Trend Vision One Reviews

We use Vision One XDR to provide managed security services to our clients by correlating logs from various Trend Micro products like Apex One, Cloud One, and Deep Security. Vision One acts as a central monitoring platform, providing a single pane of glass view of our clients' security posture. This simplifies monitoring and allows us to easily create playbooks and analyze alerts. While our EDR solutions, Apex One, Cloud One, and Deep Security provide robust security features like anti-malware, web reputation, and intrusion prevention, Vision One enhances this by correlating logs and leveraging threat intelligence to identify incidents missed by these individual products. Essentially, Vision One functions like a level three SOC analyst, providing an additional layer of protection and ensuring comprehensive security coverage.

Trend Vision One's centralized visibility and management are crucial for our managed security services because they reduce the overhead required for monitoring. As an XDR solution, it performs many of the tasks an analyst would typically handle, streamlining our workflow and allowing us to focus on in-depth analysis when needed. This reduction in workload is a significant benefit, enabling us to efficiently provide comprehensive security services to our clients.

The executive dashboard is a valuable tool for analyzing the threat level of specific assets, particularly for generating end-of-month reports that detail threat and alert volumes, and highlight high-security risks. This comprehensive analysis helps customers understand their security posture and take appropriate action to strengthen their defenses. However, it's important to note that the dashboard's usefulness may vary depending on the individual customer's needs and priorities.

The risk index is a useful tool that provides benefits, but its value depends on the specific needs of the customer. Some customers may utilize the risk index to identify assets with high-security risks, allowing them to address vulnerabilities and implement necessary patching. However, other customers may rely on alternative sources for vulnerability visibility and, therefore, may not prioritize the risk index. While not always a primary focus, the risk index remains a valuable resource.

Trend Vision One provides immediate benefits upon deployment. Its built-in XDR, which includes EDR functionality and integrates with existing security models like Apex One, Cloud One, or Workload Security, allows for seamless provisioning of endpoints and workloads. Rigorous testing confirms that Vision One effectively identifies and correlates alerts, including those missed by other EDR solutions. This enhanced detection capability is evident during post-deployment testing, as Vision One Workbench alerts are generated immediately.

We use Trend Vision One to consolidate security across hybrid environments.

We use attack surface risk management and often customize it in our reports to meet client needs. This service helps identify vulnerabilities and blind spots in their environments. For instance, we assisted a customer experiencing recurring attacks due to unknown vulnerabilities. Our attack surface management analysis provided the data to identify and patch these critical vulnerabilities, ultimately enhancing their security posture.

Vision One XDR significantly reduces threat detection and response time by automating the analysis typically done by a level two or three analyst. It provides a comprehensive view of the environment, incorporating behavioral analysis and intelligence sources to quickly identify unusual activity. This eliminates the need for manual investigation of logs and data, allowing analysts to focus on addressing actual threats. The XDR's automated workbench triggers alerts with a high degree of accuracy, minimizing false positives and further streamlining the security process.

We use security playbooks for certain low-level security alerts because many of these alerts, despite the large volume of data they represent, do not require significant time or attention. Playbooks are particularly useful in these situations as they automate the process of blocking the source or IP address associated with the alert.

Vision One offers several features I value. 

The threat intelligence sources enable it to automatically block domains known for command-and-control callbacks, effectively preventing attacks from those sources. 

Additionally, the security playbooks provide templates to block URLs or scripts, enhancing endpoint protection. 

Finally, the console allows for remote connection to endpoints, enabling direct investigation and remediation within the customer's environment. This flexibility and comprehensive functionality make Vision One a valuable tool.

Trend Micro is making many improvements, including addressing some of our feature requests. However, their reporting functionality needs improvement. The reports lack detail and customization options, particularly for XDR, which hinders our ability to provide tailored reports to clients. For example, we cannot generate reports on threat intelligence data from XDR, making it difficult to assess the protection received from external sources. This limitation also prevents clients from seeing the total value of XDR, including external factors contributing to their security posture. Threat intelligence is crucial, and clients want to understand its impact. Therefore, enhancing report customization, especially for XDR, would be a significant improvement.

I have been using Trend Vision One XDR for one and a half years.

Lagging does happen in Trend Vision One but it is infrequent and does not significantly disrupt operations. This is typical for many SaaS platforms and not a major issue.

Trend Vision One is scalable, allowing for flexibility from four licenses to a hundred or more, depending on how much or how fast scaling is needed.

The experience with customer service can vary depending on the case. Simple issues might involve referring to KB articles for resolution, while more complex issues might need backend support, which can take time. Overall, my experience has been positive.

Neutral

Trend Vision One is easy to set up and can potentially be handled by one person. However, teamwork is preferred to ensure accuracy, catch potential errors, and maintain a high standard of service.

Trend Micro's licensing is outsourced to third-party vendors, resulting in price variations depending on the vendor. Since Trend Micro doesn't directly handle pricing, I cannot provide specific cost details.

Trend Vision One XDR is an excellent security product that deserves a ten out of ten rating. It's surprising that more companies haven't adopted XDR, given its advantages over traditional SIEM solutions. XDR automates tasks like configuration, signature creation, and rule implementation, significantly reducing the manual workload required with SIEM. While I expect a shift towards XDR, many companies still rely on SIEM, which seems inefficient in comparison.

Vision One access supports multiple modules, including endpoint protection, the XDR module, and the Cloud One module, which are the ones that particularly caught our interest.

We have been doing a proof of concept for Trend Vision One to assess its capabilities as a cybersecurity solution. Vodafone is partnering with Trend Micro to offer security services and products to our customers to secure their environments, similar to a SaaS solution. We are exploring it as a partnership opportunity to provide enhanced security solutions to our customers.

We conducted a POC and tested multiple use cases by downloading malicious files and observing their behavior. Trend Vision One successfully detected and blocked all threats, including malicious files, scripts, and even dormant scripts that later became active. All these threats were stopped at the endpoint level, demonstrating that Trend Vision One effectively defends against malware, ransomware, and malicious scripts.

Trend Vision One incorporates a machine learning agent designed to defend against advanced threats, such as zero-day attacks. This agent monitors endpoints for malicious activity and, if detected, automatically quarantines the affected machine to conduct further analysis.

It employs machine learning to quarantine devices during ransomware attacks, however, this functionality has not yet been tested.

Trend Vision One provides a single console with a unified dashboard that consolidates information from our entire environment.

The single console provides end-to-end visibility into our IT security environment. We tested the endpoint security, and the SDR performed exceptionally well, providing a clear topology and metrics of our environment. This allows us to monitor the status of each node within our network.

The Trend Vision One platform was integrated with a Linux-based Service Engine to facilitate integration with third-party IT security solutions.

Learning to use Trend Vision One was straightforward, thanks to the helpful courses available on their portal and the excellent support provided during product introduction.

Administering Vision One endpoint security is easy through the single console.

We successfully tested Trend Vision One in a hybrid environment, with components deployed both on-premises and in the cloud.

Trend Vision One offers virtual patching to protect against vulnerabilities while vendors develop permanent patches. This is crucial because vendor patches can be delayed, leaving systems exposed. Virtual patching provides immediate protection, acting as a temporary shield until the official fix is released.

Since we are still in the testing phase, we have not yet seen a reduction in viruses or malware. However, we anticipate potential improvements in security operations across hybrid environments if implemented fully.

Trend Vision One's greatest assets are its cloud-based platform and credit-based purchasing system, which eliminate the need for traditional licensing and procurement processes, enabling quick product acquisition within one or two days. Trend Micro's strong reputation and excellent threat intelligence further enhance the platform's value. The analytics are also good, particularly the XDR and cloud assessment tools, which correlate logs and information to consolidate alerts for the SOC team.

One area that requires improvement is the installation process of the agents, as it is not seamless. The installation sometimes requires multiple troubleshooting steps and is not straightforward.

We have been conducting the POC of Trend Vision One for approximately three to four months.

There were no major issues with stability, no bugs, glitches, or errors, except for the challenges faced with agent installation. I rate the stability of Trend Vision One eight out of ten.

I rate the scalability of Trend Vision One ten out of ten.

We did not engage with customer support during the POC phase, so we cannot provide feedback on that aspect at this time.

Positive

For endpoint protection, we have used Microsoft Defender and Cortex XDR. We encountered issues with those solutions, but Trend Vision One seemed to address these concerns effectively.

The initial setup was not complex. The prerequisites were set first, allowing integration to be completed in about a week.

The pricing is mid-range, neither cheap nor overly expensive. The cost is considered fairly priced.

I would rate Trend Vision One nine out of ten.

Our team from our organization includes three members involved in the POC testing.

I recommend Trend Vision One to other users based on our experience during the POC phase.

Its real-time analysis has impacted our security incident response time. We use the Workbench console and dashboards. We are normally able to analyze an incident in a few hours, understand what is going on, and provide a specific solution for any type of incident.

A few days ago, a user opened something with malware on their machine. In a few seconds, I received an email, and I received a pop-up in the console. To mitigate this, we removed the machine from the network and checked it.

In terms of integration, we intend to integrate more solutions with Trend Micro, but so far, we have just integrated the firewall.

Telemetry is very useful. They provide all the information. I can see specific details about any malware and various types of attacks. I can prevent my environment from different types of attacks based on what I see in the Vision One console.

Log inspection is also very useful for me. We check the logs all the time. In certain cases, it is necessary to analyze with more detail. It is very useful to understand what is going on in my environment with log inspection.

It is very expensive. 

I have been using this solution for ten years.

We do not have any problems with the stability of this solution.

It scales well. We do not have any problems with scalability.

At the moment, we do not have any plans to increase its usage.

Their technical support is good. They take some time to give me the answers, but in the end, they fix and solve all my problems. I would rate their support a nine out of ten.

Positive

We were not using any other solution previously. We have been using Trend Micro's solutions from the beginning of our operations in Brazil.

It is a SaaS solution. Its initial setup is not complex. It is very easy to deploy. It is not complicated. It is very user-friendly. It took around 15 days.

In terms of implementation strategy, we prepared some test machines and servers. After that, we deployed it for the entire company.

They do the maintenance, but we do not have any downtime in this maintenance mode.

We had a Brazilian reseller.

We have not seen an ROI.

Trend Micro's cost is higher than other solutions. That is the main reason why we need to switch to another solution.

We are using a full license that provides different types of features, but CrowdStrike does not provide some of the features such as MDM or anti-spam. We do not have these options or features with CrowdStrike. If we switch to CrowdStrike, we would have to buy other solutions to have a complete solution.

In addition to the license, there are no extra costs.

Its cost is high for us, so we are checking other options and other companies to provide the same solution. We are evaluating CrowdStrike, Trellix, McAfee, and Sophos. We have not yet received the quotation, but their cost is lower than Trend Micro.

Trend Vision One is very useful. It has many functionalities and integrations. Its integration with other products is growing. In the future, it will probably be the biggest console in the world.

Trend Micro is making some changes to the console. At the moment, it is a little bit confusing for our use case because we are using three or four consoles from Trend Micro. We intend to migrate to just one, which is the Vision One console, but at the moment, we are using the Apex One console for the workstations and the Cloud One console for the servers. I do not know if the integration is complicated for Trend Micro, but at this moment, it is not so easy for me to manage all devices.

I would rate Trend Vision One an eight out of ten.

We use it for analytics. We check all the maps and communications when there is an incident or an issue. It is very helpful for analytics.

Trend Vision gives a lot of visibility. If you have a big environment, you can use it to see logs or events. It gives more visibility into what is going on in your infrastructure.

Last year, we experienced an attack attempt, and it gave us a lot of visibility. We were able to track the source and all the processes that were involved during the attack. For security, it is very good.

Trend Vision One has helped reduce our time to detect and respond to threats by 30% to 40%.

I find the maps particularly helpful. The object list, specifically the suspicious object list, is also quite valuable. You can simply add one object to that list to manage it from another solution.

It gives comprehensive visibility. It is very good. It gives a lot of visibility into all layers such as layer three or layer seven. It helps with monitoring the endpoints, including all the desktops and processes or communication between servers.

I believe that the interface could be more user-friendly. At times, it is challenging to locate certain features, and they need to reorganize the user interfaces.

I have been using the solution for one year.

I would rate their customer support a five out of ten. They sometimes do not give enough attention to the tickets. Even when I update a ticket or a case, they ask the same questions that I have already answered. I explain my problem, and they respond as if not paying enough attention.

Neutral

Previously, we used another solution. We observed that Trend is trying to move all the solutions to Vision One. That is why we decided to transition, and it is working very well. 

It gives more visibility. The other solution was focused only on the server or endpoint protection. It did not provide any tracks, just the basics. With Vision One, we can see all the information correlated in one place, which I find very helpful.

The initial setup is very easy. It is not very complicated. Sometimes, the documentation is not updated, but the processes are very intuitive, so it is not that hard.

In terms of the implementation strategy, we first focus on non-critical servers or appliances, and then we move on to critical ones.

It is being used in an enterprise environment at a data center.

The implementation may require two people, depending on the infrastructure and scale. You might need an engineer or an administrator.

For maintenance, there are two people. One person scans and reviews all the information and the other one is from the backup. It requires minimal maintenance.

Overall, the visibility and security that it provides are our returns on the investments.

I feel that Vision One is a bit expensive. As for the pricing or licensing, I would rate it a seven out of ten.

I would rate Vision One an eight out of ten.

We use Vision One to detect to detect and respond to malware incidents. With endpoints (Apex One/Cloud One Workload Security), network (Deep Discovery Inspector) and Office365 (Cloud Email and Collaboration Security).

The environment is complex, distributed in more than +100 locations. Some locations are just offices, some others are industrial facilities with ICS and SCADA. Besides Windows, we deal with a lot of operating systems, including Solaris on SPARC. And our users are diverse, with lots of employees roaming around the country.

With CREM, we tackle important use cases around identity protection and risk management in general. Identification, prioritization, and remediation.

The full stack of Vision One has delivered what "SIEM 2.0" couldn't deliver. The capability to monitor threats and discover attack vectors before they are exploited and across all our workspace (on-prem, IaaS, PaaS and SaaS). We have invested well over a million into SIEM during the last decade. A full ArcSight upgrade and then a Splunk migration assisted with a large MSSP. Vision One is still ahead at a fraction of the cost.

Going through a capable, single-vendor solution was necessary, given our small team. Choosing the best solutions for every task and building all the integrations was not an option.

Vision One is much more than just EDR for us; it is a threat intelligence platform and a SOAR too. And even with the limited capabilities in this area, we find ways to tackle challenges our MSSP and SOC haven't been able to accomplish on a very large budget.

I like everything. The most valuable feature is how the stack fully integrates all components of a solution. Then, integrations with third parties will be provided.

As an example, I am capable of sending a suspicious file directly to my Deep Discovery Analyzer appliance (a sandbox) while investigating a suspicious download/file interaction, and I can then quickly push the IOCs in the suspicious object lists to protect both managed endpoints, and the rest of the network too! Yes, you can push domains and IP addresses to Palo Alto through a Trend Micro Service Gateway, ensuring you can protect even what cannot receive an endpoint. And all this without writing a single line of code. The ease of use and ease of deployment for use cases like this are my favourite features.

The SOAR features (Security Playbooks) are quite limited. At the moment, it is impossible to execute a simple piece of Python code that would pull or push something to an API, for example. While you can tackle some use cases, a SOAR from another vendor is still a must-have.

To assist with complex use case integrations, having all the data from the SIEM inside XDR would be great, too. That's where the market is moving with solutions like Falcon Logscale and Cortex XSIAM. Pivoting from XDR to Splunk or vice-versa can be time-consuming during incidents.

I was actually an early beta tester of the Apex One Endpoint Sensor before Vision One appeared in 2021. That would be three solid years of using it.

Quite reliable. In the last three years, only one incident created memory leaks on Windows Servers. We didn't see too much impact (fortunately) as a workaround could be quickly provided.

Support is quite responsive when something does work well. However, we do pay for Premium support.

The scalability is really good.

My experience is generally good, but I have had the chance to deal with premium support. I'd say I get the support I expect for the price that I pay.

Positive

Although we have been dealing with other security vendors (McAfee, Symantec, Proofpoint, and more), Vision One was really our first EDR.

The initial setup was a breeze. It is realistically one of the strong points of the solution.

We implemented the solution in-house. Although with premium support, you do get a lot of help from Trend Micro if you ask for it. You'll be able to talk to actual experts.

It is very hard to quantify an ROI on a security product. It doesn't generate revenues, and you can't quantify the cost of incidents that didn't happen.

Product names are changing all the time. Lots of changes in the last three years. They introduced the concept of credits, too, which did not make anything easier.

It's also easy to underestimate the credits required with Cloud Email and Collaboration Security: people invited from third-party tenants will count.

The credit usage and allocation tool has been improving, at least.

We had a look at Carbon Black and CrowdStrike Falcon.

It's probably the best solution for a small team that cannot absorb the complexity of a multivendor solution. The ability to execute VS the cost is surprisingly good.

We use Vision One together with the other products in the Trend Micro security stack, such as XDR, Site Management, and Apex One. 

Vision One has made our detection and response time much faster. We have 30-plus integrations, helping us to identify the most critical threats. The more connections, the better. We can also identify and resolve false positives faster. 

I like Vision One's workbench. It provides helpful logs that I can search, and the telemetry is excellent because I can see what's happening during an attack or potential attack.

Another one of my favorite features is attack surface risk management. It shows me faults and blind spots in my security. I also like the attack phase management. The model shows the risks in the corporation and provides considerable information about what is happening on the platform and the network, offering more visibility. There's also a risk index that shows me where I can improve my security. 

Vision One provides centralized visibility and management across multiple layers. This is critical because I need to see what's happening. It also allows me to set separate rules and policies for some security areas. 

Vision One's search could be improved. While the platform is very user-friendly, the search feature uses terms that aren't as intuitive. The automation is excellent, but I wish there were more templates to help me optimize more things. 

I have used Vision One for nearly a year.

I rate Vision One nine out of 10 for stability. It has only crashed once. 

I rate Trend Micro support six out of 10. They respond quickly but the answers aren't clear sometimes. They don't always understand the issue, so I need to explain a lot.

Neutral

I previously used the Microsoft 365 security stack, but I found Microsoft's XDR lacking. We also used Microsoft CASB and Defender for Endpoint. Vision One's threat intelligence and modeling are better. It has all the features like attack surface and risk management as well as the workbench. I also find Vision One easier to navigate. 

Vision One is easy to deploy. It's mostly automatic, but we needed to deploy some of the agents manually. If you can deploy all of the agents to the endpoints automatically, it takes only about five minutes. 

Vision One is expensive, but I think it's a typical market price. 

I rate Visione One nine out of 10. I recommend fully exploring Vision One's features. It has many features that you don't need to pay extra for. There are so many things to explore. For example, they have free playbooks for third-party integration.

We use Trend Vision One for our endpoint detection and antivirus solution.

The endpoint agents are deployed locally on our computers and the centralized controller is in the cloud.

Trend Vision One's centralized view boosts our visibility into harmful malware, viruses, and ransomware. Before Trend Vision One it was impossible to protect against attacks but the centralized management now makes it easy for us to focus on one platform.

The centralized visibility and management across protection layers have improved our efficiency. Now we have multiple tools to monitor our computers across our enterprise.

The executive dashboard is important because it allows us to dive into advanced functions.

I use the risk index feature daily and report the information weekly. This helps us address the risk factors.

Ransomware and intrusion attacks are common these days and Trend Vision One has helped us protect our devices and prevent these types of attacks.

The attack surface risk management eliminates blind spots.

Trend Micro XDR helps decrease our time to detect and respond because everything is available in one dashboard eliminating the need to use multiple dashboards and look at multiple locations.

Trend Vision One has saved us 80 percent of our time by constantly monitoring our environment and reducing our investigation time.

The automatic EDR system that notifies us when something is wrong is valuable.

The information captured by Trend Vision One needs to be more detailed.

I have been using Trend Vision One for two years.

Trend Vision One is stable and I would rate it ten out of ten.

Trend Vision One is scalable.

The technical support is good but 20 percent of the time the response is slow or they assume our issue is solved so they stop communicating with me.

Positive

The initial deployment is straightforward. We run the program and it deploys automatically.

We used a reseller for the implementation.

We have seen a return on investment.

The price for Trend Vision One is reasonable compared to Microsoft and Symantec.

I would rate Trend Vision One a nine out of ten.

We have Trend Vision One deployed across 250 endpoints.

Minimal maintenance is required.

I recommend Trend Vision One because it is easy to deploy and includes rich content. 

My primary use case for Trend Vision One is for application device control, web reputation services, and malware scanning, as well as providing a remote malware scan option. I also use it for log inspection and endpoint identification.

Trend Vision One helps save us time.

I am satisfied with the security Trend Vision One provides for our cloud environment. It effectively identifies threats by regularly inspecting logs to establish a baseline of normal operations and reports any detected anomalies on the console.

Trend Vision One offers good visibility and control over our environment, providing valuable telemetry into network traffic.

Trend Vision One offers comprehensive insights into our infrastructure, allowing me to identify unmonitored endpoints, such as those without the software installed, which I can then verify through the console.

Trend Vision One allowed us to consolidate the Apex One and Deep Security consoles, which were previously used separately in our on-premises environment.

Trend Vision One offers superior integrations, enhanced tool capabilities, and expanded solutions for network security, firewalls, and remote malware scanning. Its ability to identify unmonitored endpoints and perform log inspection, which establishes operational baselines and detects anomalies, proves invaluable for threat identification. The platform's comprehensive reporting capabilities further enhance its value in maintaining a secure environment.

Trend Micro could improve its support for non-third-party products and product integrations. Technical support in our region needs improvement.

I have been using Trend Vision One for approximately one year.

Trend Vision One effectively scales to accommodate our workloads.

Trend Micro's support is suboptimal in my region, likely due to proximity to their resources, favouring areas closer to the company. Consequently, we utilize local support providers who offer better service.

Neutral

The deployment usually takes an hour, more or less. Trend Vision One was easier to deploy than other tools when integrating with the cloud environment.

We have a local vendor that provides support.

Trend Vision One is cost-effective because it offers detailed reporting and environment control features.

I would rate Trend Vision One eight out of ten because every tool needs improvement. Trend Micro has some low-cost services and minor areas for improvement.

Trend Vision One provides regular updates according to customer needs.

I would recommend Trend Vision One. There is flexibility, and their credit system is quite effective.