Trend Vision One Reviews

We use FireEye, Microsoft Defender, and Trend Micro for our endpoint solutions. Trend Micro.

We implemented Trend Vision One because we have many production servers and wanted to secure all endpoints.

We are planning to move our XDR to the cloud, but all of our production servers are currently on-premises. 

Trend Vision One's ability to cover all our servers is important because we can detect and quarantine any vulnerabilities as well as block and isolate third-party applications from being installed on our servers.

The centralized visibility empowers us to monitor and manage all our servers from a single console. This includes generating reports, deploying security updates, and identifying offline or outdated servers.

The centralized visibility and management across protection layers have helped increase our efficiency. We receive alerts and make changes all from one place.

Trend Vision One helps us protect our servers, specifically our older servers that are not supported by Microsoft.

It has reduced our time to detect by 50 percent.

Trend Micro XDR has reduced the time spent on false positive alerts by up to 40 percent.

The zero-day vulnerability is valuable. As end users, we may not be aware of exploitations and Trend Micro makes suggestions to update to protect our endpoints from attack.

The automation capabilities on-premises could be improved, as we currently have to manually activate servers and push policies.

I would like the uninstall process of agents to require two-step verification.

I have been using Trend Vision One for ten months.

Trend Vision One is stable.

Trend Vision One is scalable.

The technical support is good but we sometimes face delays because they will only respond to our partner who then relays the information to us.

Positive

The migration from on-premises to the cloud allows us to access the cloud and on-premise servers from the cloud. The migration is not complicated but some rule-based ports require a lot of approvals and assistance from our network team.

The migration can be done in a few hours if all the ports are available.

Two people are required for the migration.

We used a third-party service from JVS for the migration.

I would rate Trend Vision One a nine out of ten.

For the on-premises deployment, maintenance is required because we have to manually check the connectivity of the agents. One person is required for the maintenance.

I recommend Trend Vision One, especially for older servers that are not supported by some other endpoint solutions.

Trend Micro XDR is utilized for security management, and we apply it to our email, network, and endpoints.

Trend Micro XDR is based on its proprietary cloud.

Trend Micro provides us with centralized visibility and management across protection layers, which are important to our organization.

The centralized visibility and management across both layers improve our efficiency by offering central security without the need for extensive management or fine-tuning. Trend Micro is also comprehensive and user-friendly. We have confidence in the results.

The risk index provides us with insights into potentially vulnerable areas or aspects that we may need to double-check to ensure everything is working as expected. In other words, it's a useful tool to obtain a quick overview of parts that could be more exposed to risks and other potential issues.

Trend Micro helps reduce our MTTD and MTTR.

Trend Micro presents results in a comprehensive and easy-to-read manner, which helps reduce the time we spend investigating false positive alerts.

We utilize Trend Micro's automation capabilities for alerting and categorizing emails into specific categories based on their risk level.

Trend Micro XDR is a comprehensive solution that is not overly complex to use or manage. The security results have been quite good.

I would like to have more integration with mobile device management.

I have been using Trend Micro XDR for three years.

Trend Micro XDR is stable.

Trend Micro XDR is scalable. As a small company, the licenses we have are sufficient to meet our needs.

The technical support team is excellent, and they were able to answer our questions to our satisfaction.

Positive

The deployment did not appear to be complex, but it was managed by Pro-Axis, who utilized a large workforce to ensure the swift completion of the deployment.

We engaged an external partner named Pro-Axis to assist us with migrating from Trend Micro on-premises to Trend Micro XDR. Their services were excellent, and we did not encounter any unexpected issues. We were fully satisfied with the migration process as Pro-Axis promptly restored our services.

The pricing is competitive, and the cost aligns with the features we receive. The license fee covers all of our needs.

I give Trend Micro XDR a nine out of ten.

We were initially using Trend Micro on-premises and then expanded our usage by implementing XDR. We were satisfied with the solution and its features, so we made the decision to stick with Trend Micro.

A small team is required for maintenance, which will not impose a significant burden on our IT team.

Our entire organization uses the solution.

I suggest trying out the trial of Trend Micro XDR to assess its suitability for their environment. It can be a good solution for small or medium-sized organizations, but keep in mind that everyone has their own specific requirements.

We use Trend Vision One for real-time analysis and monitoring to identify the root cause of security incidents. This includes finding details like how the attack unfolded, user names involved, IP addresses associated with the attack, and the affected systems and devices. By analyzing this information, we can map out the entire attack flow chart.

The network coverage provided by Trend Vision One is important.

Trend Vision One is an XDR tool so it is important for us that it provides centralized visibility and management across protection layers.

Centralized visibility and management across protection layers enable real-time monitoring, which improves our efficiency.

While the Trend Micro Vision One executive dashboard provides a valuable overview, the ability to drill down from that level into the XDR detections is crucial. During a real-time attack, this drill-down functionality is essential for identifying the root cause, prioritizing the threat type, and ultimately finding an effective solution.

Trend Micro Vision One's greatest strength lies in its real-time monitoring and analysis capabilities. This allows for the seamless blocking of malicious URLs and attacks.

The managed XDR has saved us time allowing us to focus on other tasks.

The managed XDR helps us detect and respond to threats in under five minutes. It will display all the details in a single, unified view, including any alerts, trends, usernames, and everything else relevant. By simply looking at the tag data, we can get a complete analysis. This eliminates the need to switch between different screens and saves us significant time. For example, if we see a flag, we can immediately understand its meaning and the associated location without having to search for it elsewhere. Having all this information on a single page is a huge time saver.

Trend Vision One helps reduce the time we spend investigating false positives. The more we familiarize ourselves with the tool the easier it becomes identifying false positives. The time saved by identifying false positives depends on the type of alert. In some cases, we only deal with simple attacks, such as brute-force password attempts, followed by alerts for unusual login failures. These are common attack methods. We can then determine if the user was trying a different password, mistyped their password, or there's a mismatch. In such cases, identifying a false positive can be relatively quick, taking only one to two minutes. 

I appreciate the value of real-time activity monitoring. It provides accurate data, giving us a clear picture of what's happening, including who attempted an attack, their location, and any other details we need to mitigate the threat.

While blocking an IP address restricts access for 30 days, it eventually becomes accessible again. For true permanence, blocked IPs need to be transferred to a dedicated storage solution. However, this storage has limited capacity. To accommodate new blocked IPs, we must remove existing ones, creating a disadvantage that has room for improvement.

I have been using Trend Vision One for over 1 year.

Trend Vision One is stable.

Trend Vision One is scalable.

We previously used Palo Alto's Cortex XDR. However, we switched to Trend Micro Vision One because it's more user-friendly. Trend Micro's interface allows us to better understand the features and processes, enabling us to achieve the desired results more easily. Cortex XDR, on the other hand, was more complex to navigate.

The solution has delivered a return on investment through time savings.

I would rate Trend Vision One 9 out of 10.

Maintenance is required but it is easy to do.

I would recommend Trend Vision One to others. I suggest completing training before using the solution.

It offers very good ransomware protection. You have more visibility on the network.

It helps with compliance. We are also well-protected from ransomware and network attacks.

It's improved our organization in two ways: we can have more visibility and have more confidence in security. We also have better reporting for regulatory compliance. 

The endpoint protection is the most useful. It's powerful. I've faced issues with other products regarding ransomware; however, with Trend Micro, I have no fear of network attacks. I have experience with consistent protection. 

Customers have NDR and XDR protection, and it's very good for protection. There are also regulations within our country that require us to use XDR. 

The centralized visibility is good. It's great for the IT team as they have to export reports to management for compliance. It helps with reporting. It's essential. 

The centralized visibility and management across protection layers helped our efficiency. We have a limited number of security engineers. With Trend Micro and its centralized dashboard, it will show everything we've learned and reflect reporting on the dashboard and this helps when you have a limited amount of users. It simply reduces the number of people that need to be involved in the security effort. 

We use the executive dashboards on both sides. We can drill down on them right into XDR detection. It's essential when we have an incident. If we need to know more about the threat, we need to know where and how they are attacking. We can drill down and get forensic data. 

The solution's risk index feature is very good. It comes out of the box. Our customers can use it. 

The product has helped us decrease our time to detect and respond to threats. 

It took some time to realize the benefits, as we had some issues with support. It took us three to four months to realize its benefits. 

The support should be improved. 

We'd like to see deception features in the next release. It would help us to reduce false positive alerts. 

I've been using the solution for seven years now.

The stability is good overall. 

The solution is scalable. You simply need the resources on the VM, and you can easily change your license. 

We've had issues with support. Their services could be improved. 

Neutral

I have used Fidelis and found you can control the endpoints better. They also have a deception module, which is very powerful. You can manage your endpoints perfectly. It also offers very good network visibility. I use both products. It depends on the customer's needs and approach.

I observed the deployment process. 

We had issues. It should be straightforward; however, with a customer, we faced a problem with technical support. It took us almost eight months to deploy. They had issues with the installation on the endpoints and on the network side. We had a problem with a few things, including use cases. 

The plan was to deploy in two weeks, and yet it took almost eight months.

From the customer side, there were three engineers, and from Trend Micro, there were one or two engineers working on the solution.

Almost every two weeks, there are maintenance calls. The customer has three people handling maintenance duties. 

The solution was deployed by support. 

The pricing is average. The costs are acceptable. It's good for small or medium-sized businesses. 

I'm a partner. 

We're using the latest version of the solution. 

I'd rate the solution eight out of ten. 

For enterprise customers, I wouldn't recommend the solution. However, it's a good solution for small or medium customers. New users need to ensure they have the correct sizing and licensing. 

You need to talk to the right support engineers in order to have a smooth experience. 

We had a SIEM in place, but we wanted to do some behavioral analysis of the files that are getting deployed. We wanted to check to ensure that it was nothing with the external registration side. We needed an EDR solution for checking and monitoring everything deployed on this target machine or our host machine site. It will check and detect if any malicious files are there or not. We are getting alerts related to that kind of thing. So we used to check those alerts on the XDR, and we used to, like, do the incident and response to that kind of thing there.

If you have a SIEM in place, you will only get the network logs. XDR gives you more control over what files are getting deployed, how they are being executed, and how they can potentially harm your system. XDR doesn't work like a normal antivirus solution, which uses signatures to detect and block threats. XDR detects based on behavioral analysis and blocks most things.

It reduces the investigation time because it gives you everything, including how the file was executed, which processes it called, the file name, the stemming, and the time. When we have the endpoint name, we can reach out directly to the endpoint owners and communicate with them regarding those alerts.

I like XDR's workbench feature and observed attack technique. It generates an alert once certain conditions are met. For example, let's say there's a threat called malicious.exe being deployed on your system. It will generate an alert with information like the file path, location, hash, etc. You also see a relational matrix showing how that file was executed and which processes were installed.

It's a SaaS solution that covers endpoints, email, and cloud. We have agents installed wherever data is being pushed, so it used to give us a payload. Cloud functionality is one of the most critical things because we don't generally have visibility for cloud applications. Once we install the agents, we gain visibility into all the things integrated on the cloud or any SSH attempts.

XDR offers visibility across layers. This is critical when you want to implement some policies and apply exclusions for particular parts of the system that should not get scanned. It's easy to implement those things. Let's say you want to deploy policies for multiple systems. Using Apex Central, you can directly push the policy to various systems and cover the logs of several systems at a time. 

Sometimes, there are some false positives. For example, once a user had a file in their system named recovery.txt. The solution was flagging that as a ransom note, so we were confused. It isn't that serious, but it should be improved. 

Also, XDR should improve its coverage of the latest IOCs. Their suspicious object management works, but the coverage should be improved. It will take one or two months to get those things covered. XDR will detect on a behavioral basis, but these databases will not get updated daily like some other solutions. If you're dealing with new ransomware or malware, it may take around a month before it's covered by Trend Micro. 

I have used XDR for two years.

Trend Micro XDR is stable. We've never had downtime. 

Trend Micro XDR is scalable if you can pay more for licenses. 

I rate Trend Micro support seven out of 10. Their technical support is good. They reply regarding your cases. However, if you don't reply to them properly, they may close your case if you are not reviewing that kind of thing. 

Neutral

 I previously used Crowdstrike, which is an MDR, so it was totally managed by the Crowdstrike team. They were monitoring every alert that was generated, so it's hard to compare it to Trend Micro XDR. It was somewhat similar, but CrowdStrike is more proactive than Trend Micro, and it has greater coverage of IOCs. I have also used SentinelOne.

It's a SaaS solution deployed across multiple locations covering 20,000 endpoints. It doesn't require any maintenance aside from updates. 

I rate Trend Micro XDR seven out of 10. If you plan to implement XDR you should be aware of the IOC coverage and follow up with the Trend Micro team. Most things are covered, but it takes time to add and deploy all that stuff. 

Currently, our company uses the solution solely to monitor our servers for intrusions and other security-related issues.

I will have to have a look at my end to be able to explain the features that I find most valuable about the solution.

A room for improvement is Trend Micro XDR's website. It's a very complicated website since finding the right point one wants to see is difficult.

I have been using Trend Micro XDR for a year now. Also, I am a customer using the solution.

It is a stable product. It works very well.

Presently, we have 150 users in our company using the solution. Even if the number of users were to increase in my company, it would still work the same.

Initially, while using the solution in a company, we faced some issues. Our company did help us to resolve these issues.

Since another company carried out the initial setup process, my company did not find it complicated.

The solution is currently deployed on-premises, but we are planning a move to the cloud. We have a plan to conduct a POC for Trend Micro XDR on the cloud shortly.

The pricing of the solution is okay. There is a need for me to look into the new pricing plan introduced by the solution recently.

I would tell those planning to use the solution that they need to consider using it. I rate the overall product an eight out of ten.

I was team lead with incident responses and incident management. We used the solution for that.

We were already using Trend Micro endpoint, NGAV by Trend Micro, and we got that upgraded to the XDR version. There was not much of a change after that. The only good thing about upgrading to XDR from NGAV was, having those real-time logs and network activities in front of us.

My reviews with Trend Micro are somewhere average. I won't rate it as an excellent tool or utter nonsense. I won't rate the two extremes, however, I would say it's in between them. It was mostly fine.

XDR provided a much more deep view into what is actually happening.

The rest of the features were pretty simple. There's nothing glamorous about them, however, it works. Nothing much really stood out amongst what the others were giving and what Trend Micro was giving. They are all pretty typical.

The dashboard was pretty easy to navigate. It was pretty convenient and user-friendly.

Results were delayed. We had all the logs in our hands. We were pretty quick in giving out the results and coming up with a conclusion. Trend Micro was pretty delayed on that front, however.

Their turnaround time or the response to their MDR services was slow. While doing POC, we did MDR as well. They could improve the response time on that. That was my view back then, as it used to take a lot of time to get that case generated, get that case analyzed. In the end, we were more interested in the responses from the actual human analysts. Instead of having a machine-generated thing, we were banking on understanding how an incident is treated and how a response is being given. For us, for example, we were able to do our analysis and come to the same conclusion maybe four or five hours before we received Trend Micro's report. Almost all the results were identical.

There was one feature called Sandbox that I wanted to try on, however, at that time, they had not released it yet. 

Since last August, I have been working with another organization, so I am not sure how Trend Micro has developed within the last ten months.

I was never able to test the live response feature, wherein I could take access, remote access of the infected system, and send some commands to kill the processes, or maybe to grab the artifacts, to triage the artifact. By the time it came online, I was moving to another organization.

We'd like a bit of freedom or flexibility on the portal. If I'm the end-user, and I see something bad which might not be bad from Trend Micro's perspective, however, for my organization, was an abnormal activity.

Executing things via PsExec might be something that is normal for some organizations, however, for my organization, it is a highly suspicious thing. If I want to investigate that, having the flexibility for me to investigate it in a deeper sense would be ideal.

That was something that was not possible at that time. I don't know if they have given more freedom to Trend Micro admins. 

We'd love more flexibility in terms of implementing some of the configurations, estate-wise. That is something that I would have loved to see in Trend Micro.

I used the solution for a month and a half, maybe. Or six weeks.

The response time, the analysis, or the human part was something which was requiring improvement. From the tool perspective, there were a lot of things that were to be released at the time I was using it.

We used to see those on the dashboard. For example, the sandbox. They had a sandbox, just like what CrowdStrike does where you can have a license for the sandbox. You can run those EXEs or whatever files, or malicious artifacts through those sandboxes and get a result.

That was something that was under development, though it was being displayed on the dashboard as "coming soon". There were a lot of features that were to be implemented. It was notified to the end-user as "Okay, that these features are coming in, and we are not sure how long it will take." 

The trend lines were pretty extensive - like a year or maybe seven months, eight months. Those were the timelines for the actual deployment of those features into the dashboard. Therefore, it's hard to speak to the stability of the product.

The scalability is good. It was just a matter of installing the agent, which was pretty easy to deploy via a group update. Scalability was not an issue. The more licenses we purchased, the more systems we could get coverage upon.

There were endpoints plus servers covered. 

We were heavily dependent on them. The reason was, that we had Trend Micro NGAV and we upgraded to Trend Micro XDR. 

Their technical support isn't that great. 

I used to speak with their CSMs quite frequently. They used to take a lot of feedback from us, asking about how things were, as their detection improvement was something which, also we were part of, not directly, however, we had one more team who used to do VAPT.

We used to post those results and say, "Okay, this is what we did. We did not get any alerts from you. We did not get any communications from you. What if this was an active hands-on keyboard activity and we were under attack?" They used to take that feedback. They used to get it implemented. Detection was then pushed in. They were in that development phase. I am not sure how well they are doing right now.

Negative

I've worked with CrowdStrike and Sophos and they provide a much better way to handle things than Trend Micro.

We never had any other tools or other antiviruses, other EDR solutions, that were playing any roles in the infrastructure. We only had ESET, and we were phasing those ESET servers out to Trend Micro. The only tool that we worked on, or XDR that we worked on, was Trend Micro.

The initial setup was pretty straightforward. They had given us one file which we could push through group policy updates. It was implemented throughout the organization. Implementing was pretty easy and it was pretty lightweight.

I was happy about that as it was not a resource-hungry agent which was running in the background, and we could not kill it, we could not limit it. Typically, XDR agents can be a bit resource-hungry, however, this one from Trend Micro was very light. 

I'm not sure how long the deployment itself took.

Our IT team was pretty huge. It was around 30 odd people who used to work on it, however, I'm not sure how many of them were dedicated to working on Trend Micro for maintenance.

We had our internal IT team who we used to do the installation.

The company I worked for did not lose its money as Trend Micro was a low-cost tool. The features which we were getting were justified by the cost. It was not too costly to have those features.

I'm not sure of the exact price, although it is moderate. I'd rate it 3.5 out of five in terms of affordability.

You could get new features with an added cost per license, or it used to be bulk. Having that modularity helped in choosing and protecting our systems, and keeping the cost down. That modularity helped us in the beginning.

We also evaluated CrowdStrike with Trend Micro. CrowdStrike was phenomenal. I have all the good answers for them. If I have to rate them, I will rate each feature four out of five and above since they were that good.

CrowdStrike was too costly for our organization to have, as we had started building the Infosec inside, having Infosec in-house. Previously, it was outsourced.  I was the first person who was enrolled for Infosec.

I was an end-user.

I'm not sure which version we were using it. 

The solution was on the cloud. We were discussing having it on-prem, however, the cloud made much more sense for such a small organization rather than utilizing the resources on-site.

I'd rate the solution six out of ten.

We use the solution for event correlation.

We are deploying a server inside our network to use it as a data collector.

The solution provides all the information in only one dashboard. We have integrated with Lumen, NETSCOUT, and other MDM products such as Microsoft Intune and ManageEngine MDM. We have also integrated Chrome with VisionOne.

The login system could be improved. We must pass two different dashboards to log in to the solution. We have a second-factor authentication. We need to check the platform, which delays three or four minutes because of logging, checking email, and returning to the platform. If you multiply the entire team, we lose a lot of time daily.

I have been using Trend Vision One for two years.

I rate the solution’s stability an eight out of ten.

I rate the solution’s scalability a nine out of ten.

We have used Symantec before. We switched to Trend Vision because Symantec cut off support for Windows XP. We still have Windows XP in our environment.

The initial setup is easy because our assets are in interactive directory.

We’ve seen ROI because we controlled a malware attack in our network with Trend Micro two weeks ago.

We have tried other malware solutions. We chose Trend Vision because it supports Windows XP.

Overall, I rate the solution a nine out of ten.