Sold by: Trend Micro
Deployed on AWS
Enterprise security solutions powered by TrendAI™ (a business unit of Trend Micro) to help protect users, data, and workloads. Contact us today to tailor a solution for your needs!
4.3
Overview
TrendAI™, a business unit of Trend Micro and a global AI security leader, makes the world safer for digital information exchange across enterprises, governments, and organizations. Powered by security expertise and innovation, TrendAI™ leverages artificial intelligence to protect over 500,000 enterprises and millions of individuals across AI, cloud, networks, endpoints, and devices. AI Fearlessly.
TrendAI™ delivers adaptable enterprise security designed to enhance visibility, strengthen protection, and streamline response across complex environments. With deep threat intelligence and AI-driven analytics, TrendAI™ helps organizations reduce risk and confidently defend their digital operations.
Looking for advanced detection and response capabilities across workloads, identities, endpoints, networks, and more? Check out TrendAI Vision One™, which also offers a flexible pay-as-you-go option.
If you'd like support exploring the right security approach for your organization, please contact us at aws.marketplace@trendmicro.com .
Highlights
- Enterprise security solutions- including managed XDR. See more, respond faster.
- Increase risk visibility while decreasing response times.
- Greater Security Team Efficiency: one platform to respond faster with less resources and one source of truth
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Enterprise Solution | Custom Security solutions - contact for more info and pricing | $10,000.00 |
Dimensions summary
Trend Enterprise Security Solutions on AWS Marketplace offers customizable security packages tailored to enterprise-specific requirements. The single dimension "Enterprise Solution" indicates that pricing is not standardized but rather negotiated based on the specific security needs, scale, and complexity of each enterprise customer's environment. Organizations interested in implementing Trend's enterprise security solutions need to contact the vendor directly to discuss their requirements and receive customized pricing proposals.
Top-of-mind questions for buyers like you
What is included in Trend Enterprise Security Solutions?
Trend Enterprise Security Solutions provides a comprehensive security package that can include workload security, network security, file storage security, and cloud security posture management. The exact combination of security services is customized based on each enterprise's specific requirements and infrastructure needs.
How is pricing determined for enterprise customers?
Pricing is customized based on factors such as the scale of deployment, specific security services required, and the complexity of the enterprise environment. Customers need to contact Trend Micro directly to receive a tailored quote that aligns with their security requirements and usage patterns.
Can enterprise solutions be integrated with existing AWS infrastructure?
Yes, Trend Enterprise Security Solutions are designed to seamlessly integrate with AWS environments and services. The solution can be customized to work with existing AWS deployments while providing enterprise-grade security features and maintaining compliance requirements specific to your industry.
Vendor refund policy
Refunds are not available at this time.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Your purchase also includes 24x7 support from Trend Micro. If you experience any issues or have questions, please contact our AWS Cloud Security experts by email at aws.marketplace@trendmicro.com . aws.marketplace@trendmicro.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Trend Micro
By Rapid7
By Sophos
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Extended Detection and Response
Managed XDR capabilities for detecting and responding to threats across multiple security domains
AI-Driven Threat Analytics
Artificial intelligence-powered analytics for threat detection and analysis across enterprise environments
Unified Security Platform
Centralized platform providing single source of truth for security operations across workloads, identities, endpoints, and networks
Threat Intelligence Integration
Deep threat intelligence capabilities integrated into security operations for enhanced threat context and decision-making
Multi-Domain Protection
Security coverage spanning AI, cloud, networks, endpoints, and devices within complex enterprise environments
Extended Detection and Response (XDR) Technology
XDR technology with full coverage across endpoints, network, users, and cloud environments powered by proprietary Threat Intelligence and Detection Engine
Unlimited Data Ingestion and Retention
Unlimited data ingestion capability with 13 months of data storage for comprehensive investigation and threat visibility
24/7 Threat Hunting and Incident Response
Round-the-clock monitoring, triage, investigation, threat hunting, and incident response services delivered by security experts
Vulnerability and Exposure Management
Integrated vulnerability management and exposure management capabilities to identify and prioritize risks for remediation
Digital Forensics and Investigation
Unlimited end-to-end digital forensics and incident response capabilities regardless of investigation complexity or duration
Endpoint Detection and Response
Sophisticated EDR capabilities enabling detection, investigation, and response to multi-stage threats across all key attack vectors
Extended Detection and Response
Unified XDR platform detecting and responding to multi-stage threats across network, cloud, endpoint, identity, and email data sources
Managed Detection and Response
24/7 ransomware and breach prevention services delivered as a managed service with breach warranty and integration capabilities
Threat Prevention Technology
Prevention-first approach using sophisticated technologies to block a broad range of attacks across multiple vectors
Security Posture Management
Deployment capabilities with default-enabled strong protection and drift identification for security posture assessment
Standard contract
No
No
Customer reviews
GANESAN K
Platform has improved visibility and security posture across endpoints, email, and cloud
Reviewed on Apr 30, 2026
Review provided by PeerSpot
What is our primary use case?
As a reseller for the Trend Micro solution, I also consult for the product, as we are a reseller cum consultant. TrendAI Vision One is a platform that supports multiple solutions, including endpoint security solution, identity security solution, email security solution, and network security solution.
In the past few months, I have worked on around twelve to fifteen use cases for Trend Micro's solutions, including endpoint security with web security and zero-trust secure access. I have also provided a cloud security module as a separate use case for a customer, and I have predominantly worked on other use cases such as IPS, TippingPoint, and intrusion prevention systems within the TrendAI Vision One console.
What is most valuable?
The major advantages of TrendAI Vision One are its good visibility across our infrastructure, providing detailed visibility on emails within TrendAI Vision One Email Security , including how many emails are received by mail servers on a daily, weekly, and hourly basis.
The second advantage is that since TrendAI Vision One is a single platform, it offers surface attack surface monitoring, allowing me to monitor different types of end nodes, such as servers, mailboxes, and users, which enhances incident response and investigation activities.
Cyber Risk Exposure Management (CREM) in TrendAI Vision One is one of the best functionalities, as it helps identify blind spots by discovering resources in multiple environments, such as on-premises data centers and various cloud platforms including Google Cloud Platform and Azure .
Switching to TrendAI Vision One has improved the security posture and endpoint security deployments by around twenty percent compared to the previous vendor.
What needs improvement?
The ability of TrendAI Vision One to reduce time to detect and respond to threats can be improved. To identify and detect sophisticated attacks effectively, I need a better detection rate and minimal time to respond.
While the major area for improvement in TrendAI Vision One is the time to detect and respond, apart from that, it is actually good, with great visibility and functionalities.
I have not yet examined whether TrendAI Vision One helps to consolidate the use of security vendors and reduce silos, but I believe it may have a partial silos working model as there are certain isolations that happen.
At this stage, we are not utilizing the full potential of AI in TrendAI Vision One, as we have not gathered sufficient feedback on its performance.
For how long have I used the solution?
I have been working with Trend Micro for the past six to seven years, and the whole company actually evolved from Trend Micro to TrendAI. TrendAI Vision One has evolved in recent months.
What do I think about the stability of the solution?
Stability and reliability in TrendAI Vision One can be improved, but I would rate it as good, around a seven out of ten. I have faced issues, especially regarding stability, and while improvements have been made, I cannot say it is perfectly stable.
What do I think about the scalability of the solution?
In terms of scalability, TrendAI Vision One is scalable based on license purchases, but it does have some limitations, as it is credit-based licensing to an extent.
How are customer service and support?
I find that customer support from TrendAI has improved, and I would rate it around seven out of ten. Technical support is improving, but there is still potential to be better, particularly in their level of expertise.
Which solution did I use previously and why did I switch?
TrendAI Vision One differs from Trend Micro Vision One in that key components have been integrated, but more or less, all other functionalities remain very similar.
How was the initial setup?
The installation procedure for TrendAI Vision One is easy, but understanding the console can be quite complex.
What was our ROI?
In terms of ROI, TrendAI Vision One provides a better return on investment compared to Trend Micro, as it offers multiple solutions that yield more security and a better security posture compared to third-party solutions. I would say the ROI is around fifty to sixty percent better compared to other products.
What's my experience with pricing, setup cost, and licensing?
Regarding the price, setup cost, and licensing, it is quite affordable and the pricing model has improved, making it better than before and not as expensive compared to other brands.
Which other solutions did I evaluate?
Comparing TrendAI Vision One to competitive vendors including SentinelOne, the detection rate is not that bad, and while there are other vendors with better detection rates, the key selling point of Trend Micro is that it is a platform offering multiple solutions, including third-party integrations, which is unique compared to other vendors.
What other advice do I have?
According to the MITRE framework, the detection rate of TrendAI Vision One is around eighty-four percent.
Regarding false positives, they are common with every other solution, but the generation of false positives heavily depends on the configuration. The purpose of the product is to alert the admin team whenever a suspicious process is triggered, and whether it is generating too much noise is based on how it is configured.
TrendAI Vision One sensors are indeed critical for coverage in our organization's network, but some customers have complained about bandwidth usage; however, I believe it does not consume excessive bandwidth when configured properly.
I would rate TrendAI Vision One around eight to eight point five, possibly even nine, in overall satisfaction.
PankajKumar24
Centralized security management has unified risk visibility and simplifies attack response
Reviewed on Apr 28, 2026
Review from a verified AWS customer
What is our primary use case?
We are currently working with Trend Micro as a partner, managing multiple OEMs like Trend Micro and Trellix. TrendAI Vision One is a managed single centralized management console. We are using multiple Trend Micro products and managing them through TrendAI Vision One .
When customers use multiple security solutions in their environment such as email security, EPP, endpoint security, NDR, and data security posture management (DSPM), we manage everything through TrendAI Vision One console for Trend Micro products, while integrating with third-party security tools such as firewalls and Microsoft to capture telemetry and metadata from both sides. TrendAI Vision One then correlates this data and shows us the observed attack techniques, along with options for sandboxing ransomware file samples through TrendAI Vision One.
What is most valuable?
TrendAI Vision One gathers risk management information such as risk scores at the OS level, account level, and domain level through the endpoint agent that monitors all machines for vulnerabilities. The CREM shows us vulnerabilities at the OS level, application level, and cloud application level while highlighting how we will remediate and mitigate loopholes in our environment or customer environment.
TrendAI Vision One also helps us with consolidated management, but there is a need for improvement if the customer has multiple branches and their IT admin is location-wise. We require location-wise console segregation in TrendAI Vision One, but there are gaps in policy management that hinder that, as all branch IT admins see all policies in the console despite needing to segregate them by location.
What needs improvement?
There are support challenges when we are using TrendAI Vision One console. If a customer needs a remote session with support, they generate multiple queries and logs, which we escalate to Trend Micro management for remote support, and aligning with remote support becomes a significant challenge.
When dealing with 10,000 users of EPP with the XDR solution, there are complication issues due to the agent size being between 500 and 700 MB, which hampers our ability for mass deployment through Active Directory. We do use hybrid solutions and cloud solutions in TrendAI Vision One, and face challenges only with mass deployment regarding sizing.
For how long have I used the solution?
We have been using TrendAI Vision One for over four years.
What do I think about the stability of the solution?
There are no glitches, and TrendAI Vision One is scalable and stable.
What do I think about the scalability of the solution?
We are not currently facing any risks as TrendAI Vision One platform manages multiple Trend Micro products within a single management console.
How are customer service and support?
Support is low. When we raise a ticket for P0 or P1, the response tends to be quite late.
Which other solutions did I evaluate?
We are working with Trend Micro, CrowdStrike, and Trellix.
What other advice do I have?
After sharing Trend Micro pricing with the customer and understanding their budget, we chase the Trend Micro OEM sales person to reduce the price given the budget that the customer has, and hopefully Trend Micro sales representatives manage and close these deals.
In terms of price and technical solution, the security solutions provided by TrendAI Vision One stand out as the best offering. Time to action for delete and quarantine is crucial, and it is approximately ten percent.
We are not experiencing any noise on their side, and thus TrendAI Vision One solution is working smoothly in multiple organizations, which helps us reduce attack risks. The overall review rating for this solution is eight out of ten.
reviewer2813907
Incident analysis has become faster and clearer but event interfaces still need improvement
Reviewed on Apr 02, 2026
Review provided by PeerSpot
What is our primary use case?
TrendAI Vision One is used for XDR .
What is most valuable?
TrendAI Vision One is more limited, but the strong part is its minimalist design, allowing you to know the most important information about the incident. This is the strong point.
TrendAI Vision One helps consolidate security software across hybrid environments, and I think it is useful, especially when integrated with another tool for some clients. It is so useful to get a first analysis or to get some CUs with TrendAI Vision One, so it helps.
The solution saves time approximately by 80 to 90 percent; it is very simple.
What needs improvement?
To provide centralized visibility and management across various protection layers could be better. I would add different interfaces as I really appreciate how CrowdStrike manages the datasets. An interface where you can select the different events that happened in the incident would be beneficial because in TrendAI Vision One the information is very basic; you get all the information raw in a column, which I would improve by adding an advanced search feature similar to CrowdStrike where events can be filtered. This would make the analysis better for the client who is receiving the information.
TrendAI Vision One has room for improvement regarding different interfaces, specifically similar to the Event Simple part of CrowdStrike where you can identify what happened. It would be helpful to have an integrated identity module, because sometimes I want to see who executed an incident, such as a PowerShell command, to know if it was an admin or the local user of the machine. If I cannot see that, I do not know anything. Integrating the identity module would be beneficial.
For how long have I used the solution?
I have been working with TrendAI Vision One for one year and a half.
What do I think about the stability of the solution?
I rate the stability of TrendAI Vision One as a ten because I did not have any problems with it.
What do I think about the scalability of the solution?
The scalability of TrendAI Vision One would be around a six; it is appropriate for smaller companies, but for bigger ones such as Nike, I would say it would not fit as well.
What was our ROI?
Using TrendAI Vision One has reduced the time to detect and respond by approximately 20 percent up to 80 percent; the strong point is that it is simple, making it fast and easy to learn.
What other advice do I have?
When an incident appears in TrendAI Vision One, I open it and on the first page, you get to see the timeline of where all the different assets appear, including the host and other information. It is helpful because you get directly all the information by taking a look at the host involved. For example, if it is a server and you see SSH commands, it may fit with your conclusion. After that, I open the XDR part where you see in raw form all the different information. Finally, I can use the XDR view where you can filter using their raw SQL language to filter all the different incidents, for example, by endpoint GUID, something I usually use.
The risk reduction from using TrendAI Vision One depends on various factors. If I only get to use TrendAI Vision One and not any other tools, I think it would be approximately 80 percent, because if you have normal incidents, it is helpful, making it easier for the team of the final client to read the information. However, for real incidents requiring forensics, if you have to activate forensics, I think you would have difficulties, so I would say around 80 percent.
The importance of AI built into TrendAI Vision One is relatively recent for me; it is helpful to have a direct verdict, but I prefer to make my manual verdict. I would say it is important at a level of five for me, but for some inexperienced analysts, it might be at a level of five or seven because they will rely on that.
TrendAI Vision One is more simple compared to other solutions, but it could be useful for controlled cases if you have a small enterprise where the same software is used, making it interesting for situations where you are familiar with specific CUs. In my opinion, it would be more interesting than Cortex for smaller incidents, while I would prefer Cortex for larger cases than false positives which will be better managed by TrendAI Vision One.
My clients may be less than average because TrendAI Vision One is not that widely used. I think it is getting used less, but perhaps with the AI update it will be used more. I would estimate around 5 to 10 clients, approximately half of my client base.
Learning TrendAI Vision One can take anywhere from two weeks to one month.
In my opinion, TrendAI Vision One gets the information easily, but it does not really help reduce false positives by itself; you have to do the final work. I would say it helps with false positives around 80 percent because in TrendAI Vision One, you can see the verdict, plus AI is assisting with it.
I would recommend TrendAI Vision One, telling potential users that it is very easy to use, but it would be useful to learn how to use SQL for deeper analysis of different modules, which is important. Knowing how to use the different modules that your client has integrated will make a significant difference.
reviewer2805261
Integrated email and endpoint protection has boosted threat detection and simplified deployments
Reviewed on Feb 26, 2026
Review from a verified AWS customer
What is our primary use case?
I am from a partner firm and I deploy TrendAI Vision One at multiple customers. I implement the solution to multiple customers.
What is most valuable?
The main use cases which I have heard from customers are that, from the email point of view, email security is the first priority. They are searching for a solution which provides email security, which is able to block the files with an integrated DLP .
One of the best parts of TrendAI Vision One is its email security and the endpoint. Email security it provides at the API level, so it offers both MX Gateway and API, but usually we deploy it using API.
TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves, or the agent handles it. In this case, the agent will give you the logs.
TrendAI Vision One also has an XDR . This XDR helps you collect logs from multiple sources. It will correlate the logs of your databases, your endpoint, your servers, your mail, and using all these data silos, it will give you a report if any anomaly or any malicious file is detected or any virus pattern is detected.
Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.
It uses AI to check the logs, to find the malware or to find any phishing attack. It uses an AI and ML engine for that. There is also another AI agent inside the console. For example, if I want to find a policy or check a user, the AI agent can assist me.
They have recently launched a Zero Trust Secure Access, which is a version of SASE . Using their single agent, which is for endpoint, the same agent you can use for Zero Trust Secure Access. So you do not have to install multiple agents. One single agent can work for multiple things for SASE and for endpoint.
Its deployment is easy and fast. TrendAI Vision One console has all the features, like one single console provides email, email security, endpoint security, server and workload protection, XDR, cyber risk management, all the things in one console. It provides a good overview from a CISO and manager level. Whenever I have a meeting with the management, I show them that. Your cyber risk score is this much, from a comparison point of view.
It has another feature which can detect the unknown processes or malicious processes using its AI technology, which may be forming or in the initial stage of a ransomware attack. It is quite good in capturing that also.
From the functionalities perspective, the agent is quite heavy as it can scan different types of files.
None of my customers have faced any attack. We have detected many attacks using ransomware protection and phishing detection.
What needs improvement?
Although there is a point of improvement in the endpoint protection.
Email security sometimes may lead to some true positive attachments.
One thing I would say is not a good point is they do not have a specific licensing structure. If I bought licensing for 500 users, they convert the licenses to a credit system.
If I am a mid-level enterprise, it provides everything like an integrated DLP . I do not have to spend more money buying other solutions. One solution is enough to cover my DLP needs, endpoints, XDRs, and email security.
In endpoint also, if I have 500 customers, and if I want to change a policy, I have to make a new policy for them and add them to it and then change the policy. This is a complex process.
Management is a bit complex and it could have been easier.
The positive point is centralized management. If you are a mid-level enterprise looking for a solution for most of your cybersecurity products, TrendAI Vision One is a good centralized platform. You should go for it.
For how long have I used the solution?
I have been working with TrendAI Vision One for almost one year.
What do I think about the stability of the solution?
Since TrendAI Vision One is a SaaS-based platform, I have never faced the issue of the platform going down or any issues on the console. It is hosted on the cloud, so it is good. I have never faced that issue.
How are customer service and support?
TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves. But in this case, the agent will give you the logs. They have an investigation team that will give you an EXE to collect the log and EXE to clean your system, a diagnostic tool.
Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used other tools such as Check Point. In email security, the number of false positives is less in TrendAI Vision One in comparison to Check Point.
How was the initial setup?
Within a day, you can deploy the whole solution in your whole company, maybe 500 users, 1000, or 2000. Within a day, you can deploy the solution of email security.
The first benefit is the ease of deployment using API. You simply have to link the Outlook or the Google Workspace API and within two minutes it is synced.
For endpoints, you have a script. You can simply run that script in your AD server and you can install multiple agents in a few minutes on most of your machines in the network.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
AhmadRaza
Cyber risk exposure has improved monitoring while AI companion and alert correlation speed response
Reviewed on Feb 26, 2026
Review provided by PeerSpot
What is our primary use case?
My company is Kyndryl , and we work for a UK-based financial institution. That client, the financial institution, has TrendAI Vision One . By using TrendAI Vision One , we are monitoring and doing day-to-day tasks.
In this project, it is related to XDR , but there are many modules. Currently, they are using only HIDS and HIPS. There are many other modules available, but all the modules are based on the license, so they are using only a few of them.
Compared to my previous experience where I worked on some other EDR tools, TrendAI Vision One has many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.
Basically, each endpoint device has an agent called the TrendAI agent, similar to a CrowdStrike agent. The agent is monitoring two things: system events and security events. Based on the events, they are pulling the data at the console for the security team. We monitor if any unusual things happen, and then we have to react. The agent installed on endpoint devices is helping us monitor and do the work.
In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features, but I do not remember. However, it has a very good feature, as I mentioned, Cyber Risk Exposure.
Actually, in Cyber Risk, if I want to see the device level and how many devices have some vulnerability, if I click the device, it will show the count. For example, it is showing that two, three, or four devices are detected with this kind of vulnerability. If the devices have Apache Log4j vulnerability or OGNL, then based on the operating system, if the device has Linux, I have to reach the platform team and say "Okay, this system has this kind of vulnerability, and you have to patch the thing" or update the software. From here, I cannot update anything or upgrade the agents. There is some dependency, you could say.
For deployment, I think it is easy and does not require much effort. I have not done the deployment myself, but for some point in time, for a few of the servers, we have done it, and it is easy and does not require much.
For this, it depends on two or three factors. First, we have to confirm why this alert got triggered and what is the IOC. For example, if it is some private IP, then I have to reach out to the different teams. In my case, I have to reach the vulnerability management team because they have Nessus and Qualys tools, which are vulnerability scanner tools. What they mostly do is they try to scan the particular server and devices, targeting the server. When the IP, let us say the Nessus IP, leads to a server, TrendAI Vision One tries to understand "Okay, I think someone is trying to recon this particular server. This is not a usual thing," so they generate the alert. I have to go through each and every alert, and based on whether the IP is private, I have to reach out to the VM team and other teams and try to confirm whether the IP is genuine or from somewhere else. After that, I have to fine-tune inside TrendAI Vision One, and then they will automatically reduce the false positives.
In my case, I can say that earlier we received many alerts related to recon alerts. If I closed and whitelisted two, three, or five IP addresses, the total has been reduced by approximately 40 percent. Earlier, we received more than 400 or 500 false positive alerts, but nowadays we receive hardly 10 or 15 alerts.
My client is not a small bank. I think it is one of the big banks in the UK, but I do not want to tell you the name. It is very big.
What is most valuable?
In TrendAI Vision One, there are many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.
They have another feature called Workbench inside the XDR . What Workbench does is that if you receive 100 alerts one day, the Workbench correlates all the alerts and tries to find similar ones. Then it generates one ID. Inside one ID, if 10 alerts are similar, it will consolidate all 10 alerts as one Workbench ID. Inside the Workbench ID, if I investigate and close the Workbench ID, on behalf of that Workbench ID, all 10 alerts will be closed automatically. There is no need to go through each and every alert one by one. This is also a very good feature inside TrendAI Vision One.
In terms of centralized visibility, I can say that it saves much more time. If for one thing I have to go through different tools, obviously I have to invest much more time for a single alert. But here, if one alert triggers, I can correlate with the help of different modules, which is nothing but easy for me.
There is also an inbuilt AI tool inside TrendAI Vision One. Sometimes if I get stuck somewhere during the investigation, I use this AI chatbot, which is known as a companion inside TrendAI Vision One. If I put a use case or ask "Okay, I am here, what do I have to do?" That companion, which is nothing but a chatbot, will go through whatever I put inside the chat, analyze it, and mention some steps. It will say "Okay, from here you can go" and "You can do these things." It is also a very good feature and it makes it easy for me.
As I mentioned, because of that one feature, Workbench ID inside the XDR module, it reduced much more time compared to other tools. But I cannot say a specific number. It is very difficult for me. However, it saves a lot of time. As I mentioned, if 10 alerts are received, in another tool, I have to go through each and every alert one by one. But here, they correlate the alerts based on whatever the IOCs are and why this alert got triggered. Based on the alert, they consolidate the alert. If all 10 alerts have a similar property, they consolidate and generate one ID, a Workbench ID, and they consider it as one. So if I investigate one and close it, all 10 will be closed automatically.
It is very nice and very helpful. It reduces the overall response time. It is very helpful. It is known as a companion, and that one chatbot is known as a companion inside TrendAI Vision One.
What needs improvement?
In TrendAI Vision One, a few days ago, there was one issue related to resource utilization at some servers. It was not clear whether the reason was the Trend agent or some other security agents such as Sentinel or something else. In this kind of situation, we get stuck. Then we have to reinstall and do all those things.
In Tanium , we have an advantage where even the security team from their end can update the patch. But in TrendAI Vision One, there are no features such as this. We have to depend on the platform team.
They could improve the support case experience because whenever we reach out to the support team, in response, they first put what I think are some ready-made templates, and they just put it as a reply. If I raise a case, they have some ready-made templates. This is my opinion and thought from following some different cases. They can improve here because they just simply reply with whatever they have. Then again, we have to mention more things, and after that, they reply with some genuine points. But initially, they just put some ready-made templates, I think. They can improve here.
For how long have I used the solution?
I have been using this product for more than a year. In this project, it has been more than a year.
What do I think about the stability of the solution?
It is stable. I think it rates 9 or 10.
What do I think about the scalability of the solution?
Regarding scalability, if we are talking about it, and if we currently have a thousand servers and increase the count, then we can test the scalability. As of now, I have not gone through it, so it is very hard for me to say much about the scalability.
How are customer service and support?
I do not have that much level of access to other parts due to policy, and they are not using all other modules due to licensing limitations. I cannot say much more about other things because TrendAI Vision One has many modules.
Which solution did I use previously and why did I switch?
In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features.
How was the initial setup?
For deployment, I think it is easy and does not require much effort.
What was our ROI?
You could say 5+. I started my career as a SOC analyst.
Which other solutions did I evaluate?
I have not used other products, but there is another product called Tanium , which I learned about. In Tanium, we have an advantage.
What other advice do I have?
I need to note that the overall rating I would give this product is 7. It is not bad, but initially, they put some ready-made templates, which I do not like.
I do not know about other projects because here they segregate the team based on the project. I am working for the UK-based project, and some other people are working for the AU-based project. Different people worked in different countries. I do not have any other idea about other projects or whether they are using TrendAI Vision One or not. I cannot say anything.
Definitely, it requires maintenance. If agents are not compatible with particular devices, we have to reach the support team and take help from there, and then we have to upgrade and update based on the risk and compliance policy.
There are many other modules available, but all the modules are based on the license, and they are using only a few of them.