quickly push the IOCs in the suspicious object lists to protect both managed endpoints, and the rest of the network too! Yes, you can push domains and IP addresses to Palo Alto through a Trend Micro Service Gateway, ensuring you can protect even what cannot receive an endpoint. And all this without writing a single line of code. The ease of use and ease of deployment for use cases like this are my favourite features.

The SOAR features (Security Playbooks) are quite limited. At the moment, it is impossible to execute a simple piece of Python code that would pull or push something to an API, for example. While you can tackle some use cases, a SOAR from another vendor is still a must-have.

To assist with complex use case integrations, having all the data from the SIEM inside XDR would be great, too. That's where the market is moving with solutions like Falcon Logscale and Cortex XSIAM. Pivoting from XDR to Splunk or vice-versa can be time-consuming during incidents.

I was actually an early beta tester of the Apex One Endpoint Sensor before Vision One appeared in 2021. That would be three solid years of using it.

Quite reliable. In the last three years, only one incident created memory leaks on Windows Servers. We didn't see too much impact (fortunately) as a workaround could be quickly provided.

Support is quite responsive when something does work well. However, we do pay for Premium support.

The scalability is really good.

My experience is generally good, but I have had the chance to deal with premium support. I'd say I get the support I expect for the price that I pay.

Positive

Although we have been dealing with other security vendors (McAfee, Symantec, Proofpoint, and more), Vision One was really our first EDR.

The initial setup was a breeze. It is realistically one of the strong points of the solution.

We implemented the solution in-house. Although with premium support, you do get a lot of help from Trend Micro if you ask for it. You'll be able to talk to actual experts.

It is very hard to quantify an ROI on a security product. It doesn't generate revenues, and you can't quantify the cost of incidents that didn't happen.

Product names are changing all the time. Lots of changes in the last three years. They introduced the concept of credits, too, which did not make anything easier.

It's also easy to underestimate the credits required with Cloud Email and Collaboration Security: people invited from third-party tenants will count.

The credit usage and allocation tool has been improving, at least.

We had a look at Carbon Black and CrowdStrike Falcon.

It's probably the best solution for a small team that cannot absorb the complexity of a multivendor solution. The ability to execute VS the cost is surprisingly good.

Its real-time analysis has impacted our security incident response time. We use the Workbench console and dashboards. We are normally able to analyze an incident in a few hours, understand what is going on, and provide a specific solution for any type of incident.

A few days ago, a user opened something with malware on their machine. In a few seconds, I received an email, and I received a pop-up in the console. To mitigate this, we removed the machine from the network and checked it.

In terms of integration, we intend to integrate more solutions with Trend Micro, but so far, we have just integrated the firewall.

Telemetry is very useful. They provide all the information. I can see specific details about any malware and various types of attacks. I can prevent my environment from different types of attacks based on what I see in the Vision One console.

Log inspection is also very useful for me. We check the logs all the time. In certain cases, it is necessary to analyze with more detail. It is very useful to understand what is going on in my environment with log inspection.

It is very expensive. 

I have been using this solution for ten years.

We do not have any problems with the stability of this solution.

It scales well. We do not have any problems with scalability.

At the moment, we do not have any plans to increase its usage.

Their technical support is good. They take some time to give me the answers, but in the end, they fix and solve all my problems. I would rate their support a nine out of ten.

Positive

We were not using any other solution previously. We have been using Trend Micro's solutions from the beginning of our operations in Brazil.

It is a SaaS solution. Its initial setup is not complex. It is very easy to deploy. It is not complicated. It is very user-friendly. It took around 15 days.

In terms of implementation strategy, we prepared some test machines and servers. After that, we deployed it for the entire company.

They do the maintenance, but we do not have any downtime in this maintenance mode.

We had a Brazilian reseller.

We have not seen an ROI.

Trend Micro's cost is higher than other solutions. That is the main reason why we need to switch to another solution.

We are using a full license that provides different types of features, but CrowdStrike does not provide some of the features such as MDM or anti-spam. We do not have these options or features with CrowdStrike. If we switch to CrowdStrike, we would have to buy other solutions to have a complete solution.

In addition to the license, there are no extra costs.

Its cost is high for us, so we are checking other options and other companies to provide the same solution. We are evaluating CrowdStrike, Trellix, McAfee, and Sophos. We have not yet received the quotation, but their cost is lower than Trend Micro.

Trend Vision One is very useful. It has many functionalities and integrations. Its integration with other products is growing. In the future, it will probably be the biggest console in the world.

Trend Micro is making some changes to the console. At the moment, it is a little bit confusing for our use case because we are using three or four consoles from Trend Micro. We intend to migrate to just one, which is the Vision One console, but at the moment, we are using the Apex One console for the workstations and the Cloud One console for the servers. I do not know if the integration is complicated for Trend Micro, but at this moment, it is not so easy for me to manage all devices.

I would rate Trend Vision One an eight out of ten.

We use Vision One for antivirus, endpoint protection, and identifying misconfigurations in our cloud platform. It secures our servers and endpoints and detects any sort of malicious software or inappropriate user behavior. It's a cloud solution with agents on the machines for endpoint protection. 

Vision One gives us more insight. When we implemented the solution, we didn't have a mature security platform, so we couldn't see what was happening on our servers or what our users were doing. It has decreased our time to detect and respond. Initially, we didn't have as much insight into any attacks that came through. It gives us more data points to work with and guidance about the remediation efforts. We aren't dealing with eight or nine different systems to identify one issue. It's all centrally located in one place.

Their Managed XDR service acts as our security operations center. It helps us sleep a little better at night. We know that they can call us on the phone when a significant alert comes in after hours. It makes things more efficient because we know there's someone on the other side who can look at alerts for us and at least do the preliminary analysis if anything comes in. Multiple teams are notified when an alert comes in. We can allocate security resources more efficiently and plug more data sources into the Vision One platform. We don't need to dedicate personnel to continuously monitor the dashboard because we know someone is looking at it with us.

The platform has allowed us to identify blind spots and see where there are holes in our network. It suggests remediation steps in many cases.  There is typically a link in the documentation. That has been a significant benefit because it tells you what to do. For example, it might suggest running a command in the terminal to identify the issues or take x output and put it into y input. 

The solution reduces the time spent investigating false positives by around 65 to 75 percent. For example, when we are pushing out custom code, the workbench tells us the risk level. If it's 70 or higher, we check it out. At 69 or lower, it could be a false positive, so it might require some poking around. It gives us enough data in the alerts that anyone who knows the system could say, "Oh, that was me. I was running patches," instead of checking nine different systems to identify what triggered the alert. It's all there in the alert, including the hashes, commands, impacted web files, etc. We can instantly dismiss it as a false positive and flag it as resolved.

Vision One's playbooks help us save time but I can't say how much because we're still maturing those. For instance, we know what those patching commands look like, so we're working on a playbook to automatically ignore or close those false positive alerts as they come in. We're still trying to fine-tune those playbooks. 

I like Vision One's observed attack techniques feature. It lets you see what an attacker is doing, how they have tried to exploit a machine, or how malicious code is operating. It helps us discover indicators of compromise so we can write better rules for detection.

Migrating to the Vision One platform helped us because we no longer need to look at eight different screens to find data. It's all just consolidated into one location. Having everything in one place is critical. I've been in the industry for almost a decade now, and it's a struggle to find that single pane of glass for all my alerts, logs, and anomalies like random users clicking on a link or downloading a file. It's nice to have it all in one location. Having centralized visibility saves the time we would spend checking various systems to look for things. I can also correlate data points more effectively and make data-driven decisions about the remediation and mitigation of any internal or external threats discovered.

The executive dashboard is nice. It's consolidating all of the tools into the Vision One platform, giving you a high-level overview. Executives love dashboards and pretty colors. The ability to drill down into XDR detection from the executive dashboard his handy. I don't have to go fishing. We get an alert that says a machine did X, and I can fire it up. It's on the dashboard, so I can click on that machine, and it lets me drill down into the logs. It cuts down on the time required to do any kind of forensic analysis on anomalous alerts or behavior. 

The Risk Index gives you an overview of the risk and how it compares with others in your industry. It's nice to be able to quantify the risk, and it enables you to justify the spending on these tools to your executives by showing that it pays off. Also, if we start plugging in more data points and the risk score goes up, we can conclude that there are some issues with the new data source that we just hooked up to our platform. The goal is to have a risk level of zero, but that will be hard to achieve. 

We've received some mild complaints that the documentation is sometimes not up to date. 

I used Vision One at my last job, and I brought them on board when I joined this company, so I have been using the platform for about two years. 

I haven't had any issues with stability. 

We run several different AWS accounts, and Vision One keeps up pretty well. I haven't noticed any downtime, lagging, or crashes.

They were using something else, but my team wasn't in charge of it. Vision One offers a more mature platform. I had used it at my previous job. My boss brought it in because we had both worked with Trend Micro in the past. We know the platform and the engineers. 

Deploying Vision One was relatively straightforward. We were on the legacy platform. They had written a script, so all you had to do was hit the play button. We recently moved to their all-in-one VisionOne platform, which was super simple. The deployment team included two on our side and two on the Trend Micro side. Their engineers hopped on a call and walked us through the process. The setup process primarily entails deploying the agents globally. 

Trend Micro's licensing is fair. 

I rate Trend Micro nine out of 10. This is a SaaS product, so you can do a trial period. If you like it, contact their sales people and try to develop a good relationship with the company. 

As a security architect, I design solutions for our end customers. In previous projects, we've successfully implemented Trend Vision One for customers with cloud-based assets and email servers, enabling them to extend security coverage to their remote clients.

The current market trend in email security solutions focuses on mitigating threats like phishing attacks. These widespread attacks occur across various points in the cyber kill chain process. Whether initiated from the perimeter or targeting cloud-based assets, monitoring all north-south and east-west traffic is challenging. Trend Vision One helps by providing a comprehensive analysis of these email phishing attacks, identifying the attack origin, parameters, and information extracted from attack patterns.

Trend Vision One offers centralized visibility and management across all protection layers. This comprehensive view provides valuable information for CISO/CIO presentations, including attack patterns, threat actors, and areas for predictive analysis. Such insights are crucial for informing policy changes and other security enhancements. The visibility also helps with efficiency.

We can summarize any technical information we receive using widgets and then present it to executives in a dashboard format.

Our customers adapt the risk index feature to align with the specific needs and conditions of their individual environments.

We have used Trend Vision One in several projects where our customers consolidated security across hybrid environments. The consolidation effort, particularly utilizing Vision One's AI-driven features, streamlined investigative analytics. Furthermore, merging multiple solutions into Vision One provided comprehensive insights, which proved invaluable for policy development.

The ability to manage risk and maintain visibility has improved by approximately 20 to 30 percent, significantly simplifying our tasks. Operationally, this has led to a 20 percent reduction in effort.

Trend Vision One has helped reduce detection and response times by 30 and 40 percent, respectively.

Trend Vision One has saved more than a week's worth of effort in investigating false positives.

Trend Vision One's automation capabilities have helped us save between 60 and 100 hours monthly. 

The most important features of Vision One include visibility, AI integration, attack pattern analysis, predictive analytics, and centralized visibility and management across protection layers. These features are very important to us. 

There should be improvements in risk quantification, where the risk is displayed in a quantified manner, showing the dollar value loss. The integration with third-party OEM solutions also needs enhancement, particularly in UEBA integration with Trend. Sometimes, there are blind spot discoveries that are not completely successful. Improving automation to avoid manual triaging and providing more insights on dashboards is desirable.

While Trend Vision One's attack surface risk management helped identify some vulnerabilities in our environment, the feature needs improvement. Specifically, the blind spot discovery is unreliable; for example, a missed blind spot in one environment led to an attack and subsequent investigation.

Automation should be improved to eliminate the need for manual effort in initial L1 triaging. Additionally, dashboards should provide more insightful analysis, including various mappings to the MITRE ATT&CK framework and Tactics, Techniques, and Procedures.

I have been working with Vision One for almost almost two years.

The support in Trend Micro is good.

Positive

I have worked on Exchange servers, and we are using Palo Alto to a certain extent. These were not from the XDR or EDR point of view.

The analysis shows that Trend Vision One has improved our ROI by 30 percent.

Competitors offer comparable solutions at slightly lower prices, so Vision One has room to reduce its pricing by 15 percent, given that Trend Vision One charges approximately $10 per endpoint.

We evaluated other options but not to the same extent as Trend Micro because I was more familiar with Trend Micro solutions.

I would rate Trend Vision One nine out of ten.

We use Trend Vision One for the XDR and we absolutely love it, especially the full visibility into protected assets. It's incredibly easy to identify weaknesses across systems and manage any outdated software or areas needing attention directly within the user interface. Previously, we juggled multiple dashboards, but the new version has streamlined everything into a single, unified dashboard. This has significantly simplified our workflow and improved manageability. In essence, we can now manage multiple products seamlessly within the same Vision dashboard, which is a considerable improvement over the previous system. This year has brought significant and positive changes to our workflow.

We use XDR across Office 365 in the cloud and on-premises environments to safeguard our assets. This includes protecting our server environment, workstations, and Virtual Desktop Infrastructure, ensuring comprehensive endpoint security.

Our deployment utilizes a hybrid model, making agent deployment incredibly simple. We employ several different deployment methods: on-premise deployment through Active Directory and utilizing various tools. In case a system leaves the network for any reason, we have third-party solutions in place. We have multiple RMM solutions that can be rapidly deployed in these packages. For example, I've recently observed systems being spun up and sent home before antivirus protection was activated. We still have the opportunity to deploy these solutions in the cloud automatically. So, we have a few ways to work around this and deploy those agents, making it easy to deploy either on-premise or in the cloud. We can address several scenarios and push out to those endpoints.

Coverage is extremely important. We want to ensure visibility into all assets across the network, whether it's a workstation within the office or someone working remotely. This visibility is crucial even when they're outside the network or using cloud-based software, especially since we have no on-premise infrastructure. With the rise of remote work, having this extra visibility into devices, whether at home or abroad, is invaluable. We appreciate the ability to see what's happening on any asset, regardless of its location. This allows us to monitor running processes, identify vulnerabilities, and push necessary updates, ensuring we maintain connectivity and security no matter where devices are operating.

Trend Vision One offers us comprehensive visibility within a single dashboard, which is crucial since we manage numerous other products and security solutions with various dashboards. The simplicity and centralized visibility provided by Trend Vision One significantly streamline our operations. Managing a multitude of security products across our environment necessitates consolidated visibility to minimize back-and-forth navigation. Having all the necessary information in one place is essential for us.

We use executive dashboards to generate weekly or monthly reports that provide a risk score index. This index helps us identify areas needing attention and understand the teams' focus. We then share this information with IT senior management. In addition to our reporting, we receive a monthly report that allows us to compare our current status to the previous month's and highlight new challenges, team weaknesses, and ongoing efforts. This comprehensive view enables the executive team to monitor the team's continuous progress.

We utilize the risk index feature to monitor and mitigate potential environmental risks. One example of this is how we proactively worked to reduce the risk index score of a recently acquired company. Their antivirus product was expiring, so we opted to purchase additional licenses for our existing Trend Apex One product suite instead of renewing it. However, this integration significantly increased the risk index score due to numerous previously unmanaged devices on their network. To address this, we systematically worked through the risk index list, identifying outdated software and determining if it was still in use or could be safely removed. By leveraging the risk index in this way, we successfully lowered the score and ensured the secure integration of the newly acquired company into our environment.

It took some time to fine-tune Trend Vision One before realizing its benefits. A significant concern was integrating it into our virtual environment, a complex process. However, we gained significant visibility once set up in our VDI, leading to further adjustments. We fine-tuned the environment, removing unnecessary elements, which is especially crucial for our non-persistent VDI, where VMs reset if anything goes down. Through these tweaks, performance improved, and the extra visibility provided by Vision One highlighted areas needing attention, allowing us to optimize the environment gradually.

We use Trend Vision One within Azure, expanding its monitoring capabilities to both on-premises and cloud assets, including Active Directory, which is synchronized from our on-premises environment. This hybrid setup covers assets locally and in the cloud, including Office 365, and Trend Vision One effectively manages security across this environment. It has simplified the process, particularly for virtual environments, providing enhanced visibility and flexibility compared to previous products. The additional visibility has been invaluable, enabling us to address previously undetected vulnerabilities and mitigate risks.

During XDR and managed services pen testing exercises, we identified some weaknesses. They were able to automatically crack some accounts. As soon as one system was breached, the managed services team contacted us, escalating until they got a response. We could see their process in action - their steps and what they did in the backend. We provided them with details about the events and the ongoing pen test. It was an excellent test to see that the managed services worked as intended. There was a breach; they asked if we were aware and stated they would isolate the device if we weren't. We acknowledged we knew about the ongoing pen test. Throughout these exercises, they reached out immediately, demonstrating their focus on alerts, their process for triaging them, and their communication with clients.

The attack surface is directly related to exposure and risk. Any identified vulnerabilities, such as outdated software like older versions of Office or Google Chrome products, are flagged immediately. We use third-party solutions to address these issues across all workstations. Whenever we detect internal or internet-facing exposure, we prioritize remediation based on criticality. External-facing vulnerabilities are patched first, as they pose a greater risk than those affecting only internal assets. We rely heavily on exposure risk and risk index to determine priority and ensure the most critical vulnerabilities are addressed first. This helps us identify blind spots in our environment. Take the new acquisition as an example; many devices were unprotected and lacked crucial Windows updates. Numerous products and workstations required immediate attention. Security wasn't the initial priority, so we addressed that and ensured it became one. We implemented numerous changes with acquisitions to align them with our security standards.

Trend Vision One has significantly reduced our mean time to detect and respond to threats by 60 percent. It centralizes all information, enabling us to identify and address vulnerabilities quickly. For example, if we discover multiple devices running an outdated version of Office 2013 missing patches, we can easily compile a list of those devices and share it with the responsible team for remediation. This visibility allows us to proactively address weaknesses across the network, such as deploying updates or the latest release of third-party software to mitigate risks. Trend Vision One has been instrumental in enhancing our overall security posture.

The managed services significantly reduced the time we spent investigating false positive alerts. In uncertain scenarios, we consult the managed services team. If unsure about anything, we use the AI companion for questions. If we encounter an unfamiliar flag or event, we research it independently and involve the managed services team's professionals for deeper investigation.

We have implemented some automation but haven't fully explored its capabilities. We have a few playbooks for tasks like blocking user access based on IP addresses or email content. Since we use Office 365 in the cloud, there's also a lot of automation for handling incoming emails, such as blocking and sending alerts. While we've used playbooks to a limited extent, there's potential for further automation, and we plan to explore this further.

The most significant recent change has been the addition of the new AI companion. This feature has proven invaluable, especially when integrating with third-party products or resetting the dashboard, as it provides detailed step-by-step guidance. In fact, we were able to resolve all issues independently, without needing to contact support, thanks to the AI companion's comprehensive answers.

The only downside to Trend Vision One is its complexity. It's a comprehensive product covering a lot of ground, which can be a little intimidating initially. The user interface, in particular, can take some time to get used to, with menus that could be better organized and a dashboard that could be more user-friendly. Due to the sheer complexity of the product, navigating and familiarizing oneself with the environment requires some effort. While the initial learning curve might be steep, the product's vast capabilities justify the time investment.

I have been using Trend Vision One for two and a half years.

I would rate the stability of Trend Vision One nine out of ten. I haven't experienced any crashes or issues in the last few years since we started using the product. While there are occasional upgrades and minor changes that require adjustments, the overall stability is excellent. We have no complaints, especially considering the VDI environment, our primary focus, has been running seamlessly. The lightweight agent minimizes resource usage, further contributing to smooth performance.

I would rate the scalability of Trend Vision One nine out of ten. We successfully scaled it up by adding approximately 250 workstations and deployed the product within a week. We replaced their previous product, scripted everything, integrated it into their on-premise servers, and deployed the agents. The 250 additional assets were integrated within two or three days, providing complete visibility in the dashboard. The team then took over and identified any weaknesses. In summary, scaling up and adding 250 workstations was easy to implement.

The technical support and service are excellent. After our new acquisition, we encountered a few issues that we hadn't seen in our environment compared to theirs. Through troubleshooting, we determined that the problems weren't caused by the product itself but rather by corruption in specific systems. We systematically worked through the other products, disabling them one by one. The troubleshooting experience was excellent, and we reached a resolution within a couple of days of contacting support. They were very professional and provided direct answers, resulting in the issues being resolved correctly and in a timely manner.

Positive

In the past, we have used a few different products, including Sophos and Cylance, which we have used for the past couple of years. We also used Trend's older products, like OfficeScan, about eight or nine years ago. We eventually moved away from those products due to their lack of AI capabilities. After trying other products, we returned to Trend with Apex One and Vision One. We've been happy with the product, and its virtual environment capabilities were a major factor for us. Trend has consistently been the best performing product for us, so we decided to continue using their products with Trend Vision One.

The initial deployment was straightforward. We leveraged our existing products to force and uninstall the previous product, opting for a custom scripting approach rather than standard GPOs or internal solutions. This allowed us to uninstall the old package and ensure the new installation was reflected in the dashboard, streamlining the process and enabling us to proceed seamlessly to the next phase. Overall, the deployment was straightforward from our perspective.

We deployed Trend Vision One during COVID, which took approximately one and a half weeks because the server side required additional fine-tuning for all the exclusions.

We implemented the solution in-house. We repeatedly reached out to obtain basic information and guidelines on the VDI component and the virtual environment, specifically regarding steps for managing the virtual environment when closing a gold image and imaging numerous workstations with a single image. Due to the complexities involved, we requested documentation. However, our internal team completed the entire deployment with limited support from their support team, following the provided instructions.

The pricing is fair compared to other solutions. It's within the price range we're looking at for a single endpoint, and fair pricing is important to us.

I would rate Trend Vision One nine out of ten.

The Trend Vision team handles all maintenance on the SaaS backend. Internally, we only need to update the VDI environment occasionally because it's a non-persistent VDI, meaning it's locked down and reverts to its previous state upon reboot. We periodically open the gold images to perform maintenance, update signatures, and force program upgrades, but this is only a monthly task. So, we spend minimal time managing the solution.

Before implementing Trend Vision One, ensure you gather comprehensive documentation. Adhering to the guidelines will streamline setup, and any queries can be resolved using the efficient AI companion. Users can pose questions or access documentation directly from the Trend website. Initially, focus on familiarizing yourself with the dashboard, risk indexing, and the executive dashboard. Explore the product, ask questions, and continue experimenting and seeking assistance once deployed. The process is straightforward once you've had the opportunity to explore the system thoroughly. The primary challenge is becoming comfortable with the interface and navigating its features effectively.

Trend Vision One functions as our XDR solution. I spend considerable time within it conducting reconnaissance on any security incidents requiring investigation. This tool allows me to quickly search for information that might be difficult to locate using our other tools.

We implemented Trend Vision One to improve our security posture by creating multiple layers of protection. This tool addresses security gaps our existing solutions, like Defender, may miss, providing deeper insights into potential threats.

We have implemented the product on both our cloud environment and endpoints. While we utilize a different Trend product for email, we also leverage Trend for this purpose. Trend's complete coverage is invaluable, as it centralizes data that would otherwise be difficult to locate, and its robust search function has been instrumental in our decision to continue using the platform. Although our organization is always exploring alternatives, the all-in-one nature of this solution has proven highly effective for our needs.

Vision One offers centralized oversight and control across our protective layers. It provides valuable insights into our various Trend applications, though its visibility into other layers is understandably limited. This limitation isn't a concern at this time.

Vision One has significantly improved our efficiency. For example, we recently faced a critical situation where a rule change on a client-server posed a potential security breach. Using Vision One, we quickly identified the employee responsible for the shift and resolved the incident without an extensive investigation. This would have been highly challenging without the tool, as determining the culprit would have been much more difficult.

We've been using the risk index feature to try to chip away at the risks within the environment and identify the vulnerabilities that need to be prioritized because that's been one area that has been more invisible to us with the other tools.

Vision One offers a valuable new perspective on our risk profile. While we receive reports from other tools like Nexus IQ, Vision One's unique risk classification and ranking system allows us to prioritize issues differently. This enables more informed decision-making as we can identify risks that other tools might underestimate. We've fully leveraged Vision One's benefits since our team's formation over two years ago. Though the tool existed previously, its impact was limited due to the absence of a dedicated team focused on its utilization.

It's able to detect things that other tools don't detect. We use a layered approach, so those tools have found stuff it hasn't detected. But that's to be expected. That's the goal of using the layered approach to it. But it's helpful because it catches things we might have been unaware of. Additionally, it might rank things differently than the other tools, and that's the same for this piece. And that can be very helpful for us to catch things we might have otherwise missed because it gives us that extra detail.

Trend Micro XDR has significantly reduced the time needed to detect and respond to threats. It offers capabilities that other security solutions lack, enabling us to address challenges innovatively. Additionally, built-in features such as insights and endpoint protection provide valuable tools that enhance our security posture compared to other systems.

Despite having a fifteen-year career in cybersecurity, I joined this role with limited hands-on experience. However, I quickly became proficient with Trend Vision One through self-directed learning, and my team soon recognized my expertise in the tool, making it a positive experience overall.

The Workbench feature is fantastic. It is so helpful to have something that pulls all the data into one visual representation of the events.

Vision One generates numerous false positives, forcing unnecessary investigations and highlighting a need for improved filtering options. A recurring false positive in our environment cannot be safely filtered, preventing us from ignoring it without risking overlooking genuine threats. This issue arises from a script that renames computers, which behaves suspiciously like malware but lacks a unique identifier within Trend for precise filtering. We cannot exclude the entire script due to potential exploitation by attackers who could embed malicious code within it, bypassing our security measures. While this scenario requires a targeted attack, the sensitive nature of our client's data, including threats from nation-state actors, necessitates a cautious approach to avoid compromising our security posture.

We want the ability to download and inspect emails from clients' mailboxes. Microsoft's platform supports this functionality, and we possess the necessary license. However, some clients lack the required license, prompting us to recommend Trend. If we could directly access and inspect client emails, it would eliminate the need to sell additional licenses to those clients, streamlining the process.

I have been using Trend Vision One for over two years.

Trend Vision One is stable.

As we've added employees and removed employees and added servers and removed servers, I haven't had to think about the scalability of Vision One. It has been very smooth.

We had a script that was not right and kept triggering false positives. I had reached out for help with that. The help I got took a lot of time to get responses. And in the end, they closed out the ticket I had opened without resolving it. I also found the communication experience to be rather frustrating. My biggest complaint about my experience with Trend has been the support. There's a lot of good to be said, but there's room for improvement in the support. The people were very polite, so I'm not giving them a five because that goes a long way for me. Having support that is snippy makes the experience significantly worse. So, I am grateful for that part.

Neutral

We used a Microsoft XDR in conjunction with Trend Vision One. The main pros for Vision One are that the interface is typically a lot easier and a lot less confusing. 

The overall experience of the interface is a lot more positive. The details I can pull out of Trend are much better than I can typically pull out from Microsoft. I'm able to get results that Microsoft doesn't seem to gather. The cons are that it's in such flux right now because they're moving all their other products into the Vision One console, which can sometimes make it a bit confusing. 

It can also mean that we're unable to access the tools we previously did as rapidly. For example, many of the Apex One stuff is now within Vision One. So we had to relearn how to do that, which cost us time during security incidents. And Microsoft does change things, but they typically change things by adding extra bloat. So that ends up being a con for Trend compared to Microsoft.

While I cannot confirm the specific return on investment for Vision One without firsthand data, I expect it to be positive, given our organization's tendency to quickly discontinue partnerships that fail to deliver value.

I would rate Trend Vision One eight out of ten. There is room for improvement, but with the tools I've used, Vision One is one of the better.

I don't do much regarding the maintenance of Trend Vision One, but I also know that because I get emails about stuff that goes down, it's relatively low maintenance compared to other tools.

We have Trend Vision One deployed across multiple locations internationally. Because the number fluctuates, we have roughly 1,500 to 2,000 users at any given time. Three people on our network team use Vision One. We have also used Trend products, other than Vision One, for a couple of our clients, which would expand those numbers significantly.

My experience with Trend Vision One has taught me many valuable details, and I strongly recommend that new users carefully review the provided documentation.

We have deployed Trend Micro XDR on all our endpoints. It is deployed as an agent because we are using Trend Micro Apex, the antivirus agent, and the SaaS agent. This means that we receive notifications from XDR for any suspicious activity related to endpoints. For example, if a user connects to a suspicious website, XDR should alert us based on our rules. It can also generate alerts for malicious Windows activities.

In addition to deploying XDR on our endpoints, we have connected Vision One XDR to our Office 365 email platform. This allows XDR to read incoming emails. We can then configure rules to remove emails from mailboxes if they have certain properties or are particularly suspicious.

We have also connected XDR to our Azure platform, which is our user authentication platform. XDR can monitor for risky user sign-ins, such as sign-ins from unusual locations. If it detects any risk, it will notify us.

Finally, we have integrated XDR with a third-party tool to receive indicators of compromise. When we receive an IOC, Vision One will automatically run a check in our environment to see if any endpoints have been compromised. It will also check to see if any emails have been sent from any of the senders in the IOC listing. If it finds any matches, it will notify us.

We can also configure playbooks to automatically take action when XDR detects a threat. For example, we could configure a playbook to force a user to reset their password or isolate an endpoint from the network.

We are using the Trend Micro Vision One XDR agent. This agent component is installed on all of our endpoints, including servers, workstations, desktops, and any other computer elements. Vision One also has an API-based element, which we have connected to our email system, such as Azure.

Before Vision One, we had limited visibility into our security posture. Things were happening all around us, but we couldn't see them. With Vision One, we have centralized visibility and management across all of our protection layers, so we can see and respond to threats quickly and effectively.

I cannot imagine my day-to-day operations without the visibility that Vision One provides. It makes all the difference. No other platform compares to Vision One in terms of simplicity, ease of use, and importance.

Vision One has improved our efficiency with centralized visibility. Before Vision One, we had to go to different platforms and tools in our environment. Sometimes the information was missing and sometimes we were searching with the wrong terms. But because I can now see everything at once, it has helped. The decision we are making now is simply to go there, and whatever we have been faced with, the console is enough to make a decision.

We just signed a contract for Managed XDR services. We were managing our security before, but we'll start using their managed services next year. We've received a few escalations from them already, but that's because they're proactively searching for threats, which is a good thing. For example, I got an escalation from them last week for something that we wouldn't have discovered on our own. It wasn't something that the tool would have generated an alert for either, because it was very similar to what a user would normally do. But they were able to find it because they're looking into all of the addresses that they have. This led to us being able to control incidents that would have happened otherwise.

The XDR service has saved us time, enabling us to work on other tasks. The environment is quite complex, so before we had XDR, we didn't have any tool that considered all possibilities or provided any visibility into our environment. When we first started using the tool, it was new to us, but after a couple of years of using it, we've found that it is a legitimate tool that provides valuable information. Instead of seeing it as adding more work to our workload, we see it as helping us to be more proactive and prevent future incidents. For me, it has been a great help and has added real value to our work.

XDR helped us reduce our time to detect and respond to threats. With a single click, I can isolate a computer from the rest of the compliant environment. I had to do this last week when I had to support two escalated computers. Without XDR, there would be hundreds of things that we would not have seen or known about. But with XDR, we can see everything. And that even includes coverage of devices or computers that are not owned by us, such as those used by vendors. If a vendor brings a malicious device onto the property and downloads something malicious, we can detect it as early as possible.

Trend Micro XDR has helped us reduce the time we spend investigating false positive alerts. I am 100 percent confident that everything that comes out of the platform is legitimate. We had a few false positives when we first started using the solution, but because Trend Micro allows us to whitelist specific items, we were able to build our policy accordingly. Sometimes, there are malicious items that we need to allow because of our environment, such as certain security tools. Trend Micro allows us to build a policy that excludes these items from alerts, so we no longer receive alerts for them.

We use the XDR automation capabilities extensively, including playbook automation for tasks like isolating computers, and API-based automation for most other tasks. For example, we are a member of the retail ISAC information-sharing platform, and we have automated scripts from that platform that pull in all malicious senders, IPs, and domains, and pool them into XDR. XDR then automatically scans all computers to see if any of these malicious entities exist. If they do, XDR generates an alert and allows us to take action, such as removing the file. We generally set XDR to allow only, so that we have visibility into all malicious activity, even if we don't take action on it.

I would like to have the capability to export the information we receive from the XDR into Microsoft Excel.

I have been using Trend Micro XDR for almost four years.

Trend Micro XDR is stable. We have not experienced any stability issues when using the console. 

I do not have access to the backend, so I am not aware of the specific technical details. However, from an end-user perspective, the scalability of the system appears to be excellent.

I reach out to technical support almost every week to address any questions I have. I also have a bi-weekly meeting with their technical team. They guide open tickets and address any concerns we may have. Additionally, we have a monthly meeting with Vision One developers where they discuss upcoming features and seek input. I know exactly who to contact for any assistance I may need. Sometimes, I can simply email them directly instead of opening a ticket. The process is always straightforward and efficient. At times, the prompt responses make me wonder if they are using AI assistance, but I hope that's acceptable. I usually receive a response within a minute or two, which suggests AI involvement. However, the signature at the end of the IT person's email confirms that an actual person is handling my request.

Positive

We had Carbon Black, but we're using it only for application control. With Trend Micro XDR we can detect and respond.

The initial deployment was straightforward. I have extensive experience in deployments across various companies and platforms. However, Trend Micro XDR surpassed all my expectations. We had previously deployed on-premises, and all we had to do was access the designated console and click a button to migrate all on-premises agents to cloud agents. It was incredibly easy. My team of two and I handled the entire process without any involvement from the teams and properties. I right-clicked and moved everything over. A few agents remained unmovable due to their outdated versions, but we successfully migrated close to 99 percent of all agents.

The implementation was completed in-house. Trend Micro provided a document link to help with the deployment.

Trend Micro XDR is reasonably priced for its value, comparable to other products like VMware Carbon Black.

We evaluated an additional option with Carbon Black because we already had that agent in our environment. We also considered Cisco, which has its own XDR platform.

I would rate Trend Micro XDR ten out of ten.

We tried to use the risk index feature, but I didn't have the resources to focus on it at the time. I was more focused on the actual findings that were happening. I have since hired someone who will focus on the risk index, as the primary reason I hired them is to focus on the risk element coming from Vision One, as well as from other third-party intelligence platforms that we work with or have contracts with. Now that I have someone here, we will be focusing on the risk index.

No maintenance is required.

Our infrastructure utilizes Trend Vision One for endpoint and cloud-based security. While all our endpoints are cloud-based, allowing us to deploy Trend Vision One in the cloud, we also maintain endpoint-specific protection. Currently, our network infrastructure is not fully integrated with Trend Vision One. The platform primarily monitors our backend infrastructure and provides initial response capabilities.

I implemented Trend Vision One to consolidate log inspection, integrity monitoring, intrusion prevention, and application control into a single platform, eliminating the need to switch between multiple applications.

Trend Vision One provides centralized visibility and management across protection layers, which is crucial for compliance. It allows us to show audits of what’s going on and keep all evidence in one place. This centralized visibility has improved our efficiency, as it means just one login is needed to complete all necessary tasks, maintaining focus and reducing distractions resulting from multiple sources.

The Vision One executive dashboards effectively communicate our company's overall security posture by providing a clear risk overview. Executives appreciate the simple visual cues, with green indicating low risk and yellow signaling high risk, allowing for quick and easy understanding of our current security status.

I immediately recognized the benefits of Trend Vision One because, unlike our other security applications, it provides comprehensive visibility.

I utilize Vision One's risk index feature to assess our organization's risk level and benchmark it against our peers. This comprehensive evaluation allows us to understand our current risk profile, identify areas for mitigation, and determine acceptable risk thresholds. The risk index feature is essential to our business operations.

Attack surface risk management helped us identify blind spots in our environment and provided detailed remediation strategies. This works as a second pair of eyes that helps look for vulnerabilities, which in turn improves our security posture.

Trend Vision One improves our detection and response times by identifying vulnerabilities and summarizing mitigation strategies.

Trend Vision One helps reduce the amount of time we spend investigating false positive alerts by 80 percent.

I love Trend Vision One for its robustness, allowing us to deep dive into a lot of information. The Trend hunting feature is beneficial, providing the opportunity to investigate and see what's happening, using frameworks such as MITRE ATT&CK to analyze logs. Its risk index feature allows us to see risk status quickly and provides valuable insights into our security posture.

The only issue I have with Trend Vision One is the credit structure, which is confusing. An easier way to understand the credit structure would be helpful.

I have been using Trend Vision One for over five years.

Trend Vision One is stable and does not crash. In my experience, it has not shown any instability issues.

Trend Vision One is scalable. We can increase or decrease according to needs, although pricing changes when scaling.

Trend Micro's support response time can be slow. The quality of assistance varies depending on the issue. However, reaching qualified technical engineers can be challenging due to lengthy escalation processes.

Neutral

I've used many alternatives before, like Avast, SonicWall, and Mimecast. These alternatives don't have all the integrated features of Trend Vision One, particularly the server and workload capabilities.

The initial setup required deep diving and using resources such as help centers. Despite not being straightforward, it was manageable.

The deployment took three days.

I implemented Trend Vision One in-house with the support of team members, using resources like software guides and videos.

Trend Vision One is an expensive product.

I would rate Trend Vision One eight out of ten.

The most significant security challenge we face is zero-day attacks, which exploit vulnerabilities unknown to us. While Trend Vision One provides some protection, it cannot catch all zero-day threats, leaving us potentially exposed. This inherent vulnerability in our security poses the greatest risk.

Trend Micro handles most maintenance, but we are responsible for installing agent patches on our servers.

New users should understand that Trend Vision One is different from other solutions they might have used. Reading and fact-finding are crucial. They must ask the right questions.