We use Trend Vision One for the XDR and we absolutely love it, especially the full visibility into protected assets. It's incredibly easy to identify weaknesses across systems and manage any outdated software or areas needing attention directly within the user interface. Previously, we juggled multiple dashboards, but the new version has streamlined everything into a single, unified dashboard. This has significantly simplified our workflow and improved manageability. In essence, we can now manage multiple products seamlessly within the same Vision dashboard, which is a considerable improvement over the previous system. This year has brought significant and positive changes to our workflow.

We use XDR across Office 365 in the cloud and on-premises environments to safeguard our assets. This includes protecting our server environment, workstations, and Virtual Desktop Infrastructure, ensuring comprehensive endpoint security.

Our deployment utilizes a hybrid model, making agent deployment incredibly simple. We employ several different deployment methods: on-premise deployment through Active Directory and utilizing various tools. In case a system leaves the network for any reason, we have third-party solutions in place. We have multiple RMM solutions that can be rapidly deployed in these packages. For example, I've recently observed systems being spun up and sent home before antivirus protection was activated. We still have the opportunity to deploy these solutions in the cloud automatically. So, we have a few ways to work around this and deploy those agents, making it easy to deploy either on-premise or in the cloud. We can address several scenarios and push out to those endpoints.

Coverage is extremely important. We want to ensure visibility into all assets across the network, whether it's a workstation within the office or someone working remotely. This visibility is crucial even when they're outside the network or using cloud-based software, especially since we have no on-premise infrastructure. With the rise of remote work, having this extra visibility into devices, whether at home or abroad, is invaluable. We appreciate the ability to see what's happening on any asset, regardless of its location. This allows us to monitor running processes, identify vulnerabilities, and push necessary updates, ensuring we maintain connectivity and security no matter where devices are operating.

Trend Vision One offers us comprehensive visibility within a single dashboard, which is crucial since we manage numerous other products and security solutions with various dashboards. The simplicity and centralized visibility provided by Trend Vision One significantly streamline our operations. Managing a multitude of security products across our environment necessitates consolidated visibility to minimize back-and-forth navigation. Having all the necessary information in one place is essential for us.

We use executive dashboards to generate weekly or monthly reports that provide a risk score index. This index helps us identify areas needing attention and understand the teams' focus. We then share this information with IT senior management. In addition to our reporting, we receive a monthly report that allows us to compare our current status to the previous month's and highlight new challenges, team weaknesses, and ongoing efforts. This comprehensive view enables the executive team to monitor the team's continuous progress.

We utilize the risk index feature to monitor and mitigate potential environmental risks. One example of this is how we proactively worked to reduce the risk index score of a recently acquired company. Their antivirus product was expiring, so we opted to purchase additional licenses for our existing Trend Apex One product suite instead of renewing it. However, this integration significantly increased the risk index score due to numerous previously unmanaged devices on their network. To address this, we systematically worked through the risk index list, identifying outdated software and determining if it was still in use or could be safely removed. By leveraging the risk index in this way, we successfully lowered the score and ensured the secure integration of the newly acquired company into our environment.

It took some time to fine-tune Trend Vision One before realizing its benefits. A significant concern was integrating it into our virtual environment, a complex process. However, we gained significant visibility once set up in our VDI, leading to further adjustments. We fine-tuned the environment, removing unnecessary elements, which is especially crucial for our non-persistent VDI, where VMs reset if anything goes down. Through these tweaks, performance improved, and the extra visibility provided by Vision One highlighted areas needing attention, allowing us to optimize the environment gradually.

We use Trend Vision One within Azure, expanding its monitoring capabilities to both on-premises and cloud assets, including Active Directory, which is synchronized from our on-premises environment. This hybrid setup covers assets locally and in the cloud, including Office 365, and Trend Vision One effectively manages security across this environment. It has simplified the process, particularly for virtual environments, providing enhanced visibility and flexibility compared to previous products. The additional visibility has been invaluable, enabling us to address previously undetected vulnerabilities and mitigate risks.

During XDR and managed services pen testing exercises, we identified some weaknesses. They were able to automatically crack some accounts. As soon as one system was breached, the managed services team contacted us, escalating until they got a response. We could see their process in action - their steps and what they did in the backend. We provided them with details about the events and the ongoing pen test. It was an excellent test to see that the managed services worked as intended. There was a breach; they asked if we were aware and stated they would isolate the device if we weren't. We acknowledged we knew about the ongoing pen test. Throughout these exercises, they reached out immediately, demonstrating their focus on alerts, their process for triaging them, and their communication with clients.

The attack surface is directly related to exposure and risk. Any identified vulnerabilities, such as outdated software like older versions of Office or Google Chrome products, are flagged immediately. We use third-party solutions to address these issues across all workstations. Whenever we detect internal or internet-facing exposure, we prioritize remediation based on criticality. External-facing vulnerabilities are patched first, as they pose a greater risk than those affecting only internal assets. We rely heavily on exposure risk and risk index to determine priority and ensure the most critical vulnerabilities are addressed first. This helps us identify blind spots in our environment. Take the new acquisition as an example; many devices were unprotected and lacked crucial Windows updates. Numerous products and workstations required immediate attention. Security wasn't the initial priority, so we addressed that and ensured it became one. We implemented numerous changes with acquisitions to align them with our security standards.

Trend Vision One has significantly reduced our mean time to detect and respond to threats by 60 percent. It centralizes all information, enabling us to identify and address vulnerabilities quickly. For example, if we discover multiple devices running an outdated version of Office 2013 missing patches, we can easily compile a list of those devices and share it with the responsible team for remediation. This visibility allows us to proactively address weaknesses across the network, such as deploying updates or the latest release of third-party software to mitigate risks. Trend Vision One has been instrumental in enhancing our overall security posture.

The managed services significantly reduced the time we spent investigating false positive alerts. In uncertain scenarios, we consult the managed services team. If unsure about anything, we use the AI companion for questions. If we encounter an unfamiliar flag or event, we research it independently and involve the managed services team's professionals for deeper investigation.

We have implemented some automation but haven't fully explored its capabilities. We have a few playbooks for tasks like blocking user access based on IP addresses or email content. Since we use Office 365 in the cloud, there's also a lot of automation for handling incoming emails, such as blocking and sending alerts. While we've used playbooks to a limited extent, there's potential for further automation, and we plan to explore this further.

The most significant recent change has been the addition of the new AI companion. This feature has proven invaluable, especially when integrating with third-party products or resetting the dashboard, as it provides detailed step-by-step guidance. In fact, we were able to resolve all issues independently, without needing to contact support, thanks to the AI companion's comprehensive answers.

The only downside to Trend Vision One is its complexity. It's a comprehensive product covering a lot of ground, which can be a little intimidating initially. The user interface, in particular, can take some time to get used to, with menus that could be better organized and a dashboard that could be more user-friendly. Due to the sheer complexity of the product, navigating and familiarizing oneself with the environment requires some effort. While the initial learning curve might be steep, the product's vast capabilities justify the time investment.

I have been using Trend Vision One for two and a half years.

I would rate the stability of Trend Vision One nine out of ten. I haven't experienced any crashes or issues in the last few years since we started using the product. While there are occasional upgrades and minor changes that require adjustments, the overall stability is excellent. We have no complaints, especially considering the VDI environment, our primary focus, has been running seamlessly. The lightweight agent minimizes resource usage, further contributing to smooth performance.

I would rate the scalability of Trend Vision One nine out of ten. We successfully scaled it up by adding approximately 250 workstations and deployed the product within a week. We replaced their previous product, scripted everything, integrated it into their on-premise servers, and deployed the agents. The 250 additional assets were integrated within two or three days, providing complete visibility in the dashboard. The team then took over and identified any weaknesses. In summary, scaling up and adding 250 workstations was easy to implement.

The technical support and service are excellent. After our new acquisition, we encountered a few issues that we hadn't seen in our environment compared to theirs. Through troubleshooting, we determined that the problems weren't caused by the product itself but rather by corruption in specific systems. We systematically worked through the other products, disabling them one by one. The troubleshooting experience was excellent, and we reached a resolution within a couple of days of contacting support. They were very professional and provided direct answers, resulting in the issues being resolved correctly and in a timely manner.

In the past, we have used a few different products, including Sophos and Cylance, which we have used for the past couple of years. We also used Trend's older products, like OfficeScan, about eight or nine years ago. We eventually moved away from those products due to their lack of AI capabilities. After trying other products, we returned to Trend with Apex One and Vision One. We've been happy with the product, and its virtual environment capabilities were a major factor for us. Trend has consistently been the best performing product for us, so we decided to continue using their products with Trend Vision One.

The initial deployment was straightforward. We leveraged our existing products to force and uninstall the previous product, opting for a custom scripting approach rather than standard GPOs or internal solutions. This allowed us to uninstall the old package and ensure the new installation was reflected in the dashboard, streamlining the process and enabling us to proceed seamlessly to the next phase. Overall, the deployment was straightforward from our perspective.

We deployed Trend Vision One during COVID, which took approximately one and a half weeks because the server side required additional fine-tuning for all the exclusions.

We implemented the solution in-house. We repeatedly reached out to obtain basic information and guidelines on the VDI component and the virtual environment, specifically regarding steps for managing the virtual environment when closing a gold image and imaging numerous workstations with a single image. Due to the complexities involved, we requested documentation. However, our internal team completed the entire deployment with limited support from their support team, following the provided instructions.

The pricing is fair compared to other solutions. It's within the price range we're looking at for a single endpoint, and fair pricing is important to us.

I would rate Trend Vision One nine out of ten.

The Trend Vision team handles all maintenance on the SaaS backend. Internally, we only need to update the VDI environment occasionally because it's a non-persistent VDI, meaning it's locked down and reverts to its previous state upon reboot. We periodically open the gold images to perform maintenance, update signatures, and force program upgrades, but this is only a monthly task. So, we spend minimal time managing the solution.

Before implementing Trend Vision One, ensure you gather comprehensive documentation. Adhering to the guidelines will streamline setup, and any queries can be resolved using the efficient AI companion. Users can pose questions or access documentation directly from the Trend website. Initially, focus on familiarizing yourself with the dashboard, risk indexing, and the executive dashboard. Explore the product, ask questions, and continue experimenting and seeking assistance once deployed. The process is straightforward once you've had the opportunity to explore the system thoroughly. The primary challenge is becoming comfortable with the interface and navigating its features effectively.

We use Vision One XDR for our endpoint security. Our company has nearly 4,000 users. We have endpoint cybersecurity agents for which we can use XDR.
Trend Micro has multiple subscription licenses for individual Vision One components. There are also licenses for XDR for endpoints. We have adopted four packages from Trend Micro: endpoints, workload security, mobile security, and email security gateway.

We didn't realize the benefits immediately after deploying the solution, but we saw results quickly. When you install Vision One, the policies are set to the default setting. It scans your machines, and you get alerts if someone is attacking, there's a vulnerability that must be patched, or there's a Trend vulnerability you're patching somewhere.

It has reduced our detection time. The detection is quite fast, but the response at the SOC level might take time. Vision One can be used to conduct analysis first. It reduces the investigation time because Trend Micro has an advantage in Pakistan. They have local technical resources deployed here. Organizations can get heavy false positives, but Trend Micro can help you define the policies accurately.

Our primary focus is DLP, and Vision One has solid DLP features. We also use URL filtering and device blocking, and there's telemetry for identifying exploitable vulnerabilities.

It offers us centralized visibility. That's the advantage of Vision One's unified platform with data lake capabilities. They pull telemetry data from the endpoints, network devices, and cross-layered architecture, and Vision One performs filtering and analysis.

Additionally, Trend Micro can integrate third-party tools, such as Fortinet, Cisco, or any other vendor's firewall, to get the logs and alerts from them. Vision One is much more capable in that way.

Having that centralized visibility has improved our efficiency. The organization has multiple tools segregated into separate windows that give you a particular type of visibility. Multiple SOC team members can view the same window. The beauty of Trend Micro is its ability to integrate all of the systems in one cloud platform, right, in terms of Vision One. From your workbench, you can easily monitor and centrally manage alerts. My SOC team is happy with it.

The risk index feature is a rich view that rates any alert on a scale of 1 to 100 and classifies it as internal or external. Few OEMs can provide that sort of capability. The index ratings provide a window into device health and how alerts can be resolved.

The attack surface management is a fantastic feature with a proactive approach. Normally, organizations do pen testing quarterly or once a year, but attack server management proactively checks user authentication or changes in your environment.

Vision One's functional capabilities are excellent, but the platform can be upgraded and simplified in many ways. We use multiple playbooks to automate many things, but I'm not sure there are mature cybersecurity applications. There are several external alerts, and their behavior changes daily, so I'm not sure automation can help you that much. We're using the playbooks, but it might require some improvement.

We have used Vision One for two and a half years.

I rate Trend Micro support eight out of 10. They stick to the SLA and respond on time. They are cooperative and supportive. I'm very satisfied.

We have evaluated multiple vendors, and Trend Micro is among the best. You cannot have a typical apples-to-apple comparison. There are a lot of things which we need to compare. Other tools may not be at the network level or have the third-party integration that Vision One has.

Deploying Vision One is easy. You can deploy it with a few clicks and configure the policies or use the default ones. It's flexible and user-friendly, and there are no headaches. The deployment time depends on your environment. If you have thousands of endpoints, it takes some time, but it's just a few minutes if you have a couple.

Trend Micro is pricey, but it has more capabilities than a standard XDR, so the customers consider it reasonable. The market has accepted it. Trend Micro has a 64 percent share.

I rate Trend Vision One nine out of 10.

We use Vision One to detect to detect and respond to malware incidents. With endpoints (Apex One/Cloud One Workload Security), network (Deep Discovery Inspector) and Office365 (Cloud Email and Collaboration Security).

The environment is complex, distributed in more than +100 locations. Some locations are just offices, some others are industrial facilities with ICS and SCADA. Besides Windows, we deal with a lot of operating systems, including Solaris on SPARC. And our users are diverse, with lots of employees roaming around the country.

With CREM, we tackle important use cases around identity protection and risk management in general. Identification, prioritization, and remediation.

The full stack of Vision One has delivered what "SIEM 2.0" couldn't deliver. The capability to monitor threats and discover attack vectors before they are exploited and across all our workspace (on-prem, IaaS, PaaS and SaaS). We have invested well over a million into SIEM during the last decade. A full ArcSight upgrade and then a Splunk migration assisted with a large MSSP. Vision One is still ahead at a fraction of the cost.

Going through a capable, single-vendor solution was necessary, given our small team. Choosing the best solutions for every task and building all the integrations was not an option.

Vision One is much more than just EDR for us; it is a threat intelligence platform and a SOAR too. And even with the limited capabilities in this area, we find ways to tackle challenges our MSSP and SOC haven't been able to accomplish on a very large budget.

I like everything. The most valuable feature is how the stack fully integrates all components of a solution. Then, integrations with third parties will be provided.

As an example, I am capable of sending a suspicious file directly to my Deep Discovery Analyzer appliance (a sandbox) while investigating a suspicious download/file interaction, and I can then quickly push the IOCs in the suspicious object lists to protect both managed endpoints, and the rest of the network too! Yes, you can push domains and IP addresses to Palo Alto through a Trend Micro Service Gateway, ensuring you can protect even what cannot receive an endpoint. And all this without writing a single line of code. The ease of use and ease of deployment for use cases like this are my favourite features.

The SOAR features (Security Playbooks) are quite limited. At the moment, it is impossible to execute a simple piece of Python code that would pull or push something to an API, for example. While you can tackle some use cases, a SOAR from another vendor is still a must-have.

To assist with complex use case integrations, having all the data from the SIEM inside XDR would be great, too. That's where the market is moving with solutions like Falcon Logscale and Cortex XSIAM. Pivoting from XDR to Splunk or vice-versa can be time-consuming during incidents.

I was actually an early beta tester of the Apex One Endpoint Sensor before Vision One appeared in 2021. That would be three solid years of using it.

Quite reliable. In the last three years, only one incident created memory leaks on Windows Servers. We didn't see too much impact (fortunately) as a workaround could be quickly provided.

Support is quite responsive when something does work well. However, we do pay for Premium support.

The scalability is really good.

My experience is generally good, but I have had the chance to deal with premium support. I'd say I get the support I expect for the price that I pay.

Although we have been dealing with other security vendors (McAfee, Symantec, Proofpoint, and more), Vision One was really our first EDR.

The initial setup was a breeze. It is realistically one of the strong points of the solution.

We implemented the solution in-house. Although with premium support, you do get a lot of help from Trend Micro if you ask for it. You'll be able to talk to actual experts.

It is very hard to quantify an ROI on a security product. It doesn't generate revenues, and you can't quantify the cost of incidents that didn't happen.

Product names are changing all the time. Lots of changes in the last three years. They introduced the concept of credits, too, which did not make anything easier.

It's also easy to underestimate the credits required with Cloud Email and Collaboration Security: people invited from third-party tenants will count.

The credit usage and allocation tool has been improving, at least.

We had a look at Carbon Black and CrowdStrike Falcon.

It's probably the best solution for a small team that cannot absorb the complexity of a multivendor solution. The ability to execute VS the cost is surprisingly good.

Trend Vision One functions as our XDR solution. I spend considerable time within it conducting reconnaissance on any security incidents requiring investigation. This tool allows me to quickly search for information that might be difficult to locate using our other tools.

We implemented Trend Vision One to improve our security posture by creating multiple layers of protection. This tool addresses security gaps our existing solutions, like Defender, may miss, providing deeper insights into potential threats.

We have implemented the product on both our cloud environment and endpoints. While we utilize a different Trend product for email, we also leverage Trend for this purpose. Trend's complete coverage is invaluable, as it centralizes data that would otherwise be difficult to locate, and its robust search function has been instrumental in our decision to continue using the platform. Although our organization is always exploring alternatives, the all-in-one nature of this solution has proven highly effective for our needs.

Vision One offers centralized oversight and control across our protective layers. It provides valuable insights into our various Trend applications, though its visibility into other layers is understandably limited. This limitation isn't a concern at this time.

Vision One has significantly improved our efficiency. For example, we recently faced a critical situation where a rule change on a client-server posed a potential security breach. Using Vision One, we quickly identified the employee responsible for the shift and resolved the incident without an extensive investigation. This would have been highly challenging without the tool, as determining the culprit would have been much more difficult.

We've been using the risk index feature to try to chip away at the risks within the environment and identify the vulnerabilities that need to be prioritized because that's been one area that has been more invisible to us with the other tools.

Vision One offers a valuable new perspective on our risk profile. While we receive reports from other tools like Nexus IQ, Vision One's unique risk classification and ranking system allows us to prioritize issues differently. This enables more informed decision-making as we can identify risks that other tools might underestimate. We've fully leveraged Vision One's benefits since our team's formation over two years ago. Though the tool existed previously, its impact was limited due to the absence of a dedicated team focused on its utilization.

It's able to detect things that other tools don't detect. We use a layered approach, so those tools have found stuff it hasn't detected. But that's to be expected. That's the goal of using the layered approach to it. But it's helpful because it catches things we might have been unaware of. Additionally, it might rank things differently than the other tools, and that's the same for this piece. And that can be very helpful for us to catch things we might have otherwise missed because it gives us that extra detail.

Trend Micro XDR has significantly reduced the time needed to detect and respond to threats. It offers capabilities that other security solutions lack, enabling us to address challenges innovatively. Additionally, built-in features such as insights and endpoint protection provide valuable tools that enhance our security posture compared to other systems.

Despite having a fifteen-year career in cybersecurity, I joined this role with limited hands-on experience. However, I quickly became proficient with Trend Vision One through self-directed learning, and my team soon recognized my expertise in the tool, making it a positive experience overall.

The Workbench feature is fantastic. It is so helpful to have something that pulls all the data into one visual representation of the events.

Vision One generates numerous false positives, forcing unnecessary investigations and highlighting a need for improved filtering options. A recurring false positive in our environment cannot be safely filtered, preventing us from ignoring it without risking overlooking genuine threats. This issue arises from a script that renames computers, which behaves suspiciously like malware but lacks a unique identifier within Trend for precise filtering. We cannot exclude the entire script due to potential exploitation by attackers who could embed malicious code within it, bypassing our security measures. While this scenario requires a targeted attack, the sensitive nature of our client's data, including threats from nation-state actors, necessitates a cautious approach to avoid compromising our security posture.

We want the ability to download and inspect emails from clients' mailboxes. Microsoft's platform supports this functionality, and we possess the necessary license. However, some clients lack the required license, prompting us to recommend Trend. If we could directly access and inspect client emails, it would eliminate the need to sell additional licenses to those clients, streamlining the process.

I have been using Trend Vision One for over two years.

Trend Vision One is stable.

As we've added employees and removed employees and added servers and removed servers, I haven't had to think about the scalability of Vision One. It has been very smooth.

We had a script that was not right and kept triggering false positives. I had reached out for help with that. The help I got took a lot of time to get responses. And in the end, they closed out the ticket I had opened without resolving it. I also found the communication experience to be rather frustrating. My biggest complaint about my experience with Trend has been the support. There's a lot of good to be said, but there's room for improvement in the support. The people were very polite, so I'm not giving them a five because that goes a long way for me. Having support that is snippy makes the experience significantly worse. So, I am grateful for that part.

We used a Microsoft XDR in conjunction with Trend Vision One. The main pros for Vision One are that the interface is typically a lot easier and a lot less confusing.

The overall experience of the interface is a lot more positive. The details I can pull out of Trend are much better than I can typically pull out from Microsoft. I'm able to get results that Microsoft doesn't seem to gather. The cons are that it's in such flux right now because they're moving all their other products into the Vision One console, which can sometimes make it a bit confusing.

It can also mean that we're unable to access the tools we previously did as rapidly. For example, many of the Apex One stuff is now within Vision One. So we had to relearn how to do that, which cost us time during security incidents. And Microsoft does change things, but they typically change things by adding extra bloat. So that ends up being a con for Trend compared to Microsoft.

While I cannot confirm the specific return on investment for Vision One without firsthand data, I expect it to be positive, given our organization's tendency to quickly discontinue partnerships that fail to deliver value.

I would rate Trend Vision One eight out of ten. There is room for improvement, but with the tools I've used, Vision One is one of the better.

I don't do much regarding the maintenance of Trend Vision One, but I also know that because I get emails about stuff that goes down, it's relatively low maintenance compared to other tools.

We have Trend Vision One deployed across multiple locations internationally. Because the number fluctuates, we have roughly 1,500 to 2,000 users at any given time. Three people on our network team use Vision One. We have also used Trend products, other than Vision One, for a couple of our clients, which would expand those numbers significantly.

My experience with Trend Vision One has taught me many valuable details, and I strongly recommend that new users carefully review the provided documentation.

I primarily use the solution to prevent attacks.

It's good for detecting malware and anomalies. We use it on our endpoints.

The user interface is very good. Everything is all on one single platform.

With this product, we get centralized visibility and management across all of our protection layers. With a central platform, we don't have to look around across different websites or platforms. We can go right on the portal and manage things. It also helps us reduce the learning curve. We can manage and monitor products from the same place instead of learning different platforms. It's also helped us increase efficiency.

We have made use of the executive dashboard. It greatly increased visibility. We get a risk management view and metrics that help us narrow down and find issues. It helps us reduce risks. The risk index feature gives us a score to help us in our security goals. With it, we know what's the baseline or standard, so now we know what we need to do in order to meet the standards out there in the industry. We can see everything we need to in one glance.

It's kept up to date and is consistently improving. This helps us protect our environment.

The patch management has been very useful. They help recommend what needs to be installed.

We leverage the attack surface risk management capabilities. It shows the entire incident, including how it happened. We can use the information when we're doing forensics.

We've been able to reduce our mean time to detect and mean time to respond. What would previously take us two to three hours to fix, we can do in one hour or even half an hour. We've also been able to reduce the amount of time we spend investigating false positives.

We'd like to see more use of AI around analytics and controls.

I've been using the solution for five years.

The stability is good; I'd rate it eight out of ten.

We're a small-to-medium-sized company. We have it deployed to less than 5,000 users.

I'm not sure of the scalability. It works for us and our company size.

Support is okay. They could be more responsive and could provide more communication channels.

We did not previously use a different solution.

I'm more of an end-user. I do not handle the installation aspect. The deployment was done a long time ago.

The tool does not require much maintenance.

I'm not familiar with the exact pricing of the solution. My understanding is the licensing is reasonable.

I'm an end-user and customer.

I'd rate the solution eight out of ten. It has very good management and monitoring benefits.