What needs improvement with Trend Micro Deep Security?

New patterns need improvement, as some new data access points are challenging to investigate and allow entry without detection. Improving this area and providing complete visibility would be beneficial.

Personally, I would like them to separate their products into different categories, rather than putting everything in one box.

The tool needs to be made more user-friendly. The dashboard is there, but the solution's false positives are a bit higher.

The solution's reports should include more details of events like device control, live health status of the server, and inventory management.

In our company's infrastructure, we have not faced any challenges with the product. Considering the lack of issues or challenges faced with the use of the product in our company's environment, I feel that it is a good solution. Sometimes, the product is not very stable, but it is something that depends on the infrastructure in which the tool is used. The aforementioned area can be considered for improvement. If Trend Micro Deep Security wants to implement some new features in it, then I would say that it should focus from a networking point of view and see how to control network traffic specifically coming from external to internal traffic on the servers.

In an older version of Trend Micro Deep Security, our company faced issues syncing the active directory accounts. Anytime we revert to the support team of the solution, they always propose to update the Deep Security Manager to resolve every issue, which is an ineffective approach. I believe the support team should be more proactive in providing effective options or guidance to resolve issues around the product. Although in our company, we try to add exclusions and troubleshoot for real-time monitoring and upgrade the version, there are clients who consume a lot of memory; on average, 30% of memory remains occupied. The solution's memory consumption impacts certain aspects of the client's infrastructure. Even after whitelisting one of our company's port scanning servers or tools, the IPS activity continuously monitors and sends false positive alerts, we haven't found a solution to this over the past four months. Trend Micro Deep Security should have a lab-type environment where the solutions for every issue can be found through simulation. Trend Micro Deep Security is looked upon as a new-generation antivirus that is used on the server end. In future versions of the solution, I would prefer the upgrade process to be simpler than on Linux; the upgrade is a lengthy but easy process. Our company expects the tool's upgrade process to be lighter over the Linux platform, similar to its offering for the Windows platform.

The workloads must be better.

There is room for improvement in Trend Micro Deep Security, particularly in endpoint security. Enhancements in agent performance are needed, specifically in reducing server utilization during scanning. This improvement would contribute to increased efficiency and lower operational costs, ensuring a smoother and more responsive system.

They should include WAF modules in the product. There should be signature-based advanced and responsive features.

We are not very happy with Trend Micro Deep Security since it is not able to detect many viruses and bugs. We are looking for an alternate solution. The tool lacks proper detection capabilities. Trend Micro Deep Security should know how to work along with Microsoft Defender in a passive mode. These two are major improvements. On the cloud version, Trend Micro Deep Security Scanner has to improve on the signature part of analyzing the latest threat.

In the solution, servers often go offline for various reasons, requiring us to manually check the cause or issue, such as connectivity issues, and to find out why the agent went offline. The aforementioned details are to be considered for improvement in the solution. I would like the solution to improve its stability and ability to go online and offline.

The tool should integrate SIM functionality. It should also improve customer support.

I've not worked with CrowdStrike Falcon, but one of our customers also had CrowdStrike Falcon on some of the devices. I was only supporting Trend Micro. They had a ransomware attack, but Trend Micro didn't detect that particular ransomware attack, whereas CrowdStrike did. I was not a big fan of CrowdStrike till then, but when I saw that Trend Micro couldn't detect that particular attack but CrowdStrike could, my opinion changed. All the servers with Trend Micro were impacted, but all the devices on which CrowdStrike agents were running weren't impacted. CrowdStrike detected and blocked the attack immediately. From that perspective, I have high regard for CrowdStrike because the role of an EDR is to detect and respond immediately and block an attack. Containment is the first priority. Trend Micro can give numerous ifs and buts about why it couldn't detect that attack, and even though I'm a fan of Trend Micro and have extensive experience with Trend Micro Deep Security and Trend Micro Apex One, in that particular instance, CrowdStrike literally beat Trend Micro. A disadvantage of Trend Micro as compared to CrowdStrike is that it doesn't work well with other solutions. If you have McAfee for anti-malware and IPS and the firewall of Trend Micro, they don't go very well. I had challenges deploying it with Carbon Black as well as McAfee and Symantec. It's because of the way Trend Micro works. It integrates with the NIC driver, so if two agents are running, it doesn't work well because they both want to integrate with the NIC driver.

There is room for improvement with Trend Micro Deep Security, as there are instances where installations may need to be redone. There seem to be glitches when working with older Windows servers, such as those from 2003 or 2005, requiring us to uninstall and reinstall the product to resolve the issue.

We'd like to have more application control. It would help us block things more strategically. Support could be faster.

We couldn't make the necessary modifications to the solution. We want to see improved authentication. We want to improve the interaction, and we want to get more notifications from the security service.

The pricing is a bit expensive. If they want to target SMBs, small enterprises, and small networks, then they need to reduce their prices. It would be better if they merge a few features into one product. For example, they have an encryption feature that is separately sold. If they could merge it with Apex One or any endpoint security solution, maybe it would also be good for the end user.

They are working to improve the solution. For example, nowadays, they're offering cloud based EDR which addresses a lot of this scalability challenges like storage requirements, et cetera. We'd like to see extended capacity in the on-premises versions. They recently put out some more additions which I have yet to explore. They've already addressed a lot of previous concerns. We'd like the cloud model to have better pricing.

It would help if they would reduce the price.

I would like to see XDR features and endpoint sensors become available.

Their support should be improved. We need support in the UAE, but it is always going to some other country or region, and the time schedule is not suitable for us.

What this product lacks at this stage is the ability to have automated workbooks to do the response. At this stage, the response is more manual, and it is not automated. If there is a response functionality in Deep Security, similar to what we have in EDR these days, to automatically respond to some of the threats, it would be cool. So, we'd like to have an automated response. There should be a response functionality.

Some of the reporting and integrations could be more robust.

Deep Security's reporting functionality could be improved.

Deep Security's biggest shortcoming is its reporting.

It should have XDR and EDR integration. It would be nice if they can tie it up with an XDR or EDR. Its price is also quite high. It is more expensive than other products for patching. So, it would be nice if they lower its price.

I would like to see better pricing. The pricing could be lower.

The cost is very high. it would be ideal if they would work on the pricing. Technical support could be much better. The product should be able to host a vulnerability scanner. Right now, we need to pay extra. It would be ideal if they could do a vulnerability scan of my endpoints.

The main drawback is that it's complicated. With Trend Micro solutions, everything is complicated. Deep Security has its own management console, and every product in Trend Micro has its own management console. Everything is siloed. Now, they are trying now to connect everything inside the main control management or reporting console, however, it's still not a central management console. It makes for a lot of work when applying policies and security solutions. The product isn't very user-friendly. It's a bit old-fashioned in its design and approach. While, for example, McAfee might have a new version every two months, Trend Micro might not release a new version for two years. While it's very stable, it could be a bit too long in-between versions. It would be ideal if the solution communicated better with other security solutions from other brands. This is an issue. They need to open up their API or give access, or exchange information with other security products so that everything can communicate together, learn from each other, and block malicious threats better.

There should be more tools to trace back. Some sort of module needs to be included to attach all the things. It should be more stable, and the traceback feature should be improved. There were cases when we got virtual analyzer or CMC errors. We got false-positive malware notifications, but we couldn't trace them. I raised a case with Trend Micro two or three times, but they couldn't resolve it. Their support should be improved in terms of technical abilities to troubleshoot complex issues. They should be more knowledgeable.

The licensing structure could improve.

The biggest drawback with Trend Micro is even when it is connected to the server, it will show as offline. Another issue is, if I want to suggest this solution to a customer, we won't get the pricing immediately, which is a major problem. I would like to see cloud-based integration.

I would like to see an EDR function for the servers, as that would be useful for us. Detection and Response directly to the servers.

An additional feature that should be included in the next release is the ability to scan more document types.

One problem with this kind of products is scaling. If you go on large sites you have to have an external database, which would increase the overall solution cost. The solution offers many features aside from antimalware, lile Host FE and IDS/IPS, File integrity monitoring and so on, but if you use it to protect deliering agents on hosts you'd better verify the amount of host resources (ram) utilized by DS agent itself.

This is a very good tool but I don't find it to be a particularly user friendly solution, a lot of trouble shooting is required. I believe it needs simplification, without that they will run into continual problems. For now the solution requires spending a lot of time on module issues and anti-malware modules. We also have issues with scaling and this area could be improved. Adding one additional end point means you need to re-input all the other end points. If you have 1,000 users, that is not possible in real time. Each time we deploy new managers we need to connect with all endpoints and they need to be re-entered.

They need to build in a central console because central integration is not very good right now. I have four locations and I need to log in to each location's portal to look at it. That is a very big job and I would like to have a consolidated report for all of them. We would like to see the advanced threat protection (ATP) built-in, without having to use another product.

The situation with the currency in Turkey makes this solution a little bit on the expensive side, and if it were lowered then it would be more competitive.

As for what could be improved, I think it should come with an XDR facility without any extra cost. They're always releasing new features, but we need to pay extra for them. Our management is a little conservative about paying for new features. So if they're upgrading something or coming out with a new technology, they should provide it to the existing users. Recently, I attended a webinar that XDR gave about their new threat finding features and we have not received them yet. They are not giving it to existing customers. They are only offering it for purchase. It is for threat forensic reports. I'm not asking for free, since we are already paying. Whenever they come out with a new thing, they should integrate it with the existing product. That is my opinion. Additionally, we need a complete web reputation. We need to be able to do forensics for any incoming threat, to find details of the source of the threat, and to catch the '"enemy."

The client can show as offline sometimes, and that becomes a bit difficult for troubleshooting. We end up basically redeploying the client. This is something that could be improved in the future. It would be helpful if they added more machine learning into the solution in the future.

Some areas for improvement are: * There are new additions to the standard product that should be included with the Deep Security version. * When implementing this solution, sometimes we have challenges with SQL migration. * Some of our customers complain about the cost of this solution. * I would like to see an AI component added to the next release of this solution. * The agent-based version has performance issues and they have to make it more lightweight. * The forensic analysis capability needs to be improved.

The support for email protection can be improved.

The training needs improvement. It is expensive (classroom training), and it is often hard to find answers by yourself using the documentation. I would like them to add EDR features, moving away from traditional signature-based anti-malware.

It needs better global visibility of the virtual environment. I would like more security tools which could fit into a DevOps environment.

If I had more reporting, the product would be an A plus. Reporting is the one thing that we are sort of missing, especially with more log information.

It needs to improve its integration with a lot of other products. This should be in the road map because we have a lot of SaaS-based appliances which are not connected with each other. Thus, I'm looking forward to more integrations coming together as a part of the product. Going forward, I would like to have more APIs and integration with more application monitoring intelligence platforms.

I know that they are working on it, but their automation needs improvement. I would also like to see more containerization stuff, specifically Docker.

Trend Micro is not government certified or federal complaint. If they could become compliant/certified, this would make it easier for us to use it for our government projects.

The initial setup needs improvement. Once it is set up, the configuration is relatively simple. However, the initial setup was a bit of a challenge.

I'm currently evaluating TippingPoint. Trend Micro is still working on building tight integration with TippingPoint being a recent acquisition from a few years ago. So, a Tipping Point integration with Deep Security, having one single pane of glass dashboard, would provide us a simple use case.

AWS products could become more compatible with intrusion detection products leveraging help from Trend Micro.

The working interface and the reports for non-technical people could use improvement. They are a bit scary.

Reports. The default reports provided don't provide much insight.

I'd like to have the ability to manage heterogenous clouds so that, for example, AWS and Microsoft are protected with the same security patterns. It already does that, but I think they may have rolled it back recently. Also, it has great IDS/IPS built in, but I'd like a way to visualize the traffic. This way, there's more of an artistic view of security and the ability to ask question about the data. That would be really beneficial.