What is your primary use case for Trend Micro XDR?

As a cybersecurity analyst at a managed security service provider, I use Trend Vision One for two of my clients. My primary use cases involve standard XDR functions, such as anomaly monitoring, alert analysis, and incident response. To streamline these processes, I've configured automated response playbooks within Trend Vision One. The insights provided by the platform, mainly through the Workbench and Observe Auto module, are invaluable for understanding my clients' environments and identifying vulnerabilities that need to be addressed. I work with clients across various industries, including education and power. My education client utilizes Trend Vision One for specific security needs, while my power industry client, an electricity board, has a comprehensive Trend Micro solution in place, including Vision One, Apex One, and Deep Security Manager. With Vision One, I've successfully detected and addressed numerous web attacks, malware attacks, and unauthorized access attempts on production servers in the education sector. For the power client, the solution has effectively detected and blocked multiple ransomware attacks. These are common occurrences and demonstrate the value of Trend Micro's security solutions. We use Trend Vision One on all endpoints in two scenarios. For one client with on-premises servers and endpoints, we use Trend Vision One as a comprehensive solution. For another client in the education sector, we use Trend Micro Deep Security Management alongside the Vision One XDR platform on their cloud-based Linux servers.

We use Vision One XDR to provide managed security services to our clients by correlating logs from various Trend Micro products like Apex One, Cloud One, and Deep Security. Vision One acts as a central monitoring platform, providing a single pane of glass view of our clients' security posture. This simplifies monitoring and allows us to easily create playbooks and analyze alerts. While our EDR solutions, Apex One, Cloud One, and Deep Security provide robust security features like anti-malware, web reputation, and intrusion prevention, Vision One enhances this by correlating logs and leveraging threat intelligence to identify incidents missed by these individual products. Essentially, Vision One functions like a level three SOC analyst, providing an additional layer of protection and ensuring comprehensive security coverage.

I use the solution primarily for EDR. The top challenges in our industry are the accuracy of the detections and the visibility of alerts and events. We are accessing it via the cloud, and we are monitoring the endpoints and cloud servers.

Our primary use case is protecting our environment from malicious threats with antivirus protection. Additionally, we utilize Trend Vision One for its integrated solution, providing comprehensive visibility across the entire environment. The organization implemented Trend Vision One to support best practices.

Trend Vision One has advanced sensors that collect telemetry from various sources like endpoints, email, and network. Workbench then correlates data to provide visibility across the entire environment. If there is any virus in the environment, it correlates the information, shows where it started, who the user is, and how it traveled through the environment, thus providing complete visibility and infrastructure correlation.

We use Trend Vision One for the XDR and we absolutely love it, especially the full visibility into protected assets. It's incredibly easy to identify weaknesses across systems and manage any outdated software or areas needing attention directly within the user interface. Previously, we juggled multiple dashboards, but the new version has streamlined everything into a single, unified dashboard. This has significantly simplified our workflow and improved manageability. In essence, we can now manage multiple products seamlessly within the same Vision dashboard, which is a considerable improvement over the previous system. This year has brought significant and positive changes to our workflow. We use XDR across Office 365 in the cloud and on-premises environments to safeguard our assets. This includes protecting our server environment, workstations, and Virtual Desktop Infrastructure, ensuring comprehensive endpoint security. Our deployment utilizes a hybrid model, making agent deployment incredibly simple. We employ several different deployment methods: on-premise deployment through Active Directory and utilizing various tools. In case a system leaves the network for any reason, we have third-party solutions in place. We have multiple RMM solutions that can be rapidly deployed in these packages. For example, I've recently observed systems being spun up and sent home before antivirus protection was activated. We still have the opportunity to deploy these solutions in the cloud automatically. So, we have a few ways to work around this and deploy those agents, making it easy to deploy either on-premise or in the cloud. We can address several scenarios and push out to those endpoints.

We use Vision One XDR for our endpoint security. Our company has nearly 4,000 users. We have endpoint cybersecurity agents for which we can use XDR. Trend Micro has multiple subscription licenses for individual Vision One components. There are also licenses for XDR for endpoints. We have adopted four packages from Trend Micro: endpoints, workload security, mobile security, and email security gateway.

Its main purpose is orchestration where I have full visibility into all the different Trend Micro products I use, and it is all centralized in a single dashboard. There is ease of use with this centralized dashboard. With this centralized management, I can dive into technicalities, and I am able to do all my workbench investigations. It is quite clear, and I do not have to sift through different logs. It makes our work so easy when we need to respond to or remediate a particular issue. The main problem that we wanted to solve by implementing Trend Vision One was the blindspots. We tend to focus on endpoints, but we forget IoT devices such as printers and CCTV cameras. This is where we had serious blind spots simply because these devices do not have an operating system. For us, it was just about eliminating these blind spots. That was our number one focus.

We use Vision One to detect to detect and respond to malware incidents. With endpoints (Apex One/Cloud One Workload Security), network (Deep Discovery Inspector) and Office365 (Cloud Email and Collaboration Security). The environment is complex, distributed in more than +100 locations. Some locations are just offices, some others are industrial facilities with ICS and SCADA. Besides Windows, we deal with a lot of operating systems, including Solaris on SPARC. And our users are diverse, with lots of employees roaming around the country. With ASRM, we tackle important use cases around identity protection and risk management in general. Identification, prioritization, and remediation.

I primarily use the solution to prevent attacks.

We rely on Trend Micro Vision One as our Extended Detection and Response platform, leveraging its capabilities for endpoint detection and response across our entire IT environment.

We use Vision One together with the other products in the Trend Micro security stack, such as XDR, Site Management, and Apex One.

We use Trend Vision One for real-time analysis and monitoring to identify the root cause of security incidents. This includes finding details like how the attack unfolded, user names involved, IP addresses associated with the attack, and the affected systems and devices. By analyzing this information, we can map out the entire attack flow chart.

We were using Symantec before, and with the coming of EDRs in the market, we were looking for a solution. We wanted a defense system so that if there is an attack on the system, such as an endpoint is infected or the attacker or a known technique for ransomware is moving laterally, I do not need to go to the firewall team. I do not need to go to other teams to find out. I should have enough intel at that very stage to contain it if possible.

We use Trend Vision One for our endpoint detection and antivirus solution. The endpoint agents are deployed locally on our computers and the centralized controller is in the cloud.

We use FireEye, Microsoft Defender, and Trend Micro for our endpoint solutions. Trend Micro. We implemented Trend Vision One because we have many production servers and wanted to secure all endpoints. We are planning to move our XDR to the cloud, but all of our production servers are currently on-premises.

It offers very good ransomware protection. You have more visibility on the network.

We use the solution for event correlation.

I work with it as a third party in other companies. I installed XDR in other companies. And then, I help them understand the tool, help them with developing the necessary use cases, and understand, for example, how to do a threat intel, how to do a threat investigation, and stuff like that. Sometimes, I work with it as well by implementing it and actively using it in the customer's environment.

We have deployed Trend Micro XDR on all our endpoints. It is deployed as an agent because we are using Trend Micro Apex, the antivirus agent, and the SaaS agent. This means that we receive notifications from XDR for any suspicious activity related to endpoints. For example, if a user connects to a suspicious website, XDR should alert us based on our rules. It can also generate alerts for malicious Windows activities. In addition to deploying XDR on our endpoints, we have connected Vision One XDR to our Office 365 email platform. This allows XDR to read incoming emails. We can then configure rules to remove emails from mailboxes if they have certain properties or are particularly suspicious. We have also connected XDR to our Azure platform, which is our user authentication platform. XDR can monitor for risky user sign-ins, such as sign-ins from unusual locations. If it detects any risk, it will notify us. Finally, we have integrated XDR with a third-party tool to receive indicators of compromise. When we receive an IOC, Vision One will automatically run a check in our environment to see if any endpoints have been compromised. It will also check to see if any emails have been sent from any of the senders in the IOC listing. If it finds any matches, it will notify us. We can also configure playbooks to automatically take action when XDR detects a threat. For example, we could configure a playbook to force a user to reset their password or isolate an endpoint from the network. We are using the Trend Micro Vision One XDR agent. This agent component is installed on all of our endpoints, including servers, workstations, desktops, and any other computer elements. Vision One also has an API-based element, which we have connected to our email system, such as Azure.

We had a SIEM in place, but we wanted to do some behavioral analysis of the files that are getting deployed. We wanted to check to ensure that it was nothing with the external registration side. We needed an EDR solution for checking and monitoring everything deployed on this target machine or our host machine site. It will check and detect if any malicious files are there or not. We are getting alerts related to that kind of thing. So we used to check those alerts on the XDR, and we used to, like, do the incident and response to that kind of thing there.

We use Trend Micro XDR for endpoint detection, endpoint user protection, and virtual security.

We use Trend Micro XDR for rapid response to end-user computing and security concerns. As a health system, one of our core challenges is ensuring full visibility into our attack surface. We have many thousands of endpoints and end users that must be properly secured and protected. Our primary use case was to improve visibility, and response time, and reduce complexity. That is why we chose Trend Micro XDR. Trend Micro XDR is deployed on Trend Micro's private cloud.

Normally, we use the solution for day-to-day investigations. We get alerts when something is going on in the environment. Right now, we are using that tool for the asset management team to identify services or applications that are not allowed for governance and all of these purposes. In addition to that, we use it for isolating devices. We also have a service with them, an MDR service. They analyze information, and they do investigations for us as well.

Trend Micro XDR is utilized for security management, and we apply it to our email, network, and endpoints. Trend Micro XDR is based on its proprietary cloud.

I use Trend Micro XDR to centrally visualize threats and have a single-pane-of-glass view of my security posture. In a single console, I can have visibility of all the security threats that occur in each of my Trend Micro Security consoles.

The solution is used to secure our servers and server endpoints and acts as cloud security. It protects us and acts as an antivirus, antimalware, and web protector.

We're primarily using the solution for endpoints, for EDR. It's for server protection. Weve created a customer license portal and create policies around data loss and antivirus.

I can use it for security. I can check for malicious mail. I can check the logs and working sessions.

Basically, you use it to check the complete telemetry for the endpoints, cloud network, and email solutions. If you integrate this product with your endpoints and on a third product that is available. It can completely share the telemetry of that. Trend Micro will apply the AI and ML of that. On that, we will get the Workbench. Therefore, it is just helping us to check the attack factor, et cetera, in detail, in a complete view in one single platform.

We primarily use the solution for the XDR. We have integrated this with all of our endpoints. Basically, we are using it for incident response. We have a SOC team here, so we are using it in a SOC and the Workload solution. For two or three months, we have been migrating to Workload Security. It is mainly for incident response.

We primarily use the solution as security against ransomware as ransomware now has become the biggest threat for our customers.

I was team lead with incident responses and incident management. We used the solution for that.

We are currently still in the implementation phase. However, we do look forward to the telemetric report provided by Trend Micro XDR.

Trend Micro XDR is useful for more extensive networks, and it's cost-effective for networks with over 500 or 1000 users.

We have about three clients who are running Trend Micro XDR. It can be deployed on-premises, in the cloud, or wherever you want. As an endpoint detection and response solution, it is used to identify attack points that reach even beyond the individual endpoints, such as the network environment itself.

Everybody is working from home, so we wanted to ensure that there was an additional layer of security put into every end product. Since we were using the Trend Micro antivirus and antimalware, we wanted to upgrade it with the XDR as well. We did that about nine months ago.

It is for endpoint protection. It is essentially a modern updated version of antivirus that has more heuristic and behavioral detection components. We are using its latest version. In terms of deployment, it is a combination of cloud and on-premises. There is a local install on the endpoints, but it is controlled through a cloud interface.

It is used for protection and tracking back an attack. It can be deployed on-prem or on the cloud.