Sold by: Trend Micro
Deployed on AWS
Free Trial
Vendor Insights
AWS Free Tier
Stop threats before they strike with TrendAI Vision One™ - the AI-powered enterprise cybersecurity platform built to predict, prevent, and respond to threats across AWS, hybrid, and multi-cloud environments. Gain unified visibility, streamline cloud risk management, accelerate cloud investigations, and empower your security teams with proactive, layered protection that works at cloud speed. Proactive security starts here.
4.6
Overview
TrendAI Vision One™ gives enterprises and security leaders the power to see, secure, and control their entire multi-cloud and hybrid environments from a single, unified platform. Gain complete visibility with real-time risk scoring, threat exposure mapping, and centralized monitoring all from one intuitive dashboard.
Backed by AI, machine learning, and predictive analytics, TrendAI Vision One™ empowers proactive cloud security by automating threat detection, risk mitigation, and response. Streamline operations, reduce security complexity, and offload the pressure on your teams with modern CNAPP capabilities so you can stay ahead of every attack.
Trusted by industry leaders and recognized as a 2024 Gartner Peer Insights™ Customers' Choice for CNAPP, Trend Vision One is proven to reduce operational costs by up to 79% and accelerate detection and response times by 70%. It's also a Leader in the 2025 Gartner® Magic Quadrant for Endpoint Protection Platforms, delivered a 100% detection rate in MITRE evaluations, and was named a Leader in the IDC MarketScape for Cloud-Native Application Protection Platforms 2025, solidifying its position as the most trusted platform for securing the cloud.
Confidently secure your cloud transformation with a platform built for the modern enterprise. From hybrid to multi-cloud, TrendAI Vision One™ delivers unmatched protection, visibility, and control - wherever your workloads live.
Trend provides custom pricing via Private Offer. Please contact us if you're interested in personalized pricing options.
Highlights
- Identify and eliminate hidden cloud risks with unified Cyber Risk Exposure Management - discover assets, prioritize vulnerabilities, and manage posture and attack surface all from one place.
- Stay steps ahead of threats with XDR for Cloud, which extends visibility into cloud environments and streamlines SOC investigations through powerful correlation and alerting.
- Secure every application and workflow - from containers and code to S3 files and cloud workloads - with holistic protection via the integrated stack: Container Security, File Security, Workload Security, and Code Security.
Get personalized pricing in minutes - New
If qualified, an express private offer gets you custom pricing and terms. Finalize your purchase in the AWS Marketplace console.
Details
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(4)
SOC2
ISO27001
GDPR
HIPAA
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
TrendAI™ Flex (credits) | A credit-based licensing model that offers flexibility, simplifying purchasing, deployment, and management of Trend Vision One solutions. | $1.00 |
Dimension | Description | Cost/unit |
|---|---|---|
Cyber Risk Exposure Management - Cloud Risk Management | Per 500 resources per cloud account per hour | $0.12 |
Container Security | Per Amazon ECS instance or Kubernetes node per hour | $0.168 |
Container Security | Per serverless container pod or task per hour | $0.017 |
File Security SDK | Per file scan | $0.013 |
File Security Storage | Per cloud storage per hour | $1.155 |
Endpoint Security - Essentials | Per workload (Anti-Malware, Web Reputation, and XDR only) per hour | $0.007 |
Endpoint Security - Small | Per EC2 instance (micro to medium), WorkSpace, or other cloud (1 vCPU) per hour | $0.011 |
Endpoint Security - Medium | Per EC2 instance (large), WorkSpace, or other cloud (2 vCPU) per hour | $0.032 |
Endpoint Security - Large | Per EC2 instance (XL), WorkSpace, or other cloud (4 vCPU) per hour | $0.047 |
Endpoint Security - Non-Cloud | Per data center or non-cloud instance per hour | $0.047 |
Dimensions summary
Trend Vision One's pricing dimensions on AWS Marketplace are structured across multiple security capabilities. The core offering includes Endpoint Security with tiered pricing based on instance sizes (from Essentials to Large) and deployment type (cloud vs. non-cloud). Additional components include Container Security priced per node/task, File Security charged per scan and storage hour, Cyber Risk Management billed per cloud resources, and XDR for Cloud billed by data ingestion volume. All services can be accessed through Trend Vision One credits under a 12-month contract model with additional usage options. Credits are for customers interested in annual comitments while the additional usage costs offers PAYG. Credits and PAYG can be combined to best fit the needs of the customer.
Top-of-mind questions for buyers like you
How do Trend Vision One credits work in the 12-month contract model?
Trend Vision One credits are the primary currency for purchasing and consuming Trend Vision One services under a 12-month commitment with additional usage options. Credits can be flexibly allocated across different security services including endpoint security, container security, and file security, allowing customers to adjust their security coverage based on changing needs throughout the contract period.
How do the additional usage costs differ from credits?
Additional usage costs offer flexible, monthly pay-as-you-go (PAYG) billing, while credits are for customers with annual commitments. Both can be used across services—for example, credits for File Security and PAYG for Endpoint Security. Monthly billing requires purchasing one credit for account registration, after which services can be enabled in the Credits & Billing app.
How is Endpoint Security pricing structured in Trend Vision One?
Endpoint Security follows a tiered pricing model based on the size and type of instances being protected. The tiers range from Essentials (basic anti-malware and XDR) to Large (XL instances with 4+ vCPUs), with separate pricing for non-cloud instances, ensuring customers only pay for the level of protection needed for each endpoint.
What determines the cost for Container and File Security services?
Container Security is priced per instance/node for Amazon ECS or Kubernetes, or per pod/task for serverless deployments. File Security combines two pricing components: a per-scan fee for the SDK and Virtual Appliance usage, and an hourly rate for cloud storage protection, making it scalable based on actual usage patterns.
Vendor refund policy
No refunds
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Your purchase also includes 24x7 support from Trend Micro. You can log a support ticket for any issues directly from your TrendAI Vision One™ console. If you experience any issues or have questions, please contact our AWS Security experts by email at aws.marketplace@trendmicro.com .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Trend Micro
By Rapid7
Top
25
In Security
Top
10
In Vulnerability and Patch Management, Data Governance
Top
25
In Observability, Software Development
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Unified Risk Management Platform
Centralized cyber risk exposure management with asset discovery, vulnerability prioritization, and attack surface management from a single dashboard
Extended Detection and Response for Cloud
XDR capabilities that extend visibility into cloud environments with correlation and alerting to streamline security operations center investigations
AI-Powered Threat Detection
Machine learning and predictive analytics for automated threat detection, risk mitigation, and response across multi-cloud and hybrid environments
Comprehensive Application Security
Integrated security stack covering container security, file security, workload security, and code security for end-to-end application protection
Real-Time Risk Scoring and Monitoring
Real-time risk scoring and threat exposure mapping with centralized monitoring capabilities across AWS, hybrid, and multi-cloud environments
Attack Surface Management
Aggregates comprehensive attack surface visibility across hybrid environments with external attack surface scans to provide 360-degree view of entire attack surface
Vulnerability Management
Delivers complete visibility across on-premise and remote endpoints to identify, communicate, and remediate vulnerabilities, misconfigurations, and risks
Cloud Security
Provides code-to-cloud protection for cloud-native applications with seamless CI/CD pipeline integration and agentless risk assessment based on reachability, exploitability, and potential impact
Next-Generation SIEM and XDR
Delivers accelerated detection and response with SaaS deployment, intuitive interface, out-of-the-box detections informed by MDR SOC, and built-in automation capabilities
Threat Intelligence
Delivers high-fidelity actionable threat intelligence infused with proprietary threat and vulnerability research from Rapid7 Labs and community-driven tools
Offensive Security Engine
Simulates external exploits to produce Verified Exploit Paths for prioritizing exposures that are reachable by outside attackers and reducing cloud attack surface.
Cloud Security Posture Management
Continuously monitors and manages security of AWS configurations to prevent public exposure and ensure compliance.
Secrets Scanning
Identifies more than 750 types of secrets across public and private repositories.
Cloud Infrastructure Entitlements Management
Detects and manages excessive or unused permissions to mitigate the risk of privilege escalation.
Real-Time Malware Detection
Detects malware including zero-days in milliseconds with scanning performed directly in cloud environment for object storage services like Amazon S3 and file storage services.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
NishantKandpal
Unified XDR dashboard has improved real-time threat detection and reduced ransomware risk
Reviewed on May 07, 2026
Review from a verified AWS customer
What is our primary use case?
TrendAI Vision One is a unified platform and single dashboard where all endpoints, email servers, clouds, and networks are in one place. It provides AI detection and AI-based threat detection. Any abnormality or abnormal behavior of any server or endpoint is caught, and it predicts security in a proactive mode. It correlates across all endpoints, email, network, and cloud to give the full attack story: how the attack happened, what is the location of the attack, and how we can prevent that attack.
I am using TrendAI Vision One on all our servers with three main components: servers, endpoints, and email security. The unified visibility where one dashboard provides access is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.
TrendAI Vision One sensors are basically the data collectors that capture different parts of the IT environment. If there are no sensors, there will be no visibility. Sensors are the eyes and ears of TrendAI Vision One. They are used to collect logs, abnormal behavior, email activity, and network activity. The system correlates everything, detects the attack, and sends alerts to the SOC so we can work effectively. We have endpoint sensors that are installed on laptops and servers.
One of the biggest challenges nowadays is ransomware attacks, which are the most common and damaging threat. Attackers encrypt data and steal it. With the help of TrendAI Vision One, it reduces the data leak risk from our environment. The second main challenge is phishing and social engineering attacks. Technology is growing fast, so phishing and social engineering attacks are more common. The third main challenge is identity and access compromise, where attacks target our active directory, which is the backbone of the industry. If any of the identities are compromised, an attacker can get full access. TrendAI Vision One is helping us prevent that attack. These are the three top challenges that every organization has to face, and TrendAI Vision One is resolving these kinds of issues on a daily basis.
The cyber risk management capability is used in our organization to identify and prioritize cybersecurity risks in a structured way. There are multiple capabilities under that. First, we need to identify the risk and understand what are all the possible risks we have, what are the vulnerabilities, misconfigurations, threats, and asset exposures. The second main thing is asset visibility, which is very important because we should know what type of asset visibility we have. The third main point is risk assessment, which evaluates the impact and likelihood. For example, if something is down and it is of high importance, it will be marked as a high impact. The fourth stage is risk prioritization, which prioritizes the risk and identifies what are the critical assets and what are the high-end critical vulnerabilities. Every risk has its own weightage. Some are critical, some are high, some are low. This helps us to prioritize risk. And then, of course, comes risk mitigation. Once we find the risk, for example, if something is high-end and critical, the last step is to mitigate it. This includes patching vulnerabilities, fixing misconfiguration things, strengthening our hardening controls, and applying security tools to that. And then, we go back to the first step, continuous monitoring. The next day we will start to find new zero-day attacks, new threats, and new external risks.
What is most valuable?
TrendAI Vision One, which we are using on all our servers, is the most valuable feature. We are using three things: servers, endpoints, and TrendAI Vision One's email security. The unified visibility where one dashboard is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.
My overall experience with TrendAI Vision One is very good. We discuss it every week in our leadership discussions. Overall, this platform is very mature. It is a unified XDR platform that improves the threat visibility part and the correlation part across the enterprise. The best part is it has strong XDR correlation. It has centralized visibility with one dashboard that contains all the information: all our risk posture, all our assets, and all our threats. The AI-driven technology, the AI-driven detection, and the scoring part are very good, as is the broad coverage they provide.
What needs improvement?
Alert noise and false positives are areas that should be improved. The initial deployment generates too many alerts, so we need better AI filtering and more accurate prioritization. Also, the integration complexity can be an issue. Sometimes, integrating TrendAI Vision One with our SIEM tool or other cloud platforms can be time-consuming. Some improvements should be made there. They need to make easier, plug-and-play integrations and provide better documentation.
One feature is SOAR (Security Orchestration, Automation and Response), which is an automated response engine. Currently, they have partial automation. If there is an auto-containment feature for endpoints, users, and the network, or if there are many pre-built playbooks for ransomware, phishing, and insider threats, it would be beneficial. For example, we just need to one-click and auto-remediation is done. That is the feature I am looking for. This would be used to help us detect, investigate, and respond automatically.
For how long have I used the solution?
We have been using TrendAI Vision One for the last two years, and we recently renewed it as well.
How was the initial setup?
We purchased TrendAI Vision One for all our servers. The basics are simple. We signed up, logged in, and provided access to our cloud console. Then, the step-by-step onboarding process started where we had an endpoint agent deployment for each machine. We downloaded the agent and installed it on each machine. Then the migration from the existing solution started. For the deployment part, we use one tool named ManageEngine's ITSM tool, from where we can write a script for that agent and have a mass deployment.
What's my experience with pricing, setup cost, and licensing?
Regarding cost and licensing transparency, we are using a credit-based model. We have a certain number of credits that we are using. The pricing is mild. They could make simpler pricing for better usage visibility, but I am okay with the pricing because we are getting good quality. I would not say it is a high price because we are getting a good product.
What other advice do I have?
TrendAI Vision One is a powerful XDR platform. However, it requires proper tuning and proper integration. If we have done proper tuning and proper integration with all our servers, endpoints, and cloud platforms, it will give very good, accurate results.
From false positive to true positive, the percentage is almost 60% to 70%, approximately 65%. However, it needs proper tuning every week. We have to tune the policies every week so that we can get better visibility and accuracy.
Regarding mean time to detect, TrendAI Vision One definitely helps. It reduces the mean time to detect compared to traditional tools. It basically detects threats in real time. Real-time detection means it uses AI analytics, global threat intelligence, and correlation signals across all endpoints. Threats are detected almost immediately once any suspicious or malicious activity is observed. It reduces the time to detect by almost 60%.
TrendAI Vision One is a powerful and mature XDR tool. Of course, every tool has room to improve. But for us right now, it is a good tool. There are a number of tools, and every tool has its own capability and its own visibility. This tool is a very good, powerful tool. My overall rating for this solution is nine out of ten.
GANESAN K
Platform has improved visibility and security posture across endpoints, email, and cloud
Reviewed on Apr 30, 2026
Review provided by PeerSpot
What is our primary use case?
As a reseller for the Trend Micro solution, I also consult for the product, as we are a reseller cum consultant. TrendAI Vision One is a platform that supports multiple solutions, including endpoint security solution, identity security solution, email security solution, and network security solution.
In the past few months, I have worked on around twelve to fifteen use cases for Trend Micro's solutions, including endpoint security with web security and zero-trust secure access. I have also provided a cloud security module as a separate use case for a customer, and I have predominantly worked on other use cases such as IPS, TippingPoint, and intrusion prevention systems within the TrendAI Vision One console.
What is most valuable?
The major advantages of TrendAI Vision One are its good visibility across our infrastructure, providing detailed visibility on emails within TrendAI Vision One Email Security , including how many emails are received by mail servers on a daily, weekly, and hourly basis.
The second advantage is that since TrendAI Vision One is a single platform, it offers surface attack surface monitoring, allowing me to monitor different types of end nodes, such as servers, mailboxes, and users, which enhances incident response and investigation activities.
Cyber Risk Exposure Management (CREM) in TrendAI Vision One is one of the best functionalities, as it helps identify blind spots by discovering resources in multiple environments, such as on-premises data centers and various cloud platforms including Google Cloud Platform and Azure .
Switching to TrendAI Vision One has improved the security posture and endpoint security deployments by around twenty percent compared to the previous vendor.
What needs improvement?
The ability of TrendAI Vision One to reduce time to detect and respond to threats can be improved. To identify and detect sophisticated attacks effectively, I need a better detection rate and minimal time to respond.
While the major area for improvement in TrendAI Vision One is the time to detect and respond, apart from that, it is actually good, with great visibility and functionalities.
I have not yet examined whether TrendAI Vision One helps to consolidate the use of security vendors and reduce silos, but I believe it may have a partial silos working model as there are certain isolations that happen.
At this stage, we are not utilizing the full potential of AI in TrendAI Vision One, as we have not gathered sufficient feedback on its performance.
For how long have I used the solution?
I have been working with Trend Micro for the past six to seven years, and the whole company actually evolved from Trend Micro to TrendAI. TrendAI Vision One has evolved in recent months.
What do I think about the stability of the solution?
Stability and reliability in TrendAI Vision One can be improved, but I would rate it as good, around a seven out of ten. I have faced issues, especially regarding stability, and while improvements have been made, I cannot say it is perfectly stable.
What do I think about the scalability of the solution?
In terms of scalability, TrendAI Vision One is scalable based on license purchases, but it does have some limitations, as it is credit-based licensing to an extent.
How are customer service and support?
I find that customer support from TrendAI has improved, and I would rate it around seven out of ten. Technical support is improving, but there is still potential to be better, particularly in their level of expertise.
Which solution did I use previously and why did I switch?
TrendAI Vision One differs from Trend Micro Vision One in that key components have been integrated, but more or less, all other functionalities remain very similar.
How was the initial setup?
The installation procedure for TrendAI Vision One is easy, but understanding the console can be quite complex.
What was our ROI?
In terms of ROI, TrendAI Vision One provides a better return on investment compared to Trend Micro, as it offers multiple solutions that yield more security and a better security posture compared to third-party solutions. I would say the ROI is around fifty to sixty percent better compared to other products.
What's my experience with pricing, setup cost, and licensing?
Regarding the price, setup cost, and licensing, it is quite affordable and the pricing model has improved, making it better than before and not as expensive compared to other brands.
Which other solutions did I evaluate?
Comparing TrendAI Vision One to competitive vendors including SentinelOne, the detection rate is not that bad, and while there are other vendors with better detection rates, the key selling point of Trend Micro is that it is a platform offering multiple solutions, including third-party integrations, which is unique compared to other vendors.
What other advice do I have?
According to the MITRE framework, the detection rate of TrendAI Vision One is around eighty-four percent.
Regarding false positives, they are common with every other solution, but the generation of false positives heavily depends on the configuration. The purpose of the product is to alert the admin team whenever a suspicious process is triggered, and whether it is generating too much noise is based on how it is configured.
TrendAI Vision One sensors are indeed critical for coverage in our organization's network, but some customers have complained about bandwidth usage; however, I believe it does not consume excessive bandwidth when configured properly.
I would rate TrendAI Vision One around eight to eight point five, possibly even nine, in overall satisfaction.
PankajKumar24
Centralized security management has unified risk visibility and simplifies attack response
Reviewed on Apr 28, 2026
Review from a verified AWS customer
What is our primary use case?
We are currently working with Trend Micro as a partner, managing multiple OEMs like Trend Micro and Trellix. TrendAI Vision One is a managed single centralized management console. We are using multiple Trend Micro products and managing them through TrendAI Vision One .
When customers use multiple security solutions in their environment such as email security, EPP, endpoint security, NDR, and data security posture management (DSPM), we manage everything through TrendAI Vision One console for Trend Micro products, while integrating with third-party security tools such as firewalls and Microsoft to capture telemetry and metadata from both sides. TrendAI Vision One then correlates this data and shows us the observed attack techniques, along with options for sandboxing ransomware file samples through TrendAI Vision One.
What is most valuable?
TrendAI Vision One gathers risk management information such as risk scores at the OS level, account level, and domain level through the endpoint agent that monitors all machines for vulnerabilities. The CREM shows us vulnerabilities at the OS level, application level, and cloud application level while highlighting how we will remediate and mitigate loopholes in our environment or customer environment.
TrendAI Vision One also helps us with consolidated management, but there is a need for improvement if the customer has multiple branches and their IT admin is location-wise. We require location-wise console segregation in TrendAI Vision One, but there are gaps in policy management that hinder that, as all branch IT admins see all policies in the console despite needing to segregate them by location.
What needs improvement?
There are support challenges when we are using TrendAI Vision One console. If a customer needs a remote session with support, they generate multiple queries and logs, which we escalate to Trend Micro management for remote support, and aligning with remote support becomes a significant challenge.
When dealing with 10,000 users of EPP with the XDR solution, there are complication issues due to the agent size being between 500 and 700 MB, which hampers our ability for mass deployment through Active Directory. We do use hybrid solutions and cloud solutions in TrendAI Vision One, and face challenges only with mass deployment regarding sizing.
For how long have I used the solution?
We have been using TrendAI Vision One for over four years.
What do I think about the stability of the solution?
There are no glitches, and TrendAI Vision One is scalable and stable.
What do I think about the scalability of the solution?
We are not currently facing any risks as TrendAI Vision One platform manages multiple Trend Micro products within a single management console.
How are customer service and support?
Support is low. When we raise a ticket for P0 or P1, the response tends to be quite late.
Which other solutions did I evaluate?
We are working with Trend Micro, CrowdStrike, and Trellix.
What other advice do I have?
After sharing Trend Micro pricing with the customer and understanding their budget, we chase the Trend Micro OEM sales person to reduce the price given the budget that the customer has, and hopefully Trend Micro sales representatives manage and close these deals.
In terms of price and technical solution, the security solutions provided by TrendAI Vision One stand out as the best offering. Time to action for delete and quarantine is crucial, and it is approximately ten percent.
We are not experiencing any noise on their side, and thus TrendAI Vision One solution is working smoothly in multiple organizations, which helps us reduce attack risks. The overall review rating for this solution is eight out of ten.
Kartik S.
Admin-Friendly with Stellar Support and Easy Setup
Reviewed on Apr 13, 2026
Review provided by G2
What do you like best about the product?
I like that Trend Vision One is admin friendly and offers a big data lake, which make it effective for our needs. I appreciate the quick support that we receive, ensuring any issues are resolved promptly. The endpoint inventory management is the best feature for me, providing great value. Additionally, setting it up was very easy, making the onboarding process smooth.
What do you dislike about the product?
Deep Security is hard to understand.
What problems is the product solving and how is that benefiting you?
I find Trend Vision One to be admin-friendly and appreciate the big data lake. Quick support and Endpoint Inventory Management are standout features.
reviewer2813907
Incident analysis has become faster and clearer but event interfaces still need improvement
Reviewed on Apr 02, 2026
Review provided by PeerSpot
What is our primary use case?
TrendAI Vision One is used for XDR .
What is most valuable?
TrendAI Vision One is more limited, but the strong part is its minimalist design, allowing you to know the most important information about the incident. This is the strong point.
TrendAI Vision One helps consolidate security software across hybrid environments, and I think it is useful, especially when integrated with another tool for some clients. It is so useful to get a first analysis or to get some CUs with TrendAI Vision One, so it helps.
The solution saves time approximately by 80 to 90 percent; it is very simple.
What needs improvement?
To provide centralized visibility and management across various protection layers could be better. I would add different interfaces as I really appreciate how CrowdStrike manages the datasets. An interface where you can select the different events that happened in the incident would be beneficial because in TrendAI Vision One the information is very basic; you get all the information raw in a column, which I would improve by adding an advanced search feature similar to CrowdStrike where events can be filtered. This would make the analysis better for the client who is receiving the information.
TrendAI Vision One has room for improvement regarding different interfaces, specifically similar to the Event Simple part of CrowdStrike where you can identify what happened. It would be helpful to have an integrated identity module, because sometimes I want to see who executed an incident, such as a PowerShell command, to know if it was an admin or the local user of the machine. If I cannot see that, I do not know anything. Integrating the identity module would be beneficial.
For how long have I used the solution?
I have been working with TrendAI Vision One for one year and a half.
What do I think about the stability of the solution?
I rate the stability of TrendAI Vision One as a ten because I did not have any problems with it.
What do I think about the scalability of the solution?
The scalability of TrendAI Vision One would be around a six; it is appropriate for smaller companies, but for bigger ones such as Nike, I would say it would not fit as well.
What was our ROI?
Using TrendAI Vision One has reduced the time to detect and respond by approximately 20 percent up to 80 percent; the strong point is that it is simple, making it fast and easy to learn.
What other advice do I have?
When an incident appears in TrendAI Vision One, I open it and on the first page, you get to see the timeline of where all the different assets appear, including the host and other information. It is helpful because you get directly all the information by taking a look at the host involved. For example, if it is a server and you see SSH commands, it may fit with your conclusion. After that, I open the XDR part where you see in raw form all the different information. Finally, I can use the XDR view where you can filter using their raw SQL language to filter all the different incidents, for example, by endpoint GUID, something I usually use.
The risk reduction from using TrendAI Vision One depends on various factors. If I only get to use TrendAI Vision One and not any other tools, I think it would be approximately 80 percent, because if you have normal incidents, it is helpful, making it easier for the team of the final client to read the information. However, for real incidents requiring forensics, if you have to activate forensics, I think you would have difficulties, so I would say around 80 percent.
The importance of AI built into TrendAI Vision One is relatively recent for me; it is helpful to have a direct verdict, but I prefer to make my manual verdict. I would say it is important at a level of five for me, but for some inexperienced analysts, it might be at a level of five or seven because they will rely on that.
TrendAI Vision One is more simple compared to other solutions, but it could be useful for controlled cases if you have a small enterprise where the same software is used, making it interesting for situations where you are familiar with specific CUs. In my opinion, it would be more interesting than Cortex for smaller incidents, while I would prefer Cortex for larger cases than false positives which will be better managed by TrendAI Vision One.
My clients may be less than average because TrendAI Vision One is not that widely used. I think it is getting used less, but perhaps with the AI update it will be used more. I would estimate around 5 to 10 clients, approximately half of my client base.
Learning TrendAI Vision One can take anywhere from two weeks to one month.
In my opinion, TrendAI Vision One gets the information easily, but it does not really help reduce false positives by itself; you have to do the final work. I would say it helps with false positives around 80 percent because in TrendAI Vision One, you can see the verdict, plus AI is assisting with it.
I would recommend TrendAI Vision One, telling potential users that it is very easy to use, but it would be useful to learn how to use SQL for deeper analysis of different modules, which is important. Knowing how to use the different modules that your client has integrated will make a significant difference.