Trend Vision One Reviews

We use Vision One together with the other products in the Trend Micro security stack, such as XDR, Site Management, and Apex One. 

Vision One has made our detection and response time much faster. We have 30-plus integrations, helping us to identify the most critical threats. The more connections, the better. We can also identify and resolve false positives faster. 

I like Vision One's workbench. It provides helpful logs that I can search, and the telemetry is excellent because I can see what's happening during an attack or potential attack.

Another one of my favorite features is attack surface risk management. It shows me faults and blind spots in my security. I also like the attack phase management. The model shows the risks in the corporation and provides considerable information about what is happening on the platform and the network, offering more visibility. There's also a risk index that shows me where I can improve my security. 

Vision One provides centralized visibility and management across multiple layers. This is critical because I need to see what's happening. It also allows me to set separate rules and policies for some security areas. 

Vision One's search could be improved. While the platform is very user-friendly, the search feature uses terms that aren't as intuitive. The automation is excellent, but I wish there were more templates to help me optimize more things. 

I have used Vision One for nearly a year.

I rate Vision One nine out of 10 for stability. It has only crashed once. 

I rate Trend Micro support six out of 10. They respond quickly but the answers aren't clear sometimes. They don't always understand the issue, so I need to explain a lot.

Neutral

I previously used the Microsoft 365 security stack, but I found Microsoft's XDR lacking. We also used Microsoft CASB and Defender for Endpoint. Vision One's threat intelligence and modeling are better. It has all the features like attack surface and risk management as well as the workbench. I also find Vision One easier to navigate. 

Vision One is easy to deploy. It's mostly automatic, but we needed to deploy some of the agents manually. If you can deploy all of the agents to the endpoints automatically, it takes only about five minutes. 

Vision One is expensive, but I think it's a typical market price. 

I rate Visione One nine out of 10. I recommend fully exploring Vision One's features. It has many features that you don't need to pay extra for. There are so many things to explore. For example, they have free playbooks for third-party integration.

Trend Vision One has advanced sensors that collect telemetry from various sources like endpoints, email, and network. Workbench then correlates data to provide visibility across the entire environment. If there is any virus in the environment, it correlates the information, shows where it started, who the user is, and how it traveled through the environment, thus providing complete visibility and infrastructure correlation.

Trend Vision One consolidates security and saves time.

Trend Vision One is a cybersecurity platform in which Trend Micro has integrated every kind of solution. You have an MDR solution. You have an email security solution. You have endpoint protection. You have server protection. You have EDR. You get everything in one console, whereas vendors like Kaspersky and CrowdStrike do not have only one console. With Trend Vision One, you get all the solutions in one web console or platform. 

It helps with faster response. You have telemetry from different sources, which makes it easy to do analysis and respond. Its automation capabilities help to isolate endpoints and respond. You can respond in multiple ways. You can revoke permissions or terminate any process. You can isolate an endpoint. You can run a script. You can automate in different ways and integrate scripts, playbooks, etc. It saves time.

Centralized visibility is valuable. We can view what kind of virus or threat exists, where it has traveled, and how it started. A security analyst can use just this one console to view all the information.

Another valuable feature is its automation capabilities, which help in responding to any kind of alert swiftly.

Currently, there is nothing specific that needs improvement. Their support is very cooperative, and they provide an educational portal for learning the solution. However, deployment could improve by considering customer environments that are not fully updated.

I have been working with Trend Vision One for the last six months.

When I contacted Trend Micro support, they were very cooperative and quick in resolving and remediating any issues. I would rate their support a nine out of ten.

Positive

I have worked with Kaspersky, which offered only a single solution and not a fully integrated console. Kaspersky had multiple options but did not provide the same level of centralized visibility as Trend Micro. Kaspersky has graphs for visibility whereas Trend Vision One has both graphs and Workbench. Workbench provides a wider overview, whereas, with Kaspersky, you can only see a sketch of where a virus started or where it ended. Trend Vision One tells you how and through which user a virus came into your environment and how it traveled through your infrastructure.

There is a big difference in the price. Trend Micro solutions are more expensive than others.

It can be a bit complex. Trend Micro has a requirement that endpoints should be fully updated. In customer environments that are not connected to the Internet, that can be an issue. Trend Vision One is a cloud platform. If the endpoints are not updated, you can have multiple errors when you deploy the agents. We find such issues in customer environments.

The initial deployment time depends on the infrastructure. It took us about a month to cover 1,000 endpoints and 200 servers.

Trend Micro solutions are very expensive compared to other solutions. Even though everything is in one console, each feature requires a separate license.

If you do not have any compliance regulations preventing you from using a single vendor, I recommend adopting Trend Micro's cybersecurity platform for full security coverage and reduced management time.

The Risk Index feature helps with the attack surface and risk management. It detects vulnerabilities in your environment and calculates the risk in your environment, but I have not yet used this feature.

When you deploy such a solution in your environment, there is always a huge amount of false positives. The false positive rate depends on how your security engineer has done the configuration. After some time, the false positive rate reduces. The reduction in the false positive rate depends on your infrastructure. If you have a huge infrastructure, it would take some time. It also depends on your security resources who work on this solution. If you have only one person, it can take about six months, but if you have a team of five security people, it would take about a month.

I would rate Trend Vision One a nine out of ten.

It offers very good ransomware protection. You have more visibility on the network.

It helps with compliance. We are also well-protected from ransomware and network attacks.

It's improved our organization in two ways: we can have more visibility and have more confidence in security. We also have better reporting for regulatory compliance. 

The endpoint protection is the most useful. It's powerful. I've faced issues with other products regarding ransomware; however, with Trend Micro, I have no fear of network attacks. I have experience with consistent protection. 

Customers have NDR and XDR protection, and it's very good for protection. There are also regulations within our country that require us to use XDR. 

The centralized visibility is good. It's great for the IT team as they have to export reports to management for compliance. It helps with reporting. It's essential. 

The centralized visibility and management across protection layers helped our efficiency. We have a limited number of security engineers. With Trend Micro and its centralized dashboard, it will show everything we've learned and reflect reporting on the dashboard and this helps when you have a limited amount of users. It simply reduces the number of people that need to be involved in the security effort. 

We use the executive dashboards on both sides. We can drill down on them right into XDR detection. It's essential when we have an incident. If we need to know more about the threat, we need to know where and how they are attacking. We can drill down and get forensic data. 

The solution's risk index feature is very good. It comes out of the box. Our customers can use it. 

The product has helped us decrease our time to detect and respond to threats. 

It took some time to realize the benefits, as we had some issues with support. It took us three to four months to realize its benefits. 

The support should be improved. 

We'd like to see deception features in the next release. It would help us to reduce false positive alerts. 

I've been using the solution for seven years now.

The stability is good overall. 

The solution is scalable. You simply need the resources on the VM, and you can easily change your license. 

We've had issues with support. Their services could be improved. 

Neutral

I have used Fidelis and found you can control the endpoints better. They also have a deception module, which is very powerful. You can manage your endpoints perfectly. It also offers very good network visibility. I use both products. It depends on the customer's needs and approach.

I observed the deployment process. 

We had issues. It should be straightforward; however, with a customer, we faced a problem with technical support. It took us almost eight months to deploy. They had issues with the installation on the endpoints and on the network side. We had a problem with a few things, including use cases. 

The plan was to deploy in two weeks, and yet it took almost eight months.

From the customer side, there were three engineers, and from Trend Micro, there were one or two engineers working on the solution.

Almost every two weeks, there are maintenance calls. The customer has three people handling maintenance duties. 

The solution was deployed by support. 

The pricing is average. The costs are acceptable. It's good for small or medium-sized businesses. 

I'm a partner. 

We're using the latest version of the solution. 

I'd rate the solution eight out of ten. 

For enterprise customers, I wouldn't recommend the solution. However, it's a good solution for small or medium customers. New users need to ensure they have the correct sizing and licensing. 

You need to talk to the right support engineers in order to have a smooth experience. 

We use FireEye, Microsoft Defender, and Trend Micro for our endpoint solutions. Trend Micro.

We implemented Trend Vision One because we have many production servers and wanted to secure all endpoints.

We are planning to move our XDR to the cloud, but all of our production servers are currently on-premises. 

Trend Vision One's ability to cover all our servers is important because we can detect and quarantine any vulnerabilities as well as block and isolate third-party applications from being installed on our servers.

The centralized visibility empowers us to monitor and manage all our servers from a single console. This includes generating reports, deploying security updates, and identifying offline or outdated servers.

The centralized visibility and management across protection layers have helped increase our efficiency. We receive alerts and make changes all from one place.

Trend Vision One helps us protect our servers, specifically our older servers that are not supported by Microsoft.

It has reduced our time to detect by 50 percent.

Trend Micro XDR has reduced the time spent on false positive alerts by up to 40 percent.

The zero-day vulnerability is valuable. As end users, we may not be aware of exploitations and Trend Micro makes suggestions to update to protect our endpoints from attack.

The automation capabilities on-premises could be improved, as we currently have to manually activate servers and push policies.

I would like the uninstall process of agents to require two-step verification.

I have been using Trend Vision One for ten months.

Trend Vision One is stable.

Trend Vision One is scalable.

The technical support is good but we sometimes face delays because they will only respond to our partner who then relays the information to us.

Positive

The migration from on-premises to the cloud allows us to access the cloud and on-premise servers from the cloud. The migration is not complicated but some rule-based ports require a lot of approvals and assistance from our network team.

The migration can be done in a few hours if all the ports are available.

Two people are required for the migration.

We used a third-party service from JVS for the migration.

I would rate Trend Vision One a nine out of ten.

For the on-premises deployment, maintenance is required because we have to manually check the connectivity of the agents. One person is required for the maintenance.

I recommend Trend Vision One, especially for older servers that are not supported by some other endpoint solutions.

It's a perfect tool for monitoring infrastructure, including endpoints, servers, and potential attacks via networks. That's especially true for internet-visible hosts, which we can monitor directly from the tool.

We had problems with users not using legitimate tools, such as pendrives. We needed to protect hosts from external threats and third-party actors. That included monitoring behavior, scanning our infrastructure, and exploitation of vulnerabilities.

The solution has enabled us to completely reorganize our work. I was the first person using this tool in our company, and I completely changed user behavior to become more restricted. In Poland, but also in the United States, we are very strict about abnormal usage of our tools or attempts to download tools that shouldn't be on desktops, laptops, or servers. From my point of view, we are now a completely different organization than when I joined it. Trend Micro is one of the most important security tools we have implemented.

We don't need to use an external vulnerability scanner because Trend Micro XDR has a module for that, and we can save that money.

Trend Micro's Managed XDR is quite nice because I can manage more than 2,000 endpoints. I use the playbooks with particular scenarios for incident management. It's a very nice tool. It competes with anyone on the market. Sometimes, when we detect some kind of threat and we have no idea how we should investigate, troubleshoot, or mitigate the risk, we use the managed service team with Trend Micro engineers. I'm very happy with this team. They are very good professionals.

We respond much faster thanks to the intelligence used by Trend Micro. They have very good knowledge because they have many threat sources. That is why we are reacting much faster than we would if we had to dig deeper without that knowledge and this tool. It would be absolutely impossible to manage this infrastructure by a single admin or even two security admins. We are able to detect and respond about 80 percent faster. It's not only the monitoring and alerting for classic signature threats; there is also a tool for monitoring user behavior. It would be utterly impossible to find abnormal user behavior without this type of tool.

And we have mitigated most of the false positives—more than 90 percent. About one out of 10 alerts may be a false positive. In the beginning, we had to learn about Trend Micro, what was a legitimate action and what was a suspicious or malicious action. We had to learn what the right approach was.

This product is simple to use. Sometimes, especially when new features come out, I need to spend a little bit of time discovering how they work. But overall, it's simple. The interface is quite nice.

The integration is also nice because there are many external tools that we can connect to the platform, such as configuration management tools. Because the platform is integrated, I can manage almost the whole company across our global organization. I can almost manage the infrastructure alone. We have minimized the need to expand our team.

It also handles vulnerability management.

We use Trend Micro to cover endpoint protection and server protection. That's one of the key points for our company. And Trend Micro Vision One absolutely gives us centralized visibility and management. Especially when we integrate it with Active Directory, we get full visibility of our endpoint and server infrastructure. That is very important; a 10 on a scale of one to 10.

We also use the solution's Executive Dashboards. We present the findings in steering committees periodically. Sometimes, there is a repetitive alert or event. Directly from this dashboard, I can see the groups of this type of event. For me, it's quite a nice tool for presenting the results to the C level and the whole company for those who are not technically experienced.

And especially because of the new European regulation called NIST 2, we are using the solution's Risk Index feature. We calculate our risk score and we can see how it is changing in the timeline. Is it growing? Is there a new vulnerability detected? We can also compare our risk score with organizations of the same size or in the same industry and see if we are better or worse.

The area for improvement is mobile security. We have just finished a proof of concept for Zero Trust Secure Access. We withdrew from this PoC because it does not have that many points for proxy across Europe. Our organization is across Europe, and it will be nice when it is possible to have Trend Micro proxies across many more countries. At this time, they are only located in Germany and the UK. For us, it's not enough. We are waiting for them to increase the points of contact, and after that, we will return to this project. 

From my experience, it was quite a nice tool, and I could manage almost all of the actions that I could not manage in a traditional way. Traditionally, I could allow or block usage of an application. But using the Zero Trust Secure Access tool, I could manage the schema of the usage. I will wait for this tool to change in the next few months.

I have been using Trend Micro XDR for almost 20 months.

It's a stable product. We haven't detected any issues other than the false positives, but that's normal.

We use it in multiple locations because our company is spread across Europe and Asia, as well as the United States and Canada. We have more than 2,000 users, and the solution covers 400 or 500 assets.

If our company were to increase over two to three months to 10,000 users, it would not be a problem. We have the ability to extend as we scale our users. It's very simple and absolutely flexible.

Their technical support is nice. On a scale of one to 10, it's a 10. They respond fast using email, phone, and the customer service portal.

Positive

I used competitors' tools, Secureworks, as well as Carbon Black. These are nice tools, but they are very heavy to implement and heavy on daily operations. Trend Micro is much better, much more flexible, and I have much more visibility. It is a cost- and time-saving tool.

Our deployment is a hybrid. We have advanced our implementation a lot. The first implementation was only one of the features called OfficeScan. That was a few years ago, and the implementation was in the United States. After that, we moved forward with the implementation across servers and endpoints, including Mac and Microsoft endpoints.

The whole project took about three months, with the custom discovery and the fine tuning. We had two people involved, one in Europe and one in the US.

Sometimes, maintenance is required if there is a new feature. It needs to be restarted. But this function is done by Trend Micro engineers because we are using the XDR in the cloud. We don't touch it. There is maintenance on our side for Deep Discovery because that part is an on-prem solution. But it's simple to manage.

They are implementing new tools, like Trend Micro Apex One and DDI. They are ready for implementation on the console, and we are waiting to transition to these tools.

For the new features, I prefer doing a proof of concept, like we did for the Zero Trust Secue Access platform. That was a good move because we saved time when it came to resolving issues on the user side. We had a few users in every department, and we tried to discover what would happen if we implemented this tool. That is my approach to being safe with such products. We can do things without any technical training and can disconnect users around the world using one switch. For new features, I'm a big fan of using a proof of concept.

We use the solution for event correlation.

We are deploying a server inside our network to use it as a data collector.

The solution provides all the information in only one dashboard. We have integrated with Lumen, NETSCOUT, and other MDM products such as Microsoft Intune and ManageEngine MDM. We have also integrated Chrome with VisionOne.

The login system could be improved. We must pass two different dashboards to log in to the solution. We have a second-factor authentication. We need to check the platform, which delays three or four minutes because of logging, checking email, and returning to the platform. If you multiply the entire team, we lose a lot of time daily.

I have been using Trend Vision One for two years.

I rate the solution’s stability an eight out of ten.

I rate the solution’s scalability a nine out of ten.

We have used Symantec before. We switched to Trend Vision because Symantec cut off support for Windows XP. We still have Windows XP in our environment.

The initial setup is easy because our assets are in interactive directory.

We’ve seen ROI because we controlled a malware attack in our network with Trend Micro two weeks ago.

We have tried other malware solutions. We chose Trend Vision because it supports Windows XP.

Overall, I rate the solution a nine out of ten.

Normally, we use the solution for day-to-day investigations. We get alerts when something is going on in the environment. Right now, we are using that tool for the asset management team to identify services or applications that are not allowed for governance and all of these purposes. In addition to that, we use it for isolating devices. We also have a service with them, an MDR service. They analyze information, and they do investigations for us as well.

Mainly, we were concerned with the visibility of the environment. We didn't have a tool that was able to allow us to see or have visibility of what the endpoints were doing on the servers in the environment. That was the main reason to adopt this solution - to have visibility on the environment as, in the past, we didn't have that capability.

The isolation of devices has been really important. We like all the attack surface-managed NPEs. It's helping us to identify devices and protect us on the network. That's in combination with third-party integrations as well. We have integrations that are helping us to identify devices using our vulnerability management services. It's scanning the network and it's sending all that data to VisionOne. With that information, we identify devices that are protected on the network and the environment.

The reports are a really good feature for showing results to upper management levels.

The search features help us try to correlate information and identify any suspicious activity. That's another feature that has been really important.

We are using it everywhere except for the network, so we don't have the network discovery service from Trend Micro. However, we have it on endpoint servers and email and also the cloud as well. We use cloud conformity to connect that piece.

Trend Micro has a feature called Vision One, that provides us with centralized visibility management across all protection levels. That's helping us to have a centralized view of the console. That's the main reason why we still have that product.

Centralized visibility is important. When we are doing investigations, we can do everything in one console instead of moving to different screens or different windows. The centralized visibility and management across these protection levels helped with our efficiency. It helps us to identify quicker, any potential threat, or any special activity.

They have this feature called Risk Index which I use sometimes to validate the level of rates we have. We don’t use it often - maybe once every one or two weeks. We use it to rank our security operations overall. Mostly, we just check it out of curiosity.

We use the Managed XDR service that they have. It relieves a lot of workload especially during investigations or interim reports about any particular activity - especially with the coverage after hours. It is helping us with the capability there. Also, if something really bad is happening, we have eyes watching all the activity, which is nice.

Using this Managed XDR service enables our team to work on other tasks - especially when we, in certain ways, allocate some of the investigation pieces. We basically create a request for them to investigate things, and that allows us to focus on other things to optimize our security toolset. That's really helpful.

We use the attack surface risk management capability they have. We use that heavily right now. It was a big use case in the past few months. We use it to identify multiple devices without protection, the applications that have been used by our users, and which ones are risky. We are using that on a regular basis. It's helped us identify blind spots and more assets. It's positively affected our security posture by improving a lot of our visibility.

XDR helped us decrease our time to detect or respond to threats. In the past, we didn't have that visibility. When we enabled that tool, at the beginning, it was a little bit noisy. That's something to be expected coming from a new tool. However, after testing through these years, things are improving, and now we can see better results, especially during investigation alerts.

The solution has helped us to reduce the amount of time we spend investigating false positive alerts. In the beginning, there was a large amount of false positives. Right now, we are day to day trying to reduce them. At this point, they are lower compared with the beginning of the implementation. Things are improving. We are reducing false positives as we go which is great.

We do use the automation capability a little. However, we noticed some limitations, especially on the playbook side. The API we use. We are integrating that with another product, a SOAR product. The playbooks are a little bit limited in what they can do at this point. Let's say that we want to connect on a specific API. The templates we cannot modify very well. When we noticed that limitation, we decided to go and use Trend Micro VisionOne API and connect it to other tools to develop that activity using another product.

Under attack surface management, when you go to the specific sites or applications that the users are accessing, the capability of downloading that report could be better. Let's say, as an example, we want to identify users using chatGPT, for example. We want to download that data through an API or through the GUI. Right now, it's not available as an option. Maybe having the capability of extracting data from VisionOne for specific areas of the tool could work. That's something that could be useful, especially if we want to generate that report and send it to specific teams. Often, we don't want to provide DX to all the people. Sometimes it's easier to just have that file and share that file with the people who need to have that information. 

I've been using the solution for around three years now. 

The stability is good. It's not very common to have any outages. Sometimes there may be a glitch, however, it's rare. Normally we have 95% stability.

The scalability is good, especially when we are talking about third-party integrations. We can have visibility and control of all different assets. So we can have good scalability and visibility and know more about the environment in places where we didn't have any idea things were happening. It's a SaaS tool, and we don't have to do any maintenance, and it's easy to deploy. It's pretty straightforward.

When we have specific issues or problems connecting some products we ask for support. They respond really fast. They always try to mitigate and resolve all the issues we have. If they cannot resolve the problem, they normally share some suggestions on how we can mitigate future problems.

Positive

We did not use other solutions, although we did use Apex One for a long time. We have also used an EDR product.

I was involved in the deployment. I was the one leading the data during the implementation. The process is pretty straightforward. It was a little tricky to reduce the false positive alerts, however, the portion of deploying to the environment and connecting the pieces was simple. 

From our side, we had three or four people involved in the implementation. 

We had some help with the deployment and we had some guidance in the beginning. We requested some support from our account manager.

The pricing is good if you look at all the compatibilities and features offered by the product. There are features that can increase the pricing. We can put some credits to some features, however, if we want to enable them. With the amount of credit we have, we are covered for all of our needs.

I'd rate the product eight out of ten.

It is a really good product and easy to deploy. They allow you to have more visibility on your environment, especially if you have any kind of XDR solution. It will increase the visibility of what's happening in the environment. Also, from the perspective of doing maintenance updates or patches, the cloud is the way to go. The product management team does a really good job of increasing the features, and they are listening really closely to what the customer needs via feedback. 

We primarily use the solution for the XDR.

We have integrated this with all of our endpoints. Basically, we are using it for incident response. We have a SOC team here, so we are using it in a SOC and the Workload solution. For two or three months, we have been migrating to Workload Security. It is mainly for incident response.

We are able to observe attack techniques and targeted attack detection. 

We need to explore more on it since it is still a new product for us. 

It is quite advanced, and it can help us protect our organization against threats. The targeted threat detection is great.

My understanding is the initial setup is pretty straightforward. 

The solution has been stable. 

We can scale the product as needed. 

Technical support is helpful.

It is easy to maintain. 

We'd like to see a few more integrations. Specifically, we'd like to see more IOC integration tools. 

We haven't implemented the automation piece just yet; however, we will go through that soon. We just need more time to see how it all works. 

I've been using the solution for six or seven months. 

This solution seems to be pretty stable so far. I haven't come across any issues. There are no bugs or glitches. It doesn't crash or freeze. 

The product is scalable. When we started, we had a few agents and very few endpoints. At this point, we've integrated with most of them. We haven't seen any issues as we've scaled up.

Support has been quite helpful overall. We've dealt with them multiple times, and they have always been helpful. We tend to get the help we need within two or three hours. They ask many questions and get down to solving the problem at hand. 

Positive

I also work with Microsoft Defender. 

We were using OfficeScan and ApexOne as well. 

We decided to work with this product as it had a good reputation.

While I wasn't directly involved with the setup, my understanding is it was straightforward. I do not recall hearing about any complexities coming up. The deployment itself took a few months.

In terms of maintenance, we do get hotfixes every once in a while. It's pretty simple to maintain. 

Trend Micros assisted our team with the setup process. However, it was mostly handled in-house. 

I can't speak to the exact cost.

I'm an end-user. We are using the latest version of the solution. 

The support is pretty good. It is really straightforward. It is very easy to understand, and therefore, I highly recommend the solution.

I'd rate the solution nine out of ten.